Section 15.2. Accounts


15.2. Accounts

To see what accounts are already on your PC, choose Start Control Panel, and then, under User Accounts and Family Safety, click "Add or remove user accounts."

You're asked to authenticate yourself (Section 6.3), and then you see a list of existing accounts (Figure 15-1).

Figure 15-1. This screen lists everyone for whom you've created an account. From here, you can create new accounts or change people's passwords. (Hint: To change account settings, just click the person's name on the bottom half of the screen. Clicking the "Change an account" link at the top requires an extra click.)


If you see more than one account herenot just yoursthen one of these situations probably applies:

  • You created them when you installed Windows Vista.

  • You bought a new computer with Vista preinstalled , and created several accounts when asked to do so the first time you turned on the machine.

  • You upgraded the machine from an earlier version of Windows. Vista gracefully imports all of your existing accounts.

If you're new at this, on the other hand, there's probably just one account listed here: yours. This is the account that Windows created when you first installed it.

15.2.1. Administrator vs. Standard Accounts

It's important to understand the phrase that appears just under each person's name. On your own personal PC, the word Administrator probably appears underneath yours.

Because you're the person who installed Vista, the PC assumes that you're one of its administrators the technical wizards who will be in charge of it. You're the teacher, the parent, the resident guru. You're the one who will maintain this PC and who will be permitted to make system-wide changes to it.

You'll find settings all over Windows that only people with Administrator accounts can change. For example, only an administrator is allowed to create or delete accounts and passwords on the PC; install new programs (and certain hardware components ); make changes to certain Control Panel programs that are off limits to non-administrators; and see and manipulate any file on the machine.

There's another kind of account, too, for people who don't have to make those kinds of changes: the Standard account.

Now, until Vista came along, people doled out Administrator accounts pretty freely . You know: the parents got Administrator accounts, the kids got Standard ones.

The trouble is, an Administrator account itself is a kind of security hole. Any time you're logged in with this kind of account, any nasty software you may have caught from the Internet is also , in effect, logged inand can make changes to important underlying settings on your PC, just the way a human administrator can.

Put another way: If a Standard account holder manages to download a computer virus, its infection will be confined to his account. If an administrator catches a virus, on the other hand, every file on the machine is at risk.

In Vista, therefore, Microsoft recommends that everyone use Standard accountseven you, the wise master and owner of the computer!

So how are you supposed to make important Control Panel changes, install new programs, and so on?

That's a lot easier in Vista. Using a Standard account no longer means that you can't make important changes. In fact, you can do just about everything that an Administrator account can if you know the name and password of a true Administrator account.


Note: Every Vista PC can (and must) keep at least one Administrator account on hand, even if you rarely log in with that account.

Whenever you try to make a big change, you're asked to authenticate yourself. As described on Section 6.3, that means supplying an Administrator account's name and password, even though you, the currently logged-in person, are a lowly Standard account holder (Figure 15-2).

Figure 15-2. Top: If you're a Standard account holder, installing a program or making PC-wide changes in the Control Panel requires your filling in this dialog box with an Administrator's name and password.
Bottom: If you're logged in as an Administrator, you can just click Continue to get past the box. You've already supplied your name and password (when you logged in!).


The idea is that if you really are a Standard account holder, you can call over an Administrator to approve the change you're making. And if you really are the PC's owner, you know the Administrator account's password anyway, so it's no big deal.

Now, making broad changes to a PC when you're an Administrator still presents you with those " prove yourself worthy" authentication dialog boxes. The only difference is that you, the Administrator, can click Continue to bypass them, rather than having to type in a name and password.

You'll have to weigh this security/convenience tradeoff . But you've been warned : the least vulnerable PC is one where everyone uses Standard accounts.

15.2.2. Adding an Account

Once you've opened the Manage Accounts window in the Control Panel, it's easy to create a new account: click the "Create a new account" link shown in Figure 15-1. (You see this link only if you are, in fact, an administrator.)

The next screen asks you to name the account and choose an account type: Administrator or Standard.

