Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Configuring Windows Vista Security : Managing User Accounts

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/14/2011 3:07:18 PM
Modern operating systems such as Windows Vista have been designed to meet the needs of many different users. Accordingly, the operating system provides a method for creating multiple user accounts on a single installation of Windows Vista. You can configure and customize each user account based on the needs of the individual who will be using it. For example, desktop settings, screen savers, shortcuts, and user-specific data files are all stored separately for each account. In general, give each user of a system his or her own account.

From the standpoint of a consumer—a typical home or small-business user—it’s common for a computer to include multiple user accounts. For example, a family of four might have separate accounts for each parent and each child. A small business might have various employees that occasionally use a single shared computer to perform specific tasks.

Regardless of the purpose of a particular user account, there are security-related considerations that should be addressed. In this lesson, you’ll learn about the different types of accounts that are available in Windows Vista and how to create and manage them.

Understanding User Account Types

When a user logs on to a computer running Windows Vista, he or she must provide valid credentials that prove his or her identity. Most commonly, a user performs a logon by using a combination of a user name and a password. Each user account has its own collection of settings and permissions. These include the following:

  • User profile A user profile contains all of the operating system preferences that are defined separately for each user account. Examples include desktop wallpaper options, the Windows Sidebar configuration, and application shortcuts. By default, user profiles are located in the C:\Users folder.

  • Application settings Each user profile has its own collection of application settings. These settings usually pertain to personal preferences for an application (such as default paths, toolbar layouts, and related details). They are stored either in the user-specific portion of the registry or in configuration files that are stored within the profile.

  • User data folder Each user has his or her user data storage location on the computer. This enables multiple users of the same computer to keep their files separate from each other.

  • Other user-specific folders To improve consistency and usability for operating system users, each user profile includes several shortcuts to special folders. Examples include Music, Pictures, Saved Games, Documents, Downloads, and Videos. Each user will have his or her separate shortcuts and storage locations for these default folders.

  • Security privileges and policy settings Each user account has a set of security-related actions that it can perform. For example, users might have restrictions related to logon hours or installing applications.

  • File system permissions These are details related to which actions the user can take on which files. For example, a user will be allowed to create and delete documents in his or her own user data folder but will not be able to access another user’s data folder.

The two main types of user accounts in Windows Vista are Standard User and Administrator. In this lesson, you’ll learn about the purposes of each account type, along with differences in the permissions they are granted.

Standard User Accounts

The default type of user account in Windows Vista is a standard user account. This account is designed to provide basic permissions for completing common daily tasks. It allows users to launch applications, create new documents, and modify basic system configuration settings. In general, these operations affect only the user who is logged on to Windows Vista. They do not include systemwide changes such as the installation of new software.

Administrator User Accounts

Accounts that have Administrator permissions have the capability of performing any operation or task on the system. This includes all of the permissions that are granted to a standard user account plus the ability to make major operating system changes, install new software, and create and modify other user accounts. Administrator accounts also have the ability to set permissions for other users on the system.

There are potential security considerations for users who use an administrative account for daily computer use. The primary issue is that unwanted software can make changes to the operating system or to data without the user’s permission. This is because all programs run, by default, using the security permissions of the user who launched them. A related issue is that such users have the ability to perform actions that could lead to operating system instability or corruption. For example, a novice user who is running as an Administrator might accidentally delete critical operating system files or programs, thinking that they are not needed. These are all reasons why Microsoft designed the UAC feature as a major component of Windows Vista.

Therefore, it is recommended that most users log on to their computers using a standard user account. One potential problem with this approach is that applications often expect to have full permissions on the system.

Windows Vista creates a default account called Administrator during the installation process. This account has full permissions on the system and is generally not designed for regular use. For this reason, the default Administrator account is disabled on new installations. For in-place upgrade installations of Windows Vista, the setup process disables the built-in Administrator account only if there are other active Administrator accounts on the system. If there aren’t any, the account remains enabled.

