Logging On and Logging Off" in Chapter 1.
To see existing accounts:
Choose Start > Control Panel > User Accounts (Figure 16.1 ).
or
Choose Start > Run; type nusrmgr.cpl and then press Enter.
An
account type defines a user's
privileges rights to perform specific tasks. The account type appears below each user's name.
A
computer administrator has sweeping systemwide rights to create, change, and delete user accounts and passwords; access
all files (including other users' files); and install programs and hardware. Many of the settings described in this book require administrative privileges, which you should grant to few users besides yourself. XP must have at least one
Administrator account, and if you installed Windows or maintain it, this is
your account type.
If you're not an Administrator, you're an everyday
Limited user who can change your own password, picture, .NET Passport, desktop theme, and Start menu; change some Control Panel settings (you can't change the system time, for example); and access files in your My Documents folder (everyone else's files are off limits) and the Shared Documents folder (which Windows Setup creates automatically as a shared location for all users).
Windows also comes with a no-password
Guest account that has the same privileges as a limited account. This account, intended for visitors, is turned off by default and should stay that way.
User Accounts offers straightforward controls to create, change, and delete accounts.
To create an account:
1. In User Accounts, click Create a New Account.
2. Type a user name for the account; then click Next.
You'll also use this name to log on to domains and to computers without the Welcome screen.
3. Select an account type (see the "Account Types" sidebar) (Figure 16.2 ); then click Create Account.
The new account will appear in the User Accounts window.
After creating a user account, you edit it to set up its other information. You can change a user account's details, such as its password and picture, at any time after creating it.
To edit an account:
1. In User Accounts, click the name or icon of the account that you want to change.
Don't bother with the extra click of the Change an Account link.
2. In the window that appears (Figure 16.3 ), choose among these options:
Name. Type a new user name, which will appear in the Welcome screen, Start menu, and User Accounts window.
Password. Type (and retype) a password and optional logon hint to remind you of a forgotten password (Figures 16.4 and
16.5 ). If the account already is password-protected, you can change or remove the existing password. Capitalization counts. See the "Passwords" sidebar for tips.
Picture. Change the picture associated with you in the Welcome screen, Start menu, and User Accounts window (Figure 16.6 ). (The picture doesn't appear if you're a domain member or if you use the classic Start menu.)
Account type. Change an Administrator account into a Limited account, or vice versa. See the "Getting a .NET Passport" in Chapter 15.
If you're worried that you'll forget your password and draw a blank on your password hint, create a
password reset disk to recover it. You must create it now, before you actually need it. Keep the disk safe; anyone can use it to change your password. (An Administrator always can reset your forgotten password, but a reset wipes your secondary passwords; see the "Passwords" sidebar.)
To create a password reset disk:
1. In User Accounts, click your account's name or icon.
2. In the task pane at the left, click Prevent a Forgotten Password.
The Forgotten Password Wizard opens (Figure 16.7 ).
3. Follow the onscreen instructions.
You'll need a formatted floppy disk.
If you mistype a password in future logons, Windows displays a Use Your Password Reset Disk link (if you're using the Welcome screen) or a Reset button (if you're not). Click the link or button to launch the Password Reset Wizard, and follow the onscreen instructions. You don't need to make a new password reset disk after you're logged on; reuse the old one.
You, as Administrator, can delete any account that's not logged on. (Press Ctrl+Shift+Esc and click the Users tab to see who's connected if Fast User Switching is turned on.) You
can't delete the account that you're logged on to or the last Administrator account. A deleted account is gone forever, along with its settings and secondary passwords, as described in the "Passwords" sidebar. If you create a new account with the same name and password, Windows considers it to be a different account.
To delete an account:
1. In User Accounts, click the name or icon of the account that you want to delete.
2. Click Delete This Account.
3. Click Keep Files to save the user's desktop and My Documents files on your desktop in a folder named after the deleted user (Figure 16.8 ).
or
Click Delete Files to erase the user's files.
4. Click Delete Account.
Sharing Files" in Chapter 17.
Manage accounts through only User Accounts. If you tinker with accounts in the Documents and Settings folder, you'll create a confusing array of duplicate folders with the computer name appended (diane and diane.NILE, for example).
For security reasons, consider using a Limited account for routine logons and an Administrator account for special occasions. If you're logged on as a Limited user and try to install a programwhich requires Administrator privileges
Recovering After a Crash" in Chapter 19) or when no other administrative accounts exist, for example. To manage this account, use the dialog box described in the next tip.
Power users prefer the Windows 2000style User Accounts dialog box to manage user accounts. It's hidden in XP. To reveal it, choose Start > Run; type control userpasswords2 and then press Enter (Figure 16.10 ).
local accounts stored on your PC, not on the domain server. You'll want a localnot domainAdministrator account to update drivers, for example. You also can assign people to groups, as described in the next tip.
Upon graduation to advanced user management, you'll use the Local Users and Groups console. Choose Start > Run; type lusrmgr.msc and then press Enter (Figure 16.11 ). With this console, you can create and manage users and groups.
Groups are named collections of users that transcend the standard Administrator/Limited account types and give you great flexibility in fine-tuning file and folder permissions.
appendix). Click Yes, Make Private to deny others access to your C:\Documents and Settings\
<your user name > folder. (An unethical Administrator still can inspect your files by changing your password.) See also "Sharing Files" in Chapter 17.
The secondary passwords stored in your account for certain web sites, network files and folders, encrypted files, your .NET Passport, and so on
are lost if an Administrator changes your password (but not if you change it), thus preventing someone unscrupulous from, say, cleaning out your bank account courtesy of a password memorized by your browser.
If you upgraded from Windows 9
x with user accounts, XP set the imported accounts to Administrator and erased their passwords. XP forbids passwordless network logons, but passersby can log on. To plug this security hole, assign passwords and downgrade account types to Limited.
In most situations, it's imperative to password-protect every account. The web has good advice on how to choose (and not choose) passwords; search for
choosing a password on Google. For starters, see www.cs.umd.edu/faq/Passwords.l. If you're not offended easily, search for Grady Ward's article on using "shocking nonsense" to pick a password.
![[View full size image]](/image/library/english/13788_16fig11_alt.jpg;400478){kind=link}