If a Standard user forgets their password, they need to get an Administrator user to create a new password for them or remove the password from the account. That’s easy enough – but if there’s no Administrator user around, it could prove a big waste of time. And the user loses any personal certificates and passwords they have stored. If any Administrator user forgets their password, they’ll need to have another Administrator user create a new password for them because they won’t be able to log on to their own account. That too is easy enough – provided that there’s another Administrator user and that they’re handy. Again, though, those personal certificates and passwords go overboard. But if all available Administrator users forget their passwords, you may need to reinstall Windows to get it working again. To avoid these problems, each Administrator and Standard user should create a password reset disk. Each user can do this only for their own account. You can use either a floppy disk or a remov- able memory card for example, a CompactFlash card or an SD card.
To create a password reset disk, follow these steps:
1. Click the Start button, and then click your picture at the top of the Start menu. Windows opens the User Accounts window.
2. In the left panel, click the Prepare for a Forgotten Password link. Windows launches the Forgotten Password Wizard, which displays the Welcome to the Forgotten Password Wizard page.
3. Click the Next button. The wizard displays the Create a Password Reset Disk page which lets you choose which drive to use.
4. Choose the drive in the drop-down list. If you choose to use your computer’s floppy drive, insert a blank, formatted disk.
• If you have multiple floppy drives, choose the option button for the one you put the floppy in.
• The floppy doesn’t actually have to be blank. The wizard creates only one file, USERKEY.PSW, which is typically only a couple of kilobytes large. So unless the floppy is completely full, the file will usually fit. Even so, it’s a good idea to use a blank disk that you’re not using for other purposes.
5.Click the Next button. The wizard displays the Current User Account Password page.
6. Type your password in the Current User Account Password text box.
7. Click the Next button. The wizard displays the Creating Password Reset Disk page asking you to wait while it creates the disk. When it has finished, it makes the Next button available.
8. Click the Next button. The wizard displays the Completing the Forgotten Password Wizard page.
9. Click the Finish button. The wizard closes itself. Remove the disk, label it, and put it somewhere safe; anyone who can access this disk can use it to get into your user account. You can’t create another password reset disk without invalidating this disk, so don’t try making multiple disks – only the last one will work.
This disk doesn’t store your password as such. Instead, it stores encrypted information that enables you to create a new password.
To use the password reset disk, take the following steps:
1. When you get stuck at the Welcome screen and can’t remember your password, insert the disk.
2. Click the green arrow button without entering your password. Windows tells you that “the user name or password is incorrect.”
3. Click the OK button. Windows displays the Reset Password link under the Password text box on the logon screen.
4. Click the Reset Password link. Windows starts the Password Reset Wizard, which displays its Welcome page.
5. Click the Next button. The wizard displays the Insert the Password Reset Disk page.
6. Insert the disk, specify the drive if necessary, and click the Next button. The wizard displays the Reset the User Account Password page.
7. Enter your new password twice, and enter a hint if you think it wise.
8. Click the Next button. The wizard displays the Completing the Password Reset Wizard page.
9. Click the Finish button. The wizard closes itself and returns you to the logon screen.
10. Log on using the new password. Remove the password reset disk and put it away somewhere safe. You don’t need to update it.
Removing a Windows Live ID from an Account
Many of Windows’s communications features such as Windows Live Messenger’s text, audio, and video messaging capabilities require you to have and use a Windows Live ID, a digital persona that’s used to identify you online. When you tell Windows Live Messenger or another program to store your Windows Live ID, Windows saves the ID inside your user account. You may sometimes need to remove a Windows Live ID from your user account – for example, so that you can use another ID instead. To remove a Windows Live ID from your user account, take the following steps:
1. Close Windows Live Messenger and any other programs that use your Windows Live ID.
2. Click the Start button, and then click your picture at the top of the Start menu. Windows opens the User Accounts window.
3. In the left panel, click the Manage Your Network Passwords link. Windows displays the Stored User Names and Passwords dialog box .
