Managing Windows XP Professional

Creating Users and Groups
Every time you use your Windows XP machine, you must provide a valid user
account to log in and access the local machine.This user account must have the
appropriate permissions to use the machine or access will be denied.You can
assign permissions directly to the user account, or you can assign them to groups.
When assigning permissions to groups, you affect all of the users within the
group. In this section, we define the different types of user accounts and groups
available.We also learn how to create and manage each type of user and group.
What Are User Accounts?
What exactly is a user account? Think of it as your passport to access resources,
such as printers and files.Windows XP requires mandatory logon, which means
that to interact with your machine, you must have a valid user account and password.
Depending on the types of resources you want to access—local or network—
you need either a local user account or a domain user account.
Local User Accounts
Local user accounts are just that, “local” to the machine that you are logging into.
Every XP machine maintains its own database. If you were logging into XP’s
database, it would mean that you are logging on to the local computer, or logging
on locally.A local user account gives you rights that are associated only with that
specific machine, and not the entire network. Remember:“Local” means just
that, local to the machine you are logging into.
Table 4.1 shows the default user accounts provided by Windows XP
Professional during installation.The two accounts created are Administrator and
Guest. Exercise 4.1 walks you through creating local users.
Table 4.1 Default Local User Accounts Provided with Windows XP Professional
Account Account Function
Administrator The Administrator account is the first account you will ever
use to log into Windows XP. Once you log in, you may
create new accounts and begin to configure your workstation.
A few important features of the Administrator
account are that you can never delete or disable it nor can
you remove it from the Local Administrators group.
However, you can rename the account.
Guest The Guest account is used by users who do not have an
actual account on the workstation for them to log in with,
so they can log in as guests. The Guest account does not
have a password. The Guest account is disabled by default
so you need to enable it to use it.
Exercise 4.1 Creating Local User Accounts
with the Computer Management Console
To create a local user, you must first navigate to the Computer Management
MMC:
1. Navigate to the Computer Management applet in your administrative
tools program group (Start | Control Panel | Administrative Tools
| Computer Management).
2. Expand System Tools in Computer Management; you will see the
Local Users and Groups Icon.
3. Expand Local Users and Groups.You will see two folders, Users and
Groups. Figure 4.1 shows these folders.
4. Right-click the Users folder and select the option New User…. This
will bring you to the New User dialog box shown in Figure 4.2.
5. Supply the following information:
 User name The name that will be used by this account to log on.
 Full name The actual name of the user (this may be different from
the user name).
 Description Adds other details about the user or account (such as
what floor the user works on).
6. Enter the password and confirm it.
7. Check the desired account options:
 User must change password at logon Requires the user to enter
a new password when he logs on.
 User cannot change password Makes it impossible for the user
to change her password.
 Password never expires Ensures that the password does not have
to be constantly changed by the user.
 Account is disabled Disables the account, preventing it from being
used by anyone trying to log on.This is not the same as deleting the
account, because it still exists, but it is technically inoperable.
8. To finish, click Create, and the new user account will be created.
The new account will appear in the contents pane of the MMC.To find
more options or to change other options on your new user, simply right-click
new user for a pop-up menu of options, including the following:
 Set password
 Rename
 Delete
 Properties
One thing you may want to investigate is the user’s properties. Clicking on
the Properties field allows you to apply a few more important options for this
user.You will find the following two new tabs:
 Member of Allows you to add specific groups to the user account you
have created (groups are covered in the next section).
 Profile tab (shown in Figure 4.3) The Profile path field assigns the
profile used by your new Local User account upon logon to the
machine.The Logon script field assigns a batch file–based login script.
The Home Folder section sets the user account to a local path for its
home folder or maps the user account to a home folder on a network
share. A home folder is where users should save all of their data.
Remember, it is best to have all data in one centralized area so that it
can easily be located and backed up.
Let’s look at another way to create a user account. First, we have to get to the
command prompt, which is a 32-bit program that runs text-based commands. It
looks like DOS (Disk Operating System), but it is not DOS. It is called
Command (abbreviated CMD) and can be run from the Run dialog box. Click
Start | Run. From the Run dialog box, type in the CMD and click OK.Typing
net and pressing ENTER will give you the window shown in Figure 4.4.
Figure 4.4 shows all of the possible options used with the net command.To
see a list of options (including the correct syntax) for creating a user, run the following
command from the command prompt:
NET USER /HELP
The output from this command will display more information than can fit on
one screen. Let’s view all of the output by scrolling back to the top of the command
prompt (use the scrollbar on the right side of the command prompt
window). Scroll down slowly and read all of the command’s switches.This may
appear to be a difficult way of creating users, but at times it is easier than going
through the graphical user interface (GUI).This is generally faster than using the
GUI.You also have the flexibility of adding these commands to a script or batch
file to automate your administrative task. Exercise 4.2 walks you through creating
a user from the command prompt. Exercise 4.3 walks you through deleting a user
account from the command prompt. Exercise 4.4 walks you through creating
local user accounts with the Control Panel User Accounts applet.
Exercise 4.2 Creating Local User
Accounts by Using the Command Line
1. Open a command prompt. Go to Start | Run. Type CMD and
click OK.
2. Next, type NET USER newuser1 /ADD.You should see “the command
completed successfully” message.This lets you know that your user
was created.
3. To use the GUI to verify that your user was created, Go to Start |
Control Panel | Administrative Tools | Computer Management
and navigate down to the Users folder.You will see the new account
NEWUSER1. Minimize Computer Management.
