How to create and configure user accounts in

Windows XP

Note: This tool is not available on a computer that is a member of a Domain.

You can create separate accounts for each person that will be using the computer. This allows each user
to have their own document folders and settings such as the wallpaper, Start menu, visual style, and so
forth. You can create and configure user accounts with the User Accounts tool in Control Panel.

To open the User Accounts tool, open Control Panel from the Start menu, and then double click User
Accounts.

To Create a New User Account

A Windows account will only work on the computer it is created on. If you want to use a
different computer, you will have to set up a Windows account on that computer.

There are two types of Windows XP user accounts. Computer Administrators can change all
computer settings (for example, installing software and creating new user accounts). Limited
users can only modify the passwords for their own user accounts.

If you want to use another person's Windows XP computer: Someone with a Computer
Administrator account on the computer will have to create an account for you.

1
Setting Up a Windows XP User Account

1. Click the Start button, then click Control Panel.

2. Click User Accounts.

3. Click Create a New Account.

4. To name your user account, type in your Novell user name. Click the Next button.

2
 5. There are two types of Windows XP user accounts:
 Computer administrators can change all computer settings (for example, installing
software and creating new user accounts).
 Limited users can only modify the passwords for their own user accounts.

To pick an account type, click either Computer Administrator or Limited. Click the
Create Account button.

6. You will be sent back to the User Accounts window where your new account will appear.

To Make Changes to an Account

1. Click Change an account in the Pick a task list box.
2. Click the account that you want to change.
3. Select the item that you would like to change:
o Click Change the name to change the name that appears on the Welcome screen for the
account.

3
 o Click Change the picture to change the picture that is used to represent the user
account. You can use any image file on the computer for the user's picture.
o Click Change the account type to change the account type to increase or decrease the
user's rights on the computer.
o Click Create/change the password to create or change the password for the user and
create or change the password hint.
o Click Delete the account to delete the user account from the computer. When you
delete the account, you are given the option to save the user's files on the computer.

Note: You can not delete the account for a user that is currently logged on to the
computer.

How to create a new user account in Windows

7 and Windows Vista

Windows 7 and Windows Vista allows you to have multiple users sharing the same computer
under their own individual accounts. This allows each individual user to have their own location
on the computer where they can store their personal documents, pictures, videos, saved games,
and other personal data. This also allows the owner of the computer to assign certain accounts
the ability to perform administrative tasks like installing software, while limiting other user's
abilities.

This tutorial will walk you through creating a new account in Windows 7 and Windows Vista.

1. Click on the Start button. This is the small round button ( ) in the lower left corner of
your screen that has a Windows flag on it.

2. Click on the Control Panel menu option.

3. When the control panel opens you will see a screen similar to Figure 1 below.

4
 Figure 1. Windows 7 Control Panel

4. Click on the Add or remove user accounts control panel option as shown by the red
arrow in figure 1.

5. You will now be in the Manage Accounts control panel as shown in Figure 2 below.

Figure 2. Manage Accounts screen in Windows 7

5
 This screen shows all the accounts currently on your computer. To create a new account,
click on the Create a new account option as shown by the red arrow above.

6. You will now be at the Create New Account screen.

Figure 3. Create New Account screen

In the New account name field enter the name of the new account that you would like to
create. This could be a person's first name, full name, or whatever other designation you
would like to give. You then need to decide which of the two types of accounts you
would like to create. An Administrator account has full access to the computer and can
make all changes, install software, and create and delete accounts. The other type of
account is Standard user and has limited privileges as to what settings and changes it can
make to the computer. It is suggested that for all users, you set them as a Standard User
account and have one administrator account that you can logon to as needed. This will
protect your computer from malware and other harmful activities.

When you have finished selecting a name and the type of account you wish to setup, you
should click on the Create Account button.

7. Your new account will have been created and you will see it listed in the Manage
Accounts screen.

6
 Figure 4. New user has been created

As you can see our new user, named Test Account, has been created.

Now when you start Windows 7 or Vista, you will see the additional account listed in the logon
screen. That user can then select their login name and login into their profile so they can access
their private data.

User accounts in Windows Vista

In case the computer is used by multiple persons, it is very useful to create multiple user
accounts. Each user has his or her own preferred settings, documents, e-mail accounts, contacts,
calendar, internet bookmarks (favorites) and probably wants to be logged in with an instant
messaging program. For every newly created user account, all the preferred settings have to be
applied, which is not very efficient. Think about all the Windows settings, which are enough for

7
half an hour clicking! That's why this page describes how to setup multiple user accounts as
efficient as possible.