4. Click the username in the list box, and then click the Remove button. Windows displays the dialog box shown next.
5.Click the OK button. Windows removes the username and password.
6. Click the Close button to close the Stored User Names and Passwords dialog box.
Using the Guest Account, Automatic Logon, and Secure Logon
If you want your computer to be moderately secure, it’s a good idea to leave the Guest account turned off until you need it. You may also sometimes need to make a particular user account log on automatically when Windows starts, or ensure that users press the Ctrl+Alt+Delete security keystroke before logging on. This section shows you how to do these three things.
Turning On and Off the Guest Account
In a family setting, the Guest account can be a good idea, particularly if nobody keeps private or secret information on the computer. In an office, dorm, or just about any other setting, the Guest account is a bad idea because it compromises the security of your computer. The Guest account is more limited in what it can do than Administrator accounts and Standard accounts, but even so, it has the potential to cause trouble, either with local files or via a network or Internet connection. The Guest account is disabled by default in Windows Vista Home. To turn on the Guest account, follow these steps:
1. Choose Start Control Panel. Windows displays Control Panel.
2. If Control Panel is in Classic view, click the Control Panel Home link to switch to Control Panel Home view.
3. In the User Accounts and Family Safety list, click the Add or Remove User Accounts link, and then authenticate yourself to User Account Control. Windows displays the Manage Accounts window.
4.Click the Guest link. Windows displays the Do You Want to Turn On the Guest Account? screen shown here.
5. Click the Turn On button. Windows turns on the Guest account and displays the Manage Accounts window again.
To disable the Guest account, click the Guest link in the User Accounts window. Windows displays the What Do You Want to Change about the Guest Account? window. Click the Turn Off the Guest Account link.
Implementing and Preventing Automatic Logons
Sometimes, you may need to make Windows automatically log on a particular user when you start the computer. Having a user logged on automatically can be useful when multiple people need to share a user identity that you want to have available all the time. For example, some institutions such as libraries use this capability for their public terminals.
Suppressing the Automatic Logon
When you’ve set up a computer to log on a user automatically, you can suppress the automatic logon by holding down the Shift key while the computer is starting up. Windows displays the Welcome screen as usual.
Implementing an Automatic Logon
To implement an automatic logon, take the following steps:
1. Press Windows Key+R. Windows displays the Run dialog box.
2. Type control userpasswords2 in the Open text box, click the OK button, and then authenticate yourself to User Account Control. Windows displays the User Accounts dialog box, with the Users page foremost.
3. Clear the Users Must Enter a User Name and Password to Use This Computer check box.
4.Click the OK button. Windows displays the Automatically Log On dialog box shown next.
5. Enter the username and password twice, and then click the OK button. Windows closes the Automatically Log On dialog box and the User Accounts dialog box and sets the specified user account to automatically log on. Windows doesn’t verify the password when you enter it, so it’s possible to enter the wrong one. For this reason, it’s a good idea to test straightaway that the automatic logon works.
Preventing Automatic Logons
If your computer is set up to automatically log on a user, you can prevent it from doing so by displaying the User Accounts dialog box as described in the previous section, selecting the Users Must Enter a User Name and Password to Use This Computer check box, and then clicking the OK button. Incidentally, that check box is poorly named, because it implies that when the check box is selected, each user must use a password. That’s not the case. The check box means that Windows isn’t set up to log on one particular user automatically.
Forcing Users to Press Ctrl+Alt+Delete When Logging On
For security, you can force users to press the Ctrl+Alt+Delete key combination in order to bring up the Welcome screen so that they can log on. To do so, select the Require Users to Press Ctrl+Alt+Delete check box in the Secure Logon group box on the Advanced page of the User Accounts dialog box . The advantage of pressing Ctrl+Alt+Delete which is also known as the Vulcan Nerve Pinch, the Triple Bucky, and other humorous names is that it sends an interrupt to Windows that causes Windows to display the Welcome screen. This interrupt helps to ensure that a malicious hacker can’t create a fake Welcome screen that would capture the user’s username and password rather than or as well as logging them on.
