Windows XP Professional provides two ways to create, modify, and delete user accounts: the User Accounts tool in the Control Panel and the Computer Management snap-in.
The User Accounts tool in the Control Panel (shown in Figure 3.5) is one of the tools you use to create, modify, and delete local user accounts.
Figure 3.5 The User Accounts tool
If you are logged on with an account that is a member of the Administrators group, the Pick A Task portion of the User Accounts tool allows you to perform the following tasks:
If you are an administrator, the Change An Account task allows you to make changes to any user account on the computer. If you are logged on with a limited user account, you do not see the same Pick A Task screen as an administrator; you see only a Pick A Task screen that contains some of the following options that an administrator can perform:
When you delete a user account, Windows XP Professional displays the Do You Want To Keep local_user_account's Files window. If you click Keep Files, Windows XP Professional saves the contents of the local_user_account's desktop and My Documents folder to a new folder called local_user_account on your desktop. However, it cannot save local_user_account's e-mail messages, Internet Favorites, or other settings.
To change your account while logged on with a limited user account, complete the following steps:
The Pick A Task window appears.
To change an account while logged on as an administrator, complete the following steps:
The Pick An Account To Change window appears.
The What Do You Want To Change About account_name Account window appears.
Only administrators can create new user accounts. This option is only available on the Pick A Task screen if you are logged on with a user account that is a member of the Administrators group.
To create a new user account, complete the following steps:
The Name The New Account window appears.
The user's logon name appears in the Welcome screen and on the Start menu. For information about valid characters for creating user accounts, see Table 3.1.
The Pick An Account Type window appears. Windows XP Professional provides two account types: Computer Administrator and Limited. Table 3.2 lists the capabilities of each account type.
Table 3.2 User Account Types and Capabilities
Capability | Computer Administrator | Limited |
---|---|---|
Change your own picture | X | X |
Create, change, or remove your password | X | X |
Change your own account type | X |
|
Change your own account name | X |
|
Change other users' pictures, passwords, account types, and account names | X |
|
Have full access to other user accounts | X |
|
Create user accounts on this computer | X |
|
Access and read all files on this computer | X |
|
Install programs and hardware | X |
|
Make systemwide changes to the computer | X |
|
Only administrators can change the way users log on or log off the computer. This option is only available on the Pick A Task screen if you are logged on with a user account that is a member of the Administrators group.
These two options control how all users log on and log off the computer:
To change the way users log on or log off, complete the following steps:
The Pick An Account To Change portion of the User Accounts tool is only available if you are logged on with a user account that is a member of the Administrators group. It allows you to select a user account to modify. The account modifications you can make depend on the account type and how it is configured. The account characteristics that you can change are the same as those discussed earlier in this lesson in the section entitled, "Changing an Account."
One of the tools for managing Microsoft Windows XP Professional is the Microsoft Management Console (MMC). The MMC provides a standardized method for creating, saving, and opening administrative tools. The MMC doesn't provide management functions itself, but it hosts management applications called snap-ins that you use to perform one or more administrative tasks.
The MMC allows you to do the following:
When you add snap-ins to an empty console, you create a customized console. One of the snap-ins that you can add is the Computer Management snap-in, shown in Figure 3.6. The Computer Management snap-in is another Windows XP Professional tool for creating, deleting, modifying, and disabling local user accounts and changing passwords.
Figure 3.6 The Computer Management snap-in
To create a customized MMC console containing Computer Management, complete the following steps:
MMC starts and displays an empty console.
MMC displays the Add/Remove Snap-In dialog box.
MMC displays the Add Standalone Snap-In dialog box shown in Figure 3.7.
Figure 3.7 The Add Standalone Snap-In dialog box
MMC displays the Computer Management dialog box (shown in Figure 3.8), which allows you to specify which computer you want to administer. The Local Computer: (The Computer This Console Is Running On) option is selected by default.
Figure 3.8 The Computer Management dialog box
You can add Computer Management for the local computer on which you are working or, if your local computer is part of a network, you can add Computer Management and point to a remote computer. To add Computer Management for a remote computer, in the Computer Management Snap-In dialog box, select Another Computer and then click Browse. In the Select Computer dialog box, in the Enter The Object Name To Select text box, type the name of the remote computer that you want to administer with Computer Management and then click OK. There is also a check box that allows you to change the selected computer when you launch the MMC console from the command line.
The MMC console you created is named Console1. To save this console to use again, go to the File menu and click Save As. In the File Name text box, type Computer Management Local, and then click Save.
To create local user accounts using the Computer Management snap-in complete the following steps:
Figure 3.9 New User dialog box
Table 3.3 describes the local user account options shown in Figure 3.9.
