Chapter 2: Implementing User Accounts and Logon Security | PC Magazine Windows Vista Security Solutions

Securing your computer is in many ways like securing your home - you shouldn't rely on any one method to keep the outside world from getting in. Instead, you take a number of different measures that may include locking doors, installing an alarm system, and hopefully not alerting would-be attackers that there's lots of cool stuff inside.

When it comes to securing Windows Vista, you're given the choice of leaving the front door open, or putting a lock in place. This door lock is known as a user account, specifically a user account that includes a password. If ever there was a first line of defense in the quest to secure Windows Vista and ensure user privacy, user accounts are very much where the story begins.

This isn't to say that user accounts are strictly a security-related feature of Windows Vista; they certainly have other reasons for being. However, user accounts are a key component in changing your computer from being an open book to a secure fortress.

This chapter focuses on what user accounts are, the different types that exist, and how to create and configure them to ensure a better level of system security. Along the way, you'll learn about a new feature - User Access Control - that can help improve the security of your Windows Vista system.

Exploring User Accounts

When it comes to Windows Vista, user accounts represent the foundation upon which all other security concepts and techniques rely. Quite simply, you can install any piece of security software - from firewalls and antivirus programs to antispyware tools and encryption utilities - and it's effectively all for naught if user accounts are not implemented correctly or properly protected. It could easily be argued that most Windows Vista users consider the user account logon process an annoyance rather than a security feature. Unfortunately, neglecting or ignoring this essential security feature is the very reason why the majority of user desktop systems are insecure and vulnerable to an Internet's worth of security and personal privacy threats.

At the most basic level, a user account is nothing more than an object on a Windows Vista system that represents a particular user. Made up of a username, and hopefully a password, user accounts represent the credentials that users need to supply to gain access to a Windows Vista system. Beyond simply identifying a user, a user's account dictates what tasks he can perform on a computer, what files he has access to, and more. In a nutshell, user accounts are not an optional part of securing a Windows Vista system - quite to the contrary, they're absolutely essential.

In a departure from previous versions of Windows aimed at home and small office users, Windows Vista offers true user account security facilities in a way that cannot be easily ignored or dismissed. Although pressing the Esc key might have gotten a user past the logon dialog box on a Windows 98 system, Windows Vista offers much more robust and comprehensive logon security. As a matter of fact, the logon security capabilities of Windows Vista are fundamentally similar to those used to secure servers running Windows 2000 Server or Windows Server 2003. In other words, Windows Vista user account security offers a high level of protection for your system. If you're serious about your system's security and privacy, you'll want to take advantage of it.

The good news is that Windows Vista makes it easy to create and manage user accounts via tools like the User Accounts applet in Control Panel (see Figure 2-1). Before you jump into creating any accounts, however, it's essential that you to understand the benefits user accounts provide, and important details about the different types of accounts that exist.

image from book
Figure 2-1: Click the User Accounts item in Control Panel to create and manage user accounts.

Benefits of User Accounts

Some user accounts are configured for general day-to-day use, including tasks such as surfing the Web, working with e-mail, and playing games. Others are designed with system administration and configuration tasks in mind, including installing software and making changes to firewall settings.

Ultimately, each person who uses a Windows Vista system should be assigned his or her own personal user account, which provides the following benefits:

A dedicated and customizable desktop environment.
A dedicated user profile where personal files, e-mail messages, and settings are stored.
The capability to control access to the desktop environment by adding a user account password.
The capability to secure personal files and folders, making them inaccessible by other users.

Creating a dedicated user account for every person who uses a Windows Vista system is not unlike setting up a number of Windows Vista systems, where each user has her own personal desktop environment. This model eliminates the hassles associated with older systems like Windows 3.1, where users shared a common desktop and all related settings. In the world of Windows Vista, having your own user account means being able to log on, set your desktop wallpaper image to something crazy or fun, and not having to deal with friends or family members who want to change it. Your desktop can be neatly organized (recommended), or a complete mess (recommended only if you thrive in chaotic environments). Most importantly, having your own user account enables you to control which users can access your files, and to what extent.

User Account Types

Although the idea of each user having her own dedicated account is a great one, all user accounts are not created equal. There's a definite hierarchy in this part of the computing world, and Windows Vista offers no exception. Some user accounts allow unrestricted access to every last bit of a Windows Vista system, including files belonging to other users. Others limit what users can do while logged on, stopping them from carrying out common tasks such as installing software. When it comes to the security of your Windows Vista system, creating user accounts is important. However, assigning users an appropriate user account type is even more critical.

Windows Vista includes three main types of user accounts:

Administrator
Standard
Guest

Each of these user account types is examined in more detail in the following sections.

Note

In the world of Windows Vista, a user is the person actually using the computer - your spouse, Mom, Dad, son, daughter, or a friend. A user account is the object assigned to a user for the purpose of logging on. Some users will have only one user account, while others may have more than one user account - one for day-today use and another for system administration tasks.