The Guest Account

A third type of account that is created with default Windows Vista installations is the Guest account. This account is designed for users who require temporary access to a computer and don’t need to store their user-specific profile settings permanently. For example, if a friend is visiting your home and just needs to launch a Web browser to check her e-mail, you can allow her to use the Guest account. Users who log on as a guest have a very limited set of permissions. For example, they cannot access other users’ files or perform systemwide tasks such as installing software or hardware.

For security reasons, the built-in Guest account is disabled by default. This prevents users from having an option to log on to the system as Guest.

Comparing User Permissions

When working with standard and Administrator user accounts, it’s important to understand which actions each type of user is allowed to perform. Specifically, it’s important to understand a list of permissions that are granted to standard user accounts. In this section, you’ll learn examples of operations that can be performed by each type of account.

Permissions of Standard User Accounts

The following actions can be performed by a standard user account:

  • Perform basic system management tasks. The built-in Windows Vista applications and tools indicate operations that require elevated permissions with a shield icon next to the control.

  • Change personal user settings such as passwords, desktop wallpaper, system sounds, and screen savers.

  • Access removable media such as memory storage devices and CD/DVD media.

  • Create a local area network (LAN) connection.

  • Connect to a wireless network.

  • Personalize display settings, including desktop resolution and number of colors.

  • Use Remote Desktop to connect to remote computers.

  • Perform basic configuration settings in Control Panel. For example, a user can change power management settings.

  • Enable or disable accessibility options such as the screen magnifier.

  • Connect and configure some external devices, such as universal serial bus (USB) storage or Bluetooth devices.

It is important to note that these are the default settings for a standard user account. Administrators can manually change the permissions and privileges of users to meet their requirements. Also, in some cases, a background service or process might perform important tasks that the user cannot perform directly. One example is the disk defragmentation service, which is configured to run under a specific user account.

Permissions of Administrator Accounts

Administrator accounts, as mentioned earlier, have full permissions on a computer system. This includes the ability to change or delete files owned by any user on the system and to make changes to the operating system. Examples of operations that can be performed by an Administrator account but not by a standard user account include the following:

  • Installing new software on the computer

  • Adding new hardware and installing device drivers on the computer

  • Making changes to configuration of the Automatic Updates feature

  • Accessing files that are in secure locations, such as the Windows folder and the Program Files folder

  • Configuring Windows Firewall (including enabling, disabling, and adding exceptions)

  • Performing a complete system backup and restore operation

  • Creating new user accounts, removing user accounts, and configuring the user account type

  • Managing the behavior of the UAC feature

Again, this is just a sample of the types of operations that a standard user account cannot perform.


Managing User Accounts

So far, you have looked at details related to the different types of accounts that are available on a computer running Windows Vista. In this lesson, you’ll see how you can use that information to perform actual user account–related tasks. Many of these operations will require you to log on to the computer by using an account that has Administrator permissions.

Adding User Accounts

The Windows Vista Control Panel provides utilities that enable you to create and manage user accounts quickly and easily. To access the relevant settings, you need to have Administrator permissions on the computer. You can open the Manage Accounts window by clicking the Add Or Remove User Accounts link in the User Accounts And Family Safety section of the default Control Panel. Figure 1 shows an example of the available options and settings.

Figure 1. Using the Manage Accounts window in Control Panel

The default view shows a list of all of the users who are currently configured on the computer and an overview of their settings. The Create A New Account link starts the process of creating a new user (see Figure 2). The details that are required include the name of the new account. Usually, this corresponds to the individual who will be using that logon. The other option is related to whether the account should be created as a standard user (the default option), or as an Administrator.

Figure 2. Creating a new user account

After you click Create Account, the new account is available for logon. Generally, you will want to configure various properties of the account before you make it available for use by individuals.

Configuring User Accounts

There are several different operations that are commonly performed when managing user accounts. You can access these by clicking the name or icon of an account in the Manage Accounts window. Figure 3 shows the options that are available.