When you're finished with the settings, click Create Account (or press Enter). After a moment, you return to the User Accounts screen (Figure 15-1), where the new person's name joins whatever names were already there. You can continue adding new accounts forever or until your hard drive is full, whichever comes first.

15.2.3. Editing an Account

Although the process of creating a new account is swift and simple, it doesn't offer you much in the way of flexibility. You don't even have a chance to specify the new person's password, let alone the tiny picture that appears next to the person's name and at the top of the Start menu (rubber ducky, flower, or whatever).

That's why the next step in creating an account is usually editing the one you just set up. To do so, once you've returned to the main User Accounts screen (Figure 15-1), click the name or icon of the freshly created account. You arrive at the screen shown at the top in Figure 15-3, whereif you are an administratoryou can choose from any of these options:

Figure 15-3. Top: Here's the master menu of account-changing options that you can see.
Bottom: You're supposed to type your password twice, to make sure you didn't introduce a typo the first time. (The PC shows only dots as you type, to guard against the possibility that some villain is snooping over your shoulder.)


  • Change the name . Click "Change the account name." You'll be offered the opportunity to type in a new name for this person and then click the Change Name buttonjust the ticket when one of your co-workers gets married or joins the Witness Protection Program.

  • Create a password . Click this link if you'd like to require a password for access to this person's account (Figure 15-3, bottom). Capitalization counts.

    The usual computer book takes this opportunity to stress the importance of having a long, complex password, such as a phrase that isn't in the dictionary, something made up of mixed letters and numbers , and not, by the way , the word "password." This is excellent advice if you create sensitive documents and work in a corporation.

    But if you share the PC only with a spouse or a few trusted colleagues in a small office, you may have nothing to hide. You may see the multiple-users feature more as a convenience (for keeping your settings and files separate) than a way of protecting secrecy and security.

    In these situations, there's no particular need to dream up a convoluted password. In fact, you may want to consider setting up no passwordleaving both password blanks empty. Later, whenever you're asked for your password, just leave the Password box blank. You'll be able to log on and authenticate yourself that much faster each day.

    If you do decide to provide a password, you can also provide a hint (for yourself or whichever co-worker's account you're operating on). This is a hint that anybody can see (including bad guys trying to log on as you), so choose something meaningful only to you. If your password is the first person who ever kissed you plus your junior-year phone number, for example, your hint might be "first person who ever kissed me plus my junior-year phone number."

    Later, when you log in and can't remember your password, leave the Password box empty and hit Enter. You'll wind up back at the login screen to try againbut this time, your hint will appear just below the Password box to jog your memory.

  • Remove the password . By removing the password, you open up the opportunity for this person to replace it with something better.

    By the way, be careful when you remove someone else's password after they've been using the computer for a while. If you do, you'll wipe out various internal security features of their accounts, including encrypted files, access to their stored Web site passwords, and stored passwords for shared folders and disks on the network (Chapter 16). See the box below for details.

  • Change the picture . The usual sign-in screen (Figure 15-1) displays each account holder's name, accompanied by a little picture. When you first create the account, however, it assigns a picture to you at randomand not all of the pictures are necessarily appropriate for your personality.

    UP TO SPEED
    Passwords Within Passwords

    The primary password that you or your administrator sets up in the User Accounts program has two functions. You already know that it lets you log on each day, so you can enter your Windows world of desktop clutter, Start menu tailoring, Web bookmarks, and so on.

    But what you may not realize is that it's also the master key that unlocks all the other passwords associated with your account: the passwords that Internet Explorer memorizes for certain Web sites, the passwords that get you into shared disks and folders on the network, the password that protects your encrypted files, the password that protects your .NET Passport (and its Wallet for electronic payments, if you set one up), and so on. The simple act of logging onto your account also unlocks all of these other secure areas of your PC life.

    But remember that anyone with an Administrator account can change your password at any time. Does that mean that whoever has an Administrator accountyour teacher, boss, or teenager, for examplehas full access to your private stuff? After you leave the household, company, or school, what's to stop an administrator from changing your password, thereby gaining access to your electronic-brokerage account ( courtesy of its memorized Internet Explorer password), buying stuff with your Passport Wallet, and so on?