ADMINISTRATOR ACCOUNTS

In the parallel universe that is Windows Vista, one type of user account stands head and shoulders above the rest: the all-seeing, all-knowing Administrator account. User accounts of this type have complete control over every element of a Windows Vista system; users with this privilege level can literally do anything, up to and including actions that could irreparably damage a Windows Vista installation.

A user configured as Administrator can:

Install and uninstall programs, hardware, and drivers.
Make system-wide configuration changes.
Create, delete, and manage all user and group accounts.
Read or open any file, including those belonging to other users.
Grant rights to or implementing restrictions on other users.

One limitation is that the Administrator cannot delete his account or change its type to Standard if it is the last Administrator account on the Windows Vista system.

Windows Vista creates one Administrator account by default (named Administrator) during its installation process. You may not even be aware that this account exists because it isn't displayed on the Welcome logon screen by default. This account is always present, however, and cannot be deleted.

The Administrator user account type is supposed to work for the forces of good, not evil. However, this account type was never designed with normal, everyday, use in mind. As the list of its broad capabilities shows, Administrators yield complete control over not only the Windows Vista system itself, but also other users' accounts.

For that reason, regular users should never be granted Administrator privileges. In fact, for security purposes alone, even the Administrator should never log on to Windows Vista with an Administrator account unless he needs to perform configuration tasks that require this level of power. Unfortunately, Windows Vista systems can run into security-related problems (such as infections by viruses and spyware programs) due to unnecessary or careless everyday use of the massive firepower the Administrator account.

Caution

Deciding which users should be granted Administrator rights is ultimately up to you, but always keep system security in mind. Generally, any user with access to the Administrator account should have an appropriate level of Windows Vista knowledge. More importantly, she should be someone who can be trusted not to abuse or misuse the account's power. On some systems, every user may be responsible enough to be granted access to an Administrator account to perform tasks like installing programs. On others, the situation might dictate that only the owner of the PC has access to an Administrator account. The bottom line is that on your computer, you get to choose who has access to Administrator accounts, so choose wisely.

STANDARD USER ACCOUNTS

Unlike Administrator accounts, Standard user accounts are designed for everyday personal use. Many people argue that these accounts are excessively restrictive in that they stop users from carrying out common tasks such as installing hardware and software, changing security settings, and making system configuration changes. That's true, but they're also very much to the point - Standard user accounts are designed to keep users from making potentially harmful and dangerous changes to a system and, by extension, help to ensure a better-performing and more secure Windows Vista system overall.

A user with a Standard account can:

Add, change, or remove his user account password.
Create a password reset disk for use in cases where his password is lost or forgotten.
Make changes to his user desktop environment.
Make his personal files private (except from the Administrator account).
Use software programs installed for all users.

But the user cannot:

Make changes to system configuration settings or delete key files.
Install hardware or software programs.

Although Standard user accounts typically cannot install hardware and software, there are exceptions. On the hardware front, Windows Vista systems do allow Standard users to plug in and use a variety of USB devices, including pen drives, MP3 players, and the like. Most other hardware changes are restricted. As for software, Standard users can often install single-user programs that do not make any changes to system configuration settings, as is the case with many older programs designed for previous Windows versions. However, Standard users cannot install multiuser programs, or those that install new system services. Words like often, typically, many, and most are the name of the game here. The best way to see whether a program will install for a Standard user is to attempt the installation. In some cases it may work, and in others it will fail. Although the conveniences associated with having an Administrator account have appeal, everyday user accounts should always be of the Standard type if you're serious about securing your system. Unfortunately, going that route can lead to frustration (and even conflict) in cases where one user wants to do something on a computer, but is unable to because of restrictions imposed as a result of her Standard status.

That's why the Administrator account type exists, and there's nothing wrong with granting a responsible and trusted user the capability to use an Administrator account if and when necessary. Later in this chapter you'll learn how you can allow trusted Standard users to perform administrative tasks, without leaving the safe confines of their everyday user account.

As a best practice, try to follow what is known as the principle of least privilege when configuring security settings for any PC. This principle dictates that you give users only the minimum level of privilege that they require, and nothing more. Although the level of control that a particular user needs is open to debate (especially in his eyes), sticking to the least privilege maxim helps to ensure a more secure computer. In the case of user accounts, this means assigning all users Standard accounts for normal everyday use. Many viruses and spyware programs rely on the current user having Administrator-level access to thoroughly infect systems and do their damage; sticking with Standard accounts helps mitigate potential risks. Suffice it to say that when it comes to Windows Vista, user accounts, and security, less can actually be more.

GUEST USER ACCOUNT

Along with an Administrator account, Windows Vista also automatically creates a user account named Guest. As its name suggests, this account is meant for users without their own dedicated user accounts. Disabled by default (see Figure 2-2), the Guest account does not have a password assigned, and has little in the way of powers beyond running installed programs.

image from book
Figure 2-2: The Windows Vista built-in Guest account is disabled by default.

The fact that the Guest account is disabled by default (and cannot be assigned a password) is a good indication that it represents a potential security risk. As a best practice, always leave the Guest account disabled and create Standard accounts for users who require occasional access to your Windows Vista system. As you'll see later in this chapter, you can create a user account in less than a minute - well worth the effort from a security perspective.