CompTIA A_ Certification All-In-One Exam Guide, Seventh Edition - Michael Meyers [261]
Figure 16-1 Windows Logon screen
local user account. If you don’t have a local user account created on a particular system, you won’t be able to log on to that computer (Figure 16-1).
Each version of Windows has a similar application for creating user accounts. But each one differs enough that it’s useful to view them individually. Then we’ll look at using passwords and groups to manage users, tasks that all Windows versions share.
Figure 16-2 Users and Passwords
Managing Users in Windows 2000
One handy tool for managing users in Windows 2000 is called the Users and Passwords applet (Figure 16-2). You access this tool from the Control Panel.
When you install Windows 2000, by default you add two user accounts to the computer: administrator and guest. You can also choose to let the operating system assume that you are the sole user of the computer and not prompt you for a password for logging into Windows. As you might imagine, this severely limits any security on that Windows machine.
You can check this setting after installation by opening the Users and Passwords applet in Control Panel to see the setting for Users must enter a user name and password to use this computer. Figure 16-3 shows this choice selected, which means you will see a logon box every time you restart your computer. Also notice that the only user is administrator. That’s the account used to log on when no other user is assumed.
Figure 16-3 Security begins with turning on Users must enter a user name and password to use this computer.
* * *
NOTE When you install Windows, assuming your computer is not made a member of a domain, you may choose to let the OS assume that you are the only user of the computer and do not want to see the logon dialog box.
Using the administrator account is just fine when you’re doing administrative tasks such as installing updates, adding printers, adding and removing programs and Windows components, updating device drivers, and creating users and groups. Best practice for the workplace is to create one or more user accounts and only log in with the user accounts, not the administrator account. This gives you a lot more control over who or what happens to the computer.
For the sake of security, a wise administrator also enables the setting on the Advanced tab of Users and Passwords under Secure Boot Settings. If checked, as shown in Figure 16-4, it requires users to press CTRL-ALT-DELETE before logging on. This setting is a defense against certain viruses that try to capture your user name and password, sometimes by presenting a fake logon prompt. Pressing CTRL-ALT-DELETE removes such programs from memory and allows the actual logon dialog box to appear.
Figure 16-4 Make your computer more secure by enabling Secure Boot Settings.
* * *
NOTE If the password requirement is turned off and you have user accounts that aren’t password protected in Windows 2000 (or other versions of Windows, for that matter), anyone with physical access to your computer can turn it on and use it by pressing the power button. This is potentially a very bad thing!
Creating a new user account enables that user to log on with a user name and password. The administrator can set the rights and permissions for the user and audit the user’s access to certain network resources. For that reason, it is good practice to create users on a desktop computer. You are working with the same concepts on a small scale that an administrator must work with in a domain. Let’s review the steps in this procedure for Windows 2000.
* * *
NOTE To create and manage users, you must be logged on as the administrator, be a member of the Administrators group, or have an administrator account. Assign a password to the administrator account so that only