CompTIA A_ Certification All-In-One Exam Guide, Seventh Edition - Michael Meyers [267]
Like Windows XP, the home editions of Windows Vista (Home Basic and Home Premium) offer only three groups: administrators, users, and guests. Administrators and guests function as they do in all of the other versions of Windows. Members of the Users group, on the other hand, are called standard users and differ significantly from the limited users of Windows XP infamy. Standard users are prevented from harming the computer or uninstalling applications but can run most applications. Technicians don’t have to run over to standard user accounts to enable access to common tasks such as printing or doing e-mail.
Adding Groups and Changing Group Membership The professional versions of Windows—including Windows 2000, XP, and Vista—enable you to add new groups to your computer by using the Local Users and Groups tool, found in the Computer Management applet of the Administrative Tools. This tool also enables you to create user accounts and change group membership for users. Figure 16-21 shows the Local Users and Groups in Windows Vista with the Groups selected.
Figure 16-21 Local Users and Groups in Windows Vista
To add a group, simply right-click on a blank spot in the Groups folder and select New Group. This opens the New Group dialog box, where you can type in a group name and description in their respective fields (Figure 16-22).
Figure 16-22 New Group dialog box in Windows Vista
To add users to this group, click the Add button. The dialog box that opens varies a little in name among the three operating systems. In Vista it’s called the Select Users, Computers, or Groups dialog box (Figure 16-23). The Windows 2000 dialog box presents a list of user accounts. Windows XP and Vista add some complexity to the tool.
Figure 16-23 Select Users, Computers, or Groups dialog box
A user account, a group, a computer; these are all object types in Microsoft lingo. To give you a lot of control over what you do or how you select various objects, Microsoft beefed up this dialog box. The short story of how to select a user account is to click the Advanced button to expand the dialog box and then click the Find Now button (Figure 16-24).
Figure 16-24 Select Users, Computers, or Groups dialog box with Advanced options expanded to show user accounts
You can add or remove user accounts from groups with the Local Users and Groups tool. You select the Users folder, right-click a user account you want to change, and select Properties from the context menu. Then select the Member Of tab on the user account’s Properties dialog box (Figure 16-25). Click Add to add group membership. Select a group and click Remove to take away a group membership. It’s a clean, well-designed tool.
Figure 16-25 Properties dialog box of a user account, where you can change group memberships for that account
Authorization through NTFS
User accounts and passwords provide the foundation for securing a Windows computer, enabling users to authenticate onto that PC. The essential next step in security is authorization, determining what a legitimate user can do with the resources—files, folders, applications, and so on—on that computer. Windows uses the NT file system and permissions to protect its resources.
NTFS Permissions
In Windows 2000, XP, Vista, and 7, every folder and file on an NTFS partition has a list that contains two sets of data. First, the list details every user and group that has access to that file or folder. Second, the list specifies the level of access that each user or group has to that file or folder. The level