Figure 3. Changing settings for an account

The options include the following:

  • Change The Account Name

  • Change The Password (or Create A Password if the account does not currently have one)

  • Remove The Password (if one is currently configured)

  • Change The Picture

  • Set Up Parental Controls

  • Change The Account Type

  • Delete The Account

The built-in Guest account has a limited set of options and commands. As mentioned earlier, this account is disabled by default. When you click the Guest account, you have the option of turning it on. If you click the Guest account item when it is turned on, you see the Turn Off The Guest Account link. The only other option that is available for a Guest account is the ability to change the picture that is used.

Changing Passwords

A common operation for users is to change their password. By default, standard users can change only their own passwords. It is a good practice for users to change any initial password that has been provided to them by an administrative user. Administrators have the ability to set, remove, or modify the password for any account. Figure 4 shows the Change Password dialog box.

Figure 4. Changing an account’s password

Passwords are case-sensitive; that is, capital and lowercase letters must be entered exactly as they have been defined. When changing a password, it might be necessary to enter the old password first. This is done to ensure that a user does not simply walk up to a computer to which someone is already logged on and make a change without knowing the original password. To make it easier to remember passwords, you can configure a password hint to be shown to all users who attempt to use the account through the logon screen. For this reason, this hint should be something that will help only the intended user access the system.

Performing Advanced User Account Configuration

The Manage Accounts window has been designed to provide access to the most common account-related operations on a computer running Windows Vista. In some cases, however, you might need to perform advanced operations. You can do this by using Local Users And Groups within the Computer Management console (see Figure 5). To access this console, in the Start menu, right-click Computer and choose Manage. Alternatively, if the Administrative Tools program group is available in the Start menu, select Computer Management.

Figure 5. Using the Computer Management console to manage user accounts

The two main folders are Users and Groups. The Users folder contains a list of all of the user accounts created on the system. Depending on the software and services you have installed on the computer, it’s possible that you’ll notice some accounts that might not have been present in the Manage Accounts Control Panel item. Often, these accounts are designed to provide support for special software or services that require particular sets of permissions on the computer. You can view and modify detailed settings for a user by right-clicking the account and selecting Properties. User accounts have several different options, such as those shown in Figure 6.

Figure 6. Viewing the General properties tab for a Windows user account


The Groups folder within Local Users And Groups displays a list of all of the security groups that are defined on the computer. You use groups to manage permissions for collections of users. A general practice is to place users in groups and then to assign permissions to the groups themselves. Because you can easily change the membership of a group, this simplifies the process of managing permissions.

More Info: Centrally managing advanced user settings

Most home and small-business users do not have reasons to configure advanced user settings and permissions manually. In general, you should encourage customers to use the features in Control Panel for managing security settings.

In corporate network environments, many of these options are more important. Most larger organizations have dedicated IT staff that are able to manage such settings centrally, using Windows Active Directory directory service.


In addition to the Administrators and Users groups, there are several other groups that pertain to collections of permissions that might be required for certain types of operations. For example, members of the Remote Desktop Users group are able to access this computer using the Remote Desktop feature, and members of the Backup Operators group can bypass standard file system security for performing a backup operation. Most groups include descriptive text that provides information about their purpose and function.

To view the members of a group, right-click the group name in the list and select Properties. The General tab shows a list of the user accounts that are currently members of the group (see Figure 7). The Add button also provides you with the ability to include new members in the group.

Figure 7. Viewing properties of a Windows Vista group

Other -----------------
- Using Windows Security Center (part 3) - Configuring Malware Protection
- Using Windows Security Center (part 2) - Configuring Automatic Updating
- Using Windows Security Center (part 1) - Overview of Windows Security Center & Configuring Windows Firewall
- Configuring Parental Controls (part 4) - Managing Application Restrictions & Reviewing Activity Reports
- Configuring Parental Controls (part 3) - Defining Computer Time Limits & Configuring Game Settings
- Configuring Parental Controls (part 2) - Defining Web Restrictions
- Configuring Parental Controls (part 1) - Understanding Parental Controls
- Working with Mobile Devices (part 2) - Using Windows Sync Center
- Working with Mobile Devices (part 1) - Using Windows Mobility Center
- Installing and Managing Media Devices (part 4) - Installing and Managing Printers
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server