Table 3.3 Local User Account Options
Option | Action |
---|---|
User Name | Type the user's logon name. This field is required. |
Full Name | Type the user's full name. You can include the user's first and last names, but you can also include the middle name or initial. This field is optional. |
Description | Type descriptive text about the user account or the user. This field is optional. |
Password | Type the account password that is used to authenticate the user. For greater security, always assign a password. As an additional security measure, the password appears as a string of asterisks as you type it. |
Confirm Password | Confirm the password by typing it a second time. This field is required if you assign a password. |
User Must Change Password At Next Logon | Select this check box if you want the user to change his or her password the first time that he or she logs on. This ensures that only the user knows the password. This option is selected by default. |
User Cannot Change Password | Select this check box if more than one person uses the same user account (such as Guest), or if you want only administrators to control passwords. If you have selected the User Must Change Password At Next Logon check box, this option is not available. |
Password Never Expires | Select this check box if you never want the password to change-for example, for a domain user account that a program or a Windows XP Professional service uses. The User Must Change Password At Next Logon option overrides this option, so if you have selected the User Must Change Password At Next Logon check box, this option is not available. |
Account Is Disabled | Select this check box to prevent use of this account-for example, for a new employee who has not yet started working for your organization. |
Always require new users to change their passwords the first time they log on. This forces them to use passwords that only they know.
For added network security, use a combination of letters and numbers to create unique initial passwords for all new user accounts.
In this practice, you create a new local user account and assign it a password using the User Accounts tool. You then create a custom MMC console that contains the Computer Management snap-in and then use the snap-in to create two more new user accounts. Then you test one of the newly created local user accounts. You complete the practice by using the User Accounts tool to delete a local user account.
After completing this practice, you will be able to
Run the LocalUserAccounts file in the Demos folder on the CD-ROM accompanying this book for a demonstration of creating, modifying, and deleting local user accounts.
In this exercise, you use the User Accounts tool to create a new user account.
Windows XP Professional displays the Name The New Account window.
Windows XP Professional displays the Pick An Account Type dialog box.
If your account is a limited account type, you can change or remove your password, change the picture displayed with your account, and change your theme and other desktop settings. You can also view files you created and files in the shared documents folder.
Windows XP Professional displays the User Accounts window; User1 appears in the list of accounts.
Leave the User Accounts window open for the next exercise.
In this exercise, you use the User Accounts tool to assign a password to a local user account.
The What Do You Want To Change About User1's Account window appears. Notice that the list of changes you can make now includes two new options: Change The Password and Remove The Password. The Create A Password option is gone.
In this exercise, you create a customized MMC console that contains the Computer Management snap-in.
MMC starts and displays an empty console.
MMC displays the Add/Remove Snap-In dialog box.
MMC displays the Add Standalone Snap-In dialog box.
MMC displays the Computer Management dialog box, which allows you to specify the computer that you want to administer. The Local Computer option is selected by default.
The MMC creates the console that contains the Computer Management snap-in for managing the local computer.
Computer Management (Local) now appears in the console tree.
MMC displays the Save As dialog box.
The title bar is now Computer Management Local. You have just created a customized MMC console containing the Computer Management snap-in and have named it Computer Management Local.
In this exercise, you use the Computer Management snap-in to create two new local user accounts.
Computer Management contains three folders: System Tools, Storage, and Services And Applications.
The New User dialog box appears.
Do not assign a password to the user account.
The User Accounts window appears.
What type of account is User3?
Notice that User3 is a password-protected account. The password for User3 is a blank password.
How does the password appear on the screen? Why?
In high-security environments, assign initial passwords to user accounts and then require users to change their passwords the next time they log on. This accomplishes two goals: it prevents a user account from existing without a password and ensures that only the user knows the password. The password assigned in this exercise was for ease of use in the exercise. The passwords you assign should be difficult to guess and should include both uppercase and lowercase letters, numerals, and valid nonalphanumeric characters.
The Microsoft Management Console dialog box appears, in which you indicate whether you want to save Console settings to Computer Management.
If you click Yes, the next time you open the Computer Management console, it appears as it does now. If you click No, Windows XP Professional does not save the settings.
In this exercise, you test one of the new local user accounts to verify that it works as expected.
Windows XP Professional displays a Log Off Windows dialog box telling you to click Switch User if you want to leave programs running and switch to another user. Your other options are to click Log Off or Cancel.
What happens?
Windows XP Professional displays a Change Password dialog box indicating that the password has been changed.
The user account, User3, that you created using the Computer Management snap-in allowed you to log on. Because you left the default check box, User Must Change Password At Next Logon, selected when you created the account, you were prompted to change passwords when you logged on as User3. You confirmed that the User3 user account was created with a blank password when you left the Old Password box blank and successfully changed the password to User3.
In this exercise, you use the User Accounts tool to delete the User3 local user account.
Windows XP Professional displays the What Do You Want To Change About User Three's Account window.
Windows XP Professional displays the Do You Want To Keep User Three's Files window.
Windows XP Professional can automatically save the contents of User Three's desktop and My Documents folder to a new folder called User Three on your desktop. However, it cannot save User Three's e-mail messages, Internet Favorites, and other settings.
Windows XP Professional displays the Are You Sure You Want To Delete User Three's Account window.
Windows XP Professional displays the User Accounts window. Notice that the User3 account is no longer listed under Or Pick An Account To Change.
The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."