This lesson explains the Welcome screen and the Enter Password dialog box, the two options that you use to log on to Windows XP Professional. It also explains how Windows XP Professional authenticates a user during the logon process. This mandatory authentication process ensures that only valid users can gain access to resources and data on a computer or the network.
Windows XP Professional offers two options for logging on locally: the Welcome screen and the Log On To Windows dialog box.
By default, Windows XP Professional uses the Welcome screen to allow users to log on locally. To log on, click the icon for the user account you want to use. If the account requires a password, you are prompted to enter it. If the account is not password protected, you are logged on to the computer. You can also use Ctrl+Alt+Delete at the Welcome screen to get the Log On To Windows dialog box. This enables you to log on to the Administrator account, which is not displayed on the Welcome screen when other user accounts have been created. To use Ctrl+Alt+Delete, you must enter the sequence twice to get the logon prompt.
For more information about creating user accounts during installation, see Chapter 2, "Installing Windows XP Professional." For more information about creating user accounts after installation, see Chapter 3, "Setting Up and Managing User Accounts."
A user can log on locally to either of the following:
Because domain controllers do not maintain a local security database, local user accounts are not available on domain controllers. Therefore, a user cannot log on locally to a domain controller.
The User Accounts program in the Control Panel includes a Change The Way Users Log On Or Off task, which allows you to configure Windows XP Professional to use the Log On To Windows dialog box instead of the Welcome screen.
To use the Log On To Windows dialog box to log on locally to a computer running Windows XP Professional, you must supply a valid user name; if the user name is password protected, you must also supply the password. Windows XP Professional authenticates the user's identity during the logon process. Only valid users can access resources and data on a computer or a network. Windows XP Professional authenticates users who log on locally to the computer at which they are seated and one of the domain controllers in a Windows 2000 domain authenticates users who log on to a domain.
When a user starts a computer running Windows XP Professional that is configured to use the Log On To Windows dialog box, an Options button also appears. Table 1.1 describes the options in the Log On To Windows dialog box for a computer that is part of a domain.
Table 1.1 Log On To Windows Dialog Box Options
Option | Description |
---|---|
User Name | A unique user logon name that is assigned by an administrator. To log on to a domain with the user name, the user must have an account that resides in the directory. |
Password | The password that is assigned to the user account. Users must enter a password to prove their identity. Passwords are case sensitive. For security purposes, the password appears on the screen as asterisks (*). To prevent unauthorized access to resources and data, users must keep passwords secret. |
Log On To | Allows the user to choose to log on to the local computer or to log on to the domain. |
Log On Using Dial-Up Connection | Permits a user to connect to a domain server by using dial-up networking. Dial-up networking allows a user to log on and perform work from a remote location. |
Shutdown | Closes all files, saves all operating system data, and prepares the computer so that a user can safely turn it off. |
Options | Toggles on and off between the Log On To option and the Log On Using Dial-Up Connection option. The Options button appears only if the computer is a member of a domain. |
If your computer is not part of a domain, you will not get the Log On To option.
To gain access to a computer running Windows XP Professional or to any resource on that computer, whether the computer is configured to use the Welcome screen or the Log On To Windows dialog box, you must provide a user name and possibly a password.
How Windows XP Professional authenticates a user depends on whether the user is logging on to a domain or logging on locally to a computer (see Figure 1.12).
Figure 1.12 Windows XP Professional authentication process at logon
The steps in the authentication process are as follows:
In addition to the logon process, any time a user makes a connection to a computer, that computer authenticates the user and returns an access token. This authentication process is invisible to the user.
If a user logs on to a domain, Windows XP Professional contacts an available domain controller in the domain. The domain controller compares the logon information with the user information that is in the directory for the domain. If the information matches and the user account is valid, the domain controller creates an access token for the user. The security settings contained in the access token allow the user to gain access to the appropriate resources in the domain.
To log off a computer running Windows XP Professional, click Start and then click Log Off. Notice that the Start menu, shown in Figure 1.13, also provides a method to turn off the computer.
Figure 1.13 The Start menu provides a way to log off Windows XP Professional
The Windows Security dialog box provides information such as the user account currently logged on and the domain or computer to which the user is logged on. This information is important for users with multiple user accounts, such as a user who has a regular user account as well as a user account with administrative privileges.
You access the Windows Security dialog box by pressing Ctrl+Alt+Delete if the computer is joined to a domain or the Welcome screen is disabled. Otherwise, the Task Manager will be activated. Figure 1.14 shows the Windows Security dialog box and Table 1.2 describes the Windows Security dialog box options.
Figure 1.14 Windows Security dialog box
Table 1.2 The Windows Security Dialog Box Options
Option | Description |
---|---|
Lock Computer | Allows users to secure the computer without logging off. All programs remain running. Users should lock their computers when they leave for a short time. The user who locks the computer can unlock it by pressing Ctrl+Alt+Delete and entering the valid password. An administrator can also unlock a locked computer. This process logs off the current user. |
Log Off | Allows a user to log off as the current user and close all running programs, but leaves Windows XP Professional running. |
Shut Down | Allows a user to close all files, save all operating system data, and prepare the computer so that it can be safely turned off. |
Change Password | Allows a user to change his or her user account password. The user must know the current password to create a new one. This is the only way users can change their own passwords. Administrators can also change the password. |
Task Manager | Provides a list of the programs that are running and a summary of overall CPU and memory usage, as well as a quick view of how each program, program component, or system process is using the CPU and memory resources. Users can also use Task Manager to switch between programs and to stop a program that is not responding. |
Cancel | Closes the Windows Security dialog box. |
The following questions will help you determine whether you have learned enough to move on to the next chapter. If you have difficulty answering these questions, go back and review the material in this lesson before proceeding to the next chapter. The answers for these questions are in Appendix A, "Questions and Answers."