Creating and setting up a user account

Changing the account specific settings (like the shown name, the picture, the password, the
account type and parental control) can be changed by the item User Accounts of the Control
Panel. Creating a new user account is done with the option Manage another account, option
Create a new account. The new user account can be setup as a Standard user (an account with
limited privileges to change essential system settings) or as an Administrator (an account with
complete access to almost all settings). If it is not necessary that the user has to make any system
changes, it is wise to create a standard user account with limited rights instead of an
administrator account with full control. Because the rights of a standard user are actually too
limited, it is wise to start with an administrator account and change the account type afterwards
to a standard user (or don't use the standard user at all...).

TIP: Be aware that it is still possible to do administrator tasks within a standard user account,
but only when the username and password of an administrator account is known. If a task needs
administrator rights, the user will be asked to enter the username and password of an
administrator account (if this is not the case, right click the task/program and select Run as
administrator).

USE SHORT ACCOUNT NAMES

At the moment of creating a user account, it is better not to use any spaces in the account
name. This can be confusing for some older programs. Afterwards, when the user
account has been set up, it is still possible to change the shown account name (for
example into a first and last name). After the change of the name, the first given account
name will still be used internally.

MANAGE PASSWORDS

If one user account is used by multiple persons, it will eventually happen that multiple
passwords are stored for one and the same application. Sometimes this can be annoying,
especially when Live Messenger has been used by someone else and logs on
automatically. These passwords can be removed with the command control
userpasswords2 used in the Start Search area of the start menu. Use the button
Manage Passwords on het tab Advanced to remove the stored passwords which cause
Windows to logon automatically.

8
Skipping the welcome screen

If there are multiple user accounts, a welcome screen is shown at start-up of Windows, but
sometimes it is practical if one of the user accounts is logged on automatically (without showing
the welcome screen). Especially when the other user accounts are barely used, this can be very
useful. To accomplish the automatic logon, use the command control userpasswords2 in the
Start Search area of the start menu, tab Users and deactivate the option Users must enter a
user name and password to use this computer. In the next window, specify the user account
name and the password of the account to be logged on automatically.

User Account Control and Run as administrator

In Windows Vista, all accounts are subject to additional security measures known under the
name User Account Control (UAC). UAC makes sure that for every essential change in the
system settings has to be confirmed twice: once by clicking a message from the program itself

9
and once by clicking a message of User Account Control. If this behavior becomes irritating or
causes troubles, UAC can be deactivated with the option Turn User Account Control on or off
in the item User Accounts in the Control Panel. The page about User Account Control has more
information about limiting the number of UAC messages without completely deactivating User
Account Control.

By default, an administrator account does not start with the additional administrator rights. If
needed, the administrator rights can be activated by right clicking a program and to chose for
Run as administrator. If a program needs these administrator rights to function properly, then it
is possible to start the program with these rights by default. This is done by right clicking the
shortcut or program and chose for Properties, tab Shortcut, button Advanced and to activate
the option Run as administrator (if available).

WHAT IF THE LIMITED RIGHTS ARE TOO LIMITED?

It happens frequently that a standard user is not able to apply certain necessary changes
because the rights are too limited. If it is a onetime issue, the account could be changed
to an administrator account temporarily, but that is not a perfect solution. A better
method is to give the user account additional rights for files and registry keys to give
them access without switching the account to an administrator account.

10
 The Sysinternals tool Process Monitor (download: www.microsoft.com) can be used to
find out which files or registry keys are causing the problem. This tool monitors the
requested files and registry keys after the command Capture Events has been given. The
next step is to add permissions to those files and registry keys within an administrator
account. These settings are available by right clicking the registry key, option
Permissions, tab Security. Change the permissions of the user account to Full Control
for the registry key (use the button Add if the user name is not yet available). When Full
Control is activated, the user account is allowed to make any changes to the registry key.
Changing the permissions of files and folders works similar. The permissions are
available by right clicking a file or folder, option Properties, tab Security.

APPLYING EXTREME USER ACCOUNT LIMITATIONS

To prevent users from making undesired changes to the operating system, it is wise to
apply account limitations. Windows SteadyState (download:
www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx) is a very
useful tool for this purpose because it restores all changes to the default settings after
rebooting Windows.

Personal documents and settings for every user account

The personal documents and settings are stored in the folder C:\Users which contains subfolders
for every user account (this folder is similar to the folder Documents and Settings of Windows
XP). For every new user, a new subfolder is created automatically, to store the personal
documents and settings. The content of this subfolder is shown in the following snapshot of the
Windows Explorer (enable the option Show hidden files and folders in the folder options of the
Windows Explorer to view the hidden folder):

11
The folder is divided in subfolders for personal data like Contacts, Desktop, Documents,
Downloads, Favorites (for the Internet Explorer), Music, Pictures, Saved Games, Videos and
the important folder AppData with personal Windows and software settings. The stored data and
settings in the folder C:/Users/loginname are only available for the user they are created for (but
with the right permissions also accessible by other administrator accounts). This folