User Accounts and Security Groups

The backbone of Windows security is the ability to uniquely identify each user. While setting up a computer—or at any later time—an administrator creates a user account for each user. The user account is identified by a user name and is (optionally) secured by a password, which the user provides when logging on to the system . Windows then controls, monitors, and restricts access to system resources based on the permissions and rights associated with each user account by the resource owners and the system administrator.

Account type is a simplified way of describing membership in a security group, a collection of user accounts . Windows classifies each user account as one of three account types:

• Administrator Members of the Administrators group are classified as administrator accounts . By default, the Administrators group includes the first account you create when you set up the computer and an account named Administrator that is disabled and hidden by default. Unlike other account types, administrators have full control over the system . Among the tasks that only administrators can perform are the following:

• Create, change, and delete user accounts and groups

• Install and uninstall programs

• Configure automatic updating with Windows Update

• Install an ActiveX control

• Install or remove hardware device drivers

• Share folders

• Set permissions

• Access all files, including those in another user's folder

• Take ownership of files

• Copy or move files into the %ProgramFiles% or %SystemRoot% folders

• Restore backed-up system files

• Grant rights to other user accounts and to themselves

• Configure Parental Controls

• Configure Windows Firewall

• Standard user Members of the Users group are classified as standard user accounts (In Windows XP, Users group members are called limited accounts.) Many tasks that were available only to administrators in previous Windows versions can be performed in Windows 7 by standard users . These additional tasks do not affect overall system security, and their prohibition in Windows XP and Windows 2000 made it impractical for most people to run without full administrative privileges; in Windows 7—as in Windows Vista—it makes sense to use a standard account. A partial list of tasks available to standard user accounts includes

• Change the password and picture for their own user account

• Use programs that have been installed on the computer

• Install system and driver updates using Windows Update

• Install approved ActiveX controls

• Configure a secure Wi-Fi connection

• Refresh a network adapter and the system's IP address

• View permissions

• Create, change, and delete files in their document folders and in shared document folders

• Restore their own backed-up files

• View the system clock and calendar, and change the time zone

• Set personalization options, such as themes, desktop background, and so on

• Select a display dots-per-inch (DPI) setting to adjust text size

• Configure power options

• View Windows Firewall settings

• Guest Members of the Guests group are shown as guest accounts. Guest accounts have privileges similar to standard accounts, with some limitations . A user logged on with the Guest account (but not any other account that is a member of the Guests group) cannot create a password for the account.

Was this article helpful?

0 0
Digital Cancers

Digital Cancers

Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.

Get My Free Ebook

Post a comment