Site hosted by Angelfire.com: Build your free website today!
Chapter 6: Sharing Your Computer with Multiple Users

PreviousChapterContentsGlossaryNext

What Is a User Account?

When two or more users share a computer, they don't have to argue about what color the background should be, what programs should be on the Start menu, or whether to use single-click or double-click style. Instead, each user can have a user account (called a user profile in previous versions of Windows). User accounts can be stored in one of two places:

A new feature in Windows XP (new to Windows Me/9x users, anyway) enables you to password-protect the files in your My Documents folder, so that other people using the same computer later won't be able to read them. Each user's My Documents folder can be protected from view from the other users.

Another new feature protects your computer if you don't assign passwords to your user accounts. If your user account doesn't have a password, you can log on to your account only at your own computer: you can't use Run As (described in the section "Running a Program as Another User" later in this chapter) or Remote Desktop to use the computer with your user account.

If your computer is on a small LAN, you can set up local user accounts on all the computers on the LAN so that people can use any computer and see their own files and desktop. See Chapter 29 for details.

tip If you are wondering which user account you are logged on as, click the Start button. The user account name appears at the top of the menu.

What Types of Users Can You Create?

Windows XP Home Edition and Professional enable you to set up local user accounts. If you are logged into a Windows .NET, 2000, or NT server with administrative privileges, you can create and maintain domain accounts on a domain-based LAN, but you should talk to your LAN administrator before doing so.

Windows provides at least three types of local user accounts:

You can create as many administrator or limited accounts as you want. You can't create guest accounts. When you install Windows XP, there are at least two accounts:

The installation program asks for the names of the people who will use the computer, and creates an administrator account for each name. You can create additional administrative or limited accounts for each person who uses the computer, and you can rename or delete the Administrator account. Until you create other accounts and passwords, you automatically log on as Administrator when you start Windows. For how to create new accounts, see "Creating New User Accounts" later in this chapter.

caution If you are concerned about security (as you should be, if your computer connects to the Internet), disable the Guest account (see the section "Enabling and Disabling the Guest Account" later in this chapter). Also be sure to create passwords for each user account, as described in the section "Adding or Removing Passwords" later in this chapter. Change all but one or two rarely used accounts from administrator to limited accounts, to reduce security holes.

What Are Groups?

Each user account is a member of one or more groups, which define what the user can do. A user account can be a member of many groups. You can create new groups and you can add user accounts to groups. Groups can be local groups (stored on your own computer) or domain groups (stored as part of a Microsoft Active Directory system on a Windows .NET or 2000 Server).

(If you need to create and modify groups, you probably have a LAN with a large enough number of computers to warrant at least one computer running Windows .NET Server, with domain-based accounts--see Windows .NET Server: The Complete Reference for information.)

Each group comes with rights that allow members of that group to perform system-wide tasks, like installing or running programs. A user account has all the rights of all the groups to which it belongs. Groups also have permissions to use certain files and folders.

Windows XP Professional comes with nine built-in groups, but for user accounts on a single computer, you usually use only three of them (see the preceding section for descriptions of what each type of user account can do). User accounts belong to these groups:

Group Name User Accounts
Administrators Administrator user accounts
Users Limited user accounts
Guest The Guest account

note Windows XP Home Edition comes with the same groups as Professional, but with no way to create additional groups or to change settings for a group.

What Is a User Profile?

Table 6-1 lists the some of the files and folders that are stored separately for each local user account. These items are stored in the user account's user profile--the folder that contains all the settings for the user. A user profile is usually in the C:\Documents And Settings\username folder, where username is replaced by the name of the user account. (If Windows is installed on a partition other than C:, so is this folder.) You need to configure Windows Explorer to display hidden files and folders to see them.

Item Contents
Ntuser.dat, Ntuser.dat.log, and Ntuser.tmp files This user's configuration settings and other information.
Application Data folder This user's application program configuration settings.
Cookies folder The cookies stored by Internet Explorer while run by this user.
Desktop folder The items that appear on this user's desktop.
Favorites folder Items this user has added to the Favorites folder.
Local Settings\History folder Shortcuts to Web sites this user has viewed recently.
Local Settings\Temporary Internet Files folder Recently-viewed Web pages.
My Documents folder The files and folders that appear in this user's My Documents folder when the user is logged on. You can tell Windows to look in a different location for your My Documents folder: see "Modifying User Accounts" later in this chapter.
NetHood folder This user's network shortcuts, which appear in the My Network Places folder when the user is logged on.
PrintHood folder This user's shared printers.
Recent Documents folder Shortcuts to files this user has opened recently.
Send To folder Shortcuts to folders and devices that appear on the Send To menu when the user right-clicks a file or folder.
Start Menu folder The shortcuts and folders that Windows uses to display the Start and More Programs menus for this user.
Templates folder Template files for word processors and other programs, used when this user creates a new document.
Table 1: Information Stored in Local User Account Profiles

Domain-based LANs (that is, networks on which a Windows .NET Server stores all user information) offer roaming profiles that are stored on the server rather than on the user's computer. With roaming profiles, you can log on to any computer on the network and see your desktop and your files in My Documents. (See Windows .NET Server: The Complete Reference for more information.)

note If you upgrade to Windows XP from Windows NT and already had user profiles, they may still be where NT stores them, which is usually in C:\WinNT\Profiles.