    Fortunately, Microsoft is way ahead of you on this one. The instant an administrator changes somebody else's password, Windows wipes out all secondary passwords associated with the account. That administrator can log onto your account and see your everyday files, but not Web sites with memorized passwords, and so on.

    Note that if you change your own passwordor if you use a Password Reset Disk, described in these pagesnone of this applies. Your secondary passwords survive intact. It's only when somebody else changes your password that this little-known Windows security feature kicks in, sanitizing the account for your protection.


    If you like one of the selections that Microsoft has provided, just click it to select it as the replacement graphic. If you'd rather use some other graphics file on the hard drive insteada digital photo of your own face, for exampleyou can click the "Browse for more pictures" link. You'll be shown a list of the graphics files on your hard drive so you can choose one, which Windows then automatically scales down to postage -stamp size .

  • Set up Parental Controls . Whenever you edit a Standard account, this link is available, on the premise that this person is either a child or someone who acts like one. See Section 8.7 for the Parental Controls details.

  • Change the account type . Click this link to change a Standard account into an Administrator account, or vice versa.

  • Delete the account . See Section 15.2.5.

You're free to make any of these changes to any account at any time; you don't have to do it immediately after creating the account.


Tip: The Start menu offers a big, fat shortcut to the Edit Account dialog box shown in Figure 15-3: just click your picture at the top of the open Start menu.

15.2.4. The Forgotten Password Disk

As described above, Windows contains a handy hint mechanism for helping you recall your password if you've forgotten it.

But what if, having walked into a low-hanging branch, you've completely forgotten both your password and the correct interpretation of your hint? In that disastrous situation, your entire world of work and email would be locked inside the computer forever. (Yes, an administrator could issue you a new passwordbut as noted in the box on the facing page, you'd lose all your secondary passwords in the process.)

Fortunately, Windows offers a clever solution-in-advance: the Password Reset Disk. It's a CD or USB flash drive (not a floppy, as in Windows XP) that you can use like a physical key to unlock your account, in the event of a forgotten password. The catch is, you have to make this disk now , while you still remember your password.

To create this disk, insert a blank CD or a USB flash drive. Open/ the Start menu and click your picture (top right). The "Make changes to your account" window opens (Figure 15-3).

The first link in the task pane says, "Create a password reset disk." Click that to open the Forgotten Password Wizard. Click through it, supplying your current password when you're asked for it. When you click Finish, remove the CD or flash drive. Label it, and don't lose it!


Tip: Behind the scenes, Vista saves a file onto the CD or flash drive called userkey.psw . You can guess what that is.

When the day comes that you can't remember your password, leave the Password box empty and hit Enter. You'll wind up back at the login screen; this time, in addition to your password hint, you'll see a link called "Reset password." Insert your Password Reset CD or flash drive and then click that link.

A Password Reset Wizard now helps you create a new password (and a new hint to remind you of it). You're in.

Even though you now have a new password, your existing Password Reset Disk is still good. Keep it in a drawer somewhere, for use the next time you experience a temporarily blank brain.

15.2.5. Deleting Accounts

It happenssomebody graduates, somebody gets fired , somebody dumps you. Sooner or later, you may need to delete an account from your PC.

To delete a user account, open the User Accounts program, click the appropriate account name, and then click "Delete the account."

Windows now asks you if you want to preserve the contents of this person's Documents folder. If you click the Keep Files button, you'll find a new folder, named for the dearly departed, on your desktop. (As noted in the dialog box, only the documents, the contents of the desktop, and the Documents folder are preservedbut not programs, email, or even Web favorites.) If that person ever returns to your life, you can create a new account for him and copy these files into the appropriate folder locations.

If you click the Delete Files button, on the other hand, the documents are gone forever.




Windows Vista for Starters
Windows Vista for Starters: The Missing Manual
ISBN: 0596528264
EAN: 2147483647
Year: 2007
Pages: 175
Authors: David Pogue

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net