For many of us, the world of user accounts and their corresponding privileges is an unconquered territory where we need not venture. We have a single login account on our Windows 2000/XP computer and leave it at that.
In reality, user accounts are more than a name and icon on the Welcome Screen and Start menu. They enhance a user’s computing experience, providing a separate, custom-made operating environment for everyone that uses your PC. User accounts also perform valuable security and file control services. The key lies in understanding user accounts (especially the all-powerful administrative accounts) and deciding which levels of access are appropriate for any given situation.
 Top-Level Administration
Have you tried to open a file or perform a task, such as installing software (probably on a work or public computer), and received an error message saying you didn’t have permission or weren’t authorized to take that action? If so, you may have come head-to-head with administrative rights. The message varies by operation, but the restrictive intent is clear. | 
Limited users will be unable to install or remove many programs, including unrestricted programs that administrative level users installed. |
In Win2000/XP administrative accounts act like IT (information technology) managers for your PC. Administrators have full access to perform any function on the computer, including adding and deleting programs and making system-level changes such as global Registry edits. The Registry is a file that contains all the system and user preferences and settings; global edits affect the entire system and all its users. Administrators also have the power to create, change, and delete accounts for other users and to restrict those users’ system and file access privileges.
Placing Limits
For users that do not require a high level of access, Win2000/XP offer less-powerful account types. As an administrator, the main user controls which users have full privileges.
In WinXP the restricted account types are Limited and Guest. By default, a person operating under a limited account can run programs and create, save, edit, and delete his own data files as well as files in the Shared Documents folder (but not system or program files).
A limited account user has a personal, customizable Desktop and Start menu. He may be able to install or remove some programs, as long as they don’t require administrative access. In some cases limited accounts will not be able to run older programs not certified for use with WinXP.
The guest account is a single pre-existing account that lets users log in and use your computer without requiring you to create a separate user account. (You cannot create additional guest accounts in WinXP.) The guest account is basically a limited account with no Desktop personalization features. You can turn it on and off at will.
Win2000, on the other hand, offers a plethora of additional account types. The main accounts you’ll find in Win2000 are Standard and Restricted. Standard users have the most administrative privileges, but they cannot open other users’ files. Restricted users are like limited users in WinXP, but they can run noncertified programs. | 
In standard (Category) view, User Accounts is one of the main options in Control Panel. |
Win2000 offers several additional user account types. The most specialized of these are Backup Operators, which can override security settings to back up or restore files, and Replicators, which can copy files across a network. Three account types that may interest home users are Users, which are just like limited users in WinXP; Power users, who have most administrator privileges but limited system access; and Guests, who have privileges like those of the guest account in WinXP.
Restrictions Can Be Good
It is prudent to establish a limited/restricted account for every person who regularly uses your computer. Additionally, consider creating a new administrator account that you will log in to only for program installation and system changes. After you test your new administrator account (log in to it successfully at least once to make sure background programs won’t restrict access), change the access privileges for your existing account to limited. (WinXP users who take this route can employ Fast User Switching to hop back and forth between limited and administrator accounts. Hold down the Start or Windows key on your keyboard and press the L key to use this feature.)
What’s the logic behind limiting yourself? If you accidentally visit a malicious Web site or download a file with destructive intent, the corresponding code or program will not be able to wreak havoc on your system. Any damage will be limited to the single account under which the code is operating. In fact, many exploits require administrative privileges, so running under a limited/restricted account may stop an attacker in its tracks.
Expand Your Group
The User Accounts (WinXP) or Users And Passwords (Win2000) control panels are your gateway to modifying existing user accounts and creating new ones. The instructions that follow assume you are operating under an administrator account. By default Win2000 creates an administrator account during setup, and WinXP gave administrator-level access to the user account you established during installation. | 
The Users And Passwords dialog box lets you add or delete users and modify their properties (access levels). |
If you do not see the displays we discuss here, you may be running with limited or restricted access privileges. Log out and log back in under an administrator-level account. (In WinXP administrator-level accounts are identified on the Welcome Screen. In Win2000 type Administrator at the login prompt and provide the password, if any, to operate under the default administrative login account.)
WinXP. Open the Start menu, select Control Panel, and double-click User Accounts. (User Accounts is also available if you are working in Category view.). Under the Pick A Task heading, you should see a list of several task options, including the ability to add and delete accounts.
• To modify an account, click Change An Account and select the desired account. You will see options to change the account name (not recommended), account type, password, or logon picture (icon) associated with the account. If you select the option to change the picture, accept one of WinXP’s suggestions or select Browse For More Pictures to select other images on your system. WinXP will resize the image automatically.
• To create a new account, select that option. WinXP will prompt you to name the account and select an access level. | 
Windows 2000 offers a variety of account types, but the two you’ll use most often are probably Standard User and Restricted User. |
Win2000. Open the Start menu, select Settings, click Control Panel, and double-click Users And Passwords. In the Users And Passwords dialog box, click the Users tab. For maximum protection, make sure the Users Must Enter A User Name And Password checkbox is selected.
• To add a new account, click the Add button and follow the prompts to name the account, establish an access level, and create a password.
• To set the password for an account, click the Set Password button. To change an existing password, click the Advanced tab. Right-click the desired account and select Set Password. Next, provide the new password and confirm it.
• To change the access privileges for an account, select the account and click Properties. From resulting dialog box, you can alter access privileges for the account.
All Access?
Now that you know the basics of User Groups, you may want to expand your control over users and their access privileges. In WinXP Home, WinXP Professional, and Win2000, you can password protect individual files, folders, and drives and create other restrictions. WinXP Professional and Win2000 also offer advanced controls that let you restrict access to programs, the Internet, and other functions. 
by Jennifer Farwell
|
Email This
Print This