What Configuration Settings Do Local User Accounts Have?

Local user accounts have a number of configuration options, as listed in Table 6-2. See "Modifying User Accounts" later in this chapter for how to change them.

Setting Description
Name User name that appears at the top of the Start menu and on the Welcome screen.
Picture Graphic file that appears on the Start menu and welcome screen next to the user's name.
Account type Administrator limited, or guest.
Password The password should be at least seven characters, and ideally longer. You can include lowercase letters, uppercase letters, numbers, and punctuation. Don't use names or words that appear in the dictionary.
Full Name Full name of the user.
Description Other text about the user.
User must change password at next logon When selected, forces the person to change the password when he next logs on. Changing passwords regularly protects the user account from being used by someone who discovered an old password.
User cannot change password When selected, prevents the person from changing the password. This option is useful for user accounts that are used by more than one person.
Password never expires When selected, allows the user to continue using the same password indefinitely.
Account is disabled When selected, no one can log on using this account. When someone won't use the computer for a while, disable the person's account. Don't delete it and make a new one later, because you'll need to redo all the user account's settings.
Account is locked out When someone has tried to log on with the wrong password too many times, this check box is selected. Clear the check box to enable the user to use this account again (and assign the person a new password!). See the section "Other Security Options" later in this chapter for how to configure account lockouts.
Member of Group(s) of which this user account is a member.
Profile path Pathname of the user account's profile. When blank, the path is C:\Document And Settings\username\.
Logon script Script (usually a batch file or Windows Script Hosting script) that Windows runs each time the user logs on. It also runs when Fast User Switching switches back to the user account. See Chapter 39 for how to write batch files and Chapter 40 for how to run other scripts..
Local path Pathname of the user account's home folder, if it is stored on the local computer (rather than on a network drive).
Connect xx to xx Shared folder name to use as the user account's home folder. In the first box, choose a drive letter, and in the second box, type a UNC network path (such as \\server\users\fred).
Table 2: Local User Account Settings

Can Windows XP Keep Files Private?

Windows Me/9x had no provision for users keeping files private from each other. Like Windows NT and 2000, Windows XP does, as long as three things are true:

Each user account has its own My Documents folder in which the user can store files. Other users can't open the folder to see the files. Choose Start | My Documents to see the contents of your My Documents folder.

Windows usually stores the My Documents folders for all local user accounts in the C:\Documents And Settings folder. When you create a password for your account, Windows asks if you want a private documents folder. If you click Yes, your My Documents folder can only be opened by you, and by administrative users. If you click No, anyone can open your My Documents folder. (If an administrator creates a new user account, Windows creates the private My Documents folder right away.)

When you are logged on, the C:\Documents And Settings\username\My Documents folder appears as the My Documents folder. Other user's folders also appear, with names like Zac's Documents and Jordan's Documents. If you try to open a private My Documents folder, Windows displays an error message instead.

You can change the location of your My Document's folder; see the section "Modifying User Accounts" later in this chapter. To control who has permission to use your My Documents folder--or other folders--see the section "Keeping Your Files Private" later in this chapter.

note In Windows 2000 and NT, each user had a home folder, which was similar to the My Documents folder. Windows XP provides each user with both a My Documents folder and a home folder, and you can control the location of both. Microsoft recommends using the My Documents folder rather than the home folder.

What Is Simple File Sharing?

Simple File Sharing is a new feature of Windows XP. When Simple File Sharing is enabled (which it is when you first install Windows) and when you share a drive or folder, you share that drive or folder with all user accounts on your computer. If you want to control who has access to drives and folders, you have to disable Simple File Sharing.

note You can't disable Simple File Sharing in Windows XP Home Edition, only in Windows XP Professional.

The advantage of leaving Simple File Sharing turned on is that you don't have to make a lot of choices when you decide to share files with other users of your computer, or with other people on your network (if your computer is connected to a local area network). However, if you want to be able to give access to some people but not to others, you need to turn Simple File Sharing off.