Exercise 4.3 Deleting Local User
Accounts by Using the Command Line
1. Go back to the command prompt and type NET USER newuser1
/DELETE.
2. This will delete the newly created user.To verify that the user account was
deleted, maximize Computer Management and refresh the right side contents
pane by pressing F5.The NEWUSER1 local account disappears.
Another way to check this is to pull up the command prompt and type
NET USER, which will show all the user accounts that are available on
the local machine.
Exercise 4.4 Creating Local User Accounts
with the Control Panel User Accounts Applet
Lastly, you can create a new local user account via the Control Panel by using the
following steps:
1. Go to Start | Control Panel | User Accounts Applet and doubleclick
the User Accounts Applet.
2. You will be asked to pick a task.You can change a current account,
create a new one, or change the way a user logs off. Select Create a
new user account from the menu.
3. In the Type a name for the new account box, type in XPTEST.
Afterwards, click Next to continue.
4. Choose whether to create a Computer Administrator or a Limited
account.The Computer Administrator account will give the new user
account administrative rights.The Limited account will give the new
user account rights to change their password, view files it creates, view
files in the shared documents folder, and change the settings for its profile.
Select the Computer Administrator radio button and click
Create Account.You will now see the account listed under the Pick an
account to change section of the User Accounts window.
Using the User Accounts Applet
Now that you have seen how to create local user accounts, let’s look at how to
manage them with the User Accounts applet (see Figure 4.5) from the Control
Panel.This applet provides many useful features:
 Changing the login interface for users
 Resetting users passwords
 Changing the role of a user
 Renaming an account
 Enabling Fast User Switching
From the User Accounts window, you can create a new account or you can
modify an existing account.You can also change the way users log on and off.
(See Exercise 4.4 to learn how to create a new account.) Figure 4.6 shows the
logon and logoff options.
In Figure 4.6, you see two options—Use the Welcome screen and Use
Fast User Switching.The Welcome screen is an alternative way of logging onto
your computer. Instead of getting the normal Ctrl+Alt+Delete logon box, users
are given a screen that lists the available user accounts for their machine.The user
simply clicks on the user that he wishes to log on as (entering a password if
needed), and he is logged on. Disabling the Welcome screen returns the
Ctrl+Alt+Delete logon box.
Enabling the Welcome screen is a requirement for Fast User Switching. Fast
User Switching is a new feature in Windows XP. It is available only when your
PC is in workgroup mode.You use Fast User Switching by clicking Start | Log
Off. On the Log Off Windows dialog box, click Switch User.You will now be
at the Welcome screen.You can log on as the same user or a different user by
choosing her name from the list.
When you use Fast User Switching, users are not logged off. All of their programs
continue to run. XP puts their desktop in the background and allows
another user to open a new desktop (similar to how Terminal Server works).You
can switch back and forth between the user’s desktops without having to close all
applications and save your data. Pressing the Windows logo key + L takes you
directly to the Welcome screen.You may use this, for example, when you are at
home writing a paper and someone else wants to check her mail.You can switch
over to her desktop and let her check mail without disturbing your desktop.
Figure 4.7 shows the options available for configuring a user account.This is
an easy way to manage your accounts. If you desire more options, you will need
to use Local Users And Computers from within Computer Management or run
lusrmgr.msc from the Run line.The options available with the User Accounts
applet are listed here:
 Change the user’s login name
 Reset the user’s password
 Change the icon that appears next to the user’s name on the Welcome
screen and on the Start menu
 Change the account from a limited account to an Administrator account
and vice versa
 Delete the account from the local accounts database
Domain User Accounts
Before we cover what a domain user account is, you need to understand
domains. In Microsoft technologies, a domain is created when you make a
Windows NT or 2000 server a domain controller. Domains provide a single
point of administration and a single point of logon. All domain controllers within
the domain share the same database. Users can log into this database from any
computer within the domain.This is different than the stand-alone machine
approach we have been dealing with thus far. Now instead of users having to
remember a different username and password for each machine that they log
into, they can use the same account on every machine.This makes administration
easier as well. Now administrators have to manage only one account.
The process of joining a Windows XP machine to a domain creates a logical
association between the machine and the domain controllers. Joining the domain
creates a computer account in the domain database.This allows administrators to
centrally manage your machine with the other machines joined to the domain.A
common example of this is to create Group Policy Objects that apply machine settings
to all machines in the domain.This allows administrators to apply the settings
once and have them apply to all machines versus having to assign policy locally on
each machine. Exercise 4.5 walks you through joining your PC to the domain.
Exercise 4.5 Joining a Domain
1. Click Start | Control Panel | System Applet and click the
Computer Name tab. Click Network ID.This will start the Network
Identification Wizard.
2. From the How Do You Use This Computer window, choose This
computer is part of a business network, and I use it to connect
to other computers at work. Click Next to continue.
3. You will now be asked what type of network your company uses.
Choose My company uses a network with a domain. Click Next
to continue.
4. You will now be told that you need to enter the following information:
 Username
 Password
 User account domain
You may optionally need to enter the following information:
 Computer name
 Domain name
Click Next to continue.
5. You will be asked for a domain to join and the name and password of a
user account that has the rights to join this machine to the domain.
Follow the remaining prompts and click Finish.You will have to restart
your XP Professional machine.
6. After rebooting, use the System applet in Control Panel (Use the
Computer Name tab) to verify that you are now part of the correct
domain.