Performing Other Management Actions from the User Accounts Dialog Box
The User Accounts dialog box offers various options for managing user accounts. Most of these options are functional, but you’re usually better off using the user-management tools in Control Panel, which usher you through each account-management process and steer you toward the choices likely to be most suitable for normal needs. Here are brief notes on what you can do – and why you shouldn’t:
Add Click the Add button and use the Add New User Wizard to specify the user’s name, description, and password. You also specify the group to which the user belongs. Standard users belong to the Users group, and Administrators belong to the Administrators group, but beyond these groups there are other groups such as Debugger Users or Performance Monitor Users that the User Accounts tool doesn’t offer. However, you run the risk of creating users that do not appear on the Welcome screen or in the User Accounts tool. Normally, it’s best to use the User Accounts tool to create new user accounts.
Remove Click the user account you want to remove, and then click the Remove button to remove it. This method of deleting an account doesn’t let you save the user’s files the way the User Accounts tool does.
Properties Click the Properties button to display the Properties dialog box for the selected user. On the General page of the Properties dialog box, you can change the user’s username the name that appears on the Welcome screen and most places in the user interface, assign a full name, and assign a description. On the Group Membership page of the Properties dialog box, you can change the group to which the user belongs. As with Add, assigning a user to any group other than those the User Accounts tool lets you use may make the user account disappear from the Welcome screen and the User Accounts tool.
Reset Password You can reset the selected user’s password by clicking the Reset Password button, entering the new password in the Reset Password dialog box, and clicking the OK button. To reset your own password, you must press Ctrl+Alt+Delete, which takes you to a Welcome-like screen. On it, click the Change a Password link, enter your old password and new password twice, and then press Enter. Click the OK button to resume your session.
Advanced User Management If you look at the Advanced User Management group box on the Advanced page of the User Accounts dialog box, you’ll see it says “Local Users and Groups can be used to perform advanced user management tasks.” But if you click the Advanced button, you’ll find that the word “can” there should really have been “can’t,” because Microsoft has chosen to disable the Local Users and Groups snap-in for Microsoft Management Console in Windows Vist
Using the netuserand netlocalgroupCommands
In Windows XP, you could perform some advanced administration by opening a command-prompt window and using the net user and net localgroup commands. For example, by using the net user command, you could limit a user to logging on during certain hours for example, Monday to Friday, 6 AM to 6 PM or even deactivate their user account temporarily. By using the net localgroup command, you could create custom user groups.
Windows Vista severely restricts what you can do with these commands. You can run the net user command with a user’s name for example, net user chris or net user “John Adams” – use quotes around any name that contains a space to display a screenful of details on what the user may do, including nuggets of useful information such as when the user last set their password. And you can run the net localgroup command to see which groups the computer knows just type net localgroup and press Enter or to see who the members of a group are for example, type net localgroup administrators to see who the Administrators group contains. But that’s about all. To implement restrictions on a user, use Parental Controls instead, as discussed in a moment.
Turning On or Off User Account Control
Windows Vista comes with the User Account Control feature enabled, so that each time a program asks to change a potentially sensitive part of Windows, you receive a notification. User Account Control is usually helpful, but you may sometimes want to disable it – for example, if you are performing some complex administrative tasks that seem to summon a User Account Control dialog box every other minute. To turn off User Account Control, follow these steps:
1. Close all the programs you’re running. You’ll need to restart Windows to apply the change.
2.Click the Start button, and then click your picture at the top of the Start menu. Windows opens the User Accounts window.
3. Click the Turn User Account Control On or Off link, and then authenticate yourself to User Account Control. Windows displays the Turn User Account Control On or Off window .
4. Clear the Use User Account Control UAC to Help Protect Your Computer check box.
5. Click the OK button. Windows warns you that will need to restart your computer to apply the changes, as shown here.
6. Click the Restart Now button if you want to restart Windows now. Otherwise, click the Restart Later button, and then restart Windows when you’re ready.