Follow these steps to change the Simple File Sharing setting on your computer:

  1. Run Windows Explorer (choose Start | My Computer, for example).
  2. Choose Tools | Folder Options to see the Folder Options dialog box.
  3. Click the View tab.
  4. Scroll to the bottom of the Advanced Settings box to find the Use Simple File Sharing check box, and select or deselect the check box.
  5. Click OK to close the dialog box.

The other requirement for granting permissions for files or folders to individual users is that the files or folders be stored on an NTFS disk or partition. When Simple File Sharing is disabled you see security options when you share a drive or folder, and the Properties dialog box for drives and folders includes a Security tab. However, the options you see depend on whether the drive that you are sharing is formatted with NTFS or FAT32.

What Are Permissions?

Permissions control what a user or group of users can do with a file, folder, printer, shared folder, or registry key. (See Chapter 14 for how to control who can use a printer; see Chapter 29 for how to share folders and printers on a network; and see Chapter 38 for information about the Registry.)

Windows supports permissions only if Simple File Sharing (described in the previous section) is disabled and if you files are stored on an NTFS drive. Table 6-3 lists the permissions you can set for folders, and Table 6-4 lists permissions for files. There are other permissions that are not frequently used except in domain-based networks. Each permission either allows or prevents users from performing the operation. To change the permissions for files and folders (assuming that you have permission yourself to do so), see the section "Keeping Your Files Private" later in this chapter.

Folder Permission Allows or Prevents This Operation
Change Permissions Modifying the permissions of the folder.
Create Files Creating new files in the folder.
Create Folders Creating subfolders within the folder.
Delete Deleting the folder.
Delete Subfolders and Files Deleting folders and files stored in the folder, even if you don't have permissions for the individual subfolders and files.
List Folder Viewing the names of the files and folders that the folder contains.
Read Attributes Viewing the attributes of the folder.
Read Permissions Reading the permissions of the folder.
Take Ownership Taking ownership of the folder away from its current owner.
Traverse Folder Opening the folder to navigate to its subfolders or parent folders.
Write Attributes Changing the attributes of the folder.
Table 3: Permissions for Folders
File Permission Allows or Prevents This Operation
Append Data Adding information to the end of the file, without changing the existing information.
Change Permissions Modifying the permissions of the file.
Delete Deleting the file.
Execute File Running the program contained in the file.
Read Attributes Viewing the attributes of the file.
Read Data Viewing the contents of the file.
Read Permissions Reading the permissions of the file.
Take Ownership Taking ownership of the file away from its current owner.
Write Attributes Changing the attributes of the file.
Write Data Modifying the contents of the file.
Table 4: Permissions for Files

If a file or folder is stored on an NTFS drive or partition, and if you have Simple File Sharing disabled, then the Properties dialog box for the file or folder includes a Security tab (as described in the section "Setting User Permissions for NTFS Drives" in Chapter 29). When you look at the Security tab of the Properties dialog box for a file or folder, you see the short list of permissions shown in Table 6-5. Each entry on the list represents a group of the permissions listed in Tables 6-3 and 6-4.

Permission Allows for Folders Allows for Files
Full Control All operations All operations
Modify Traverse and List Folder
Read and Write Attributes
Create Files and Folders
Read Permissions
Delete 		Execute File
Read, Write, and Append Data
Read and Write Attributes
Read Permissions
Delete
Read & Execute Traverse and List Folder
Read Attributes and Permissions 		Execute File
Read Data
Read Attributes and Permissions
Read List Folder
Read Attributes and Permissions 		Read Data
Read Attributes and Permissions
Write Create Files and Folders
Write Attributes
Read Permissions 		Write and Append Data
Write Attributes
Read Permissions
List Folder Contents Traverse and List Folder
Read Attributes
Read Permissions 		(Not applicable)
Table 5: Permissions Shown in Folder and File Properties Dialog Boxes

What Is Fast User Switching?

Fast User Switching is a new feature of Windows XP that allows you to switch from one user account to another without the first user logging off. For example, a user named Jordan might be running Outlook Express and Microsoft Access. Another user named Meg needs to check her mail and asks to use the computer. Fast User Switching lets Jordan step aside and Meg switch the computer to her user account. Jordan's programs are on hold until Meg is done using the computer. When Jordan switches back to his account, his programs are just where he left them.

Fast User Switching is enabled by default if your Windows system has at least 64MB of RAM. With less RAM, the system doesn't have enough space to store one user's environment, including its running programs and open files, while another user is active.

note You can't use Fast User Switching if your computer is part of a domain (that is, connected to a domain-based LAN). You also can't use it if you use the Classic logon screen instead of the Welcome screen for logging on.

PreviousChapterContentsGlossaryNext