When you first install Drupal it creates the master user (1) - this should ideally not be used to create content and it is good practice to create a new user for administrative purposes (not called admin but with an equivalent set of permissions) and an administrators group so that the super user doesn't get used - it may even be worth blocking the super user once you have done that. But be aware that some modules need to impersonate that user. If you want to restrict login for that user you can create an Access Rule to deny Admin for user name - this will effectively disallow logging in as Admin.
Creating your first user
- so you don't use the admin (1) user for content
- create a new role 'administrators' (Home › Administer › User management › Roles)
- add a new user Home › Administer › User management › Users
- add permissions for role (Home › Administer › User management › permissions)
- give the administrators all rights
One of the issues with this is that the permission have to be updated every time you add a new module. The Admin User module solves this. Install this module and it does all the above (except steps 2 & 3)
Use the AdminRole module for this (http://drupal.org/project/adminrole) that way you don't have to keep adding the permissions - note this is included in Drupal 7.
You can install this module even if you have already manually created the administrators role and it will handle it from then on. One gotcha is that you need to visit the /admin/user/settings page to select the Administrators Role in the drop down at the foot of the page and from then on the permissions are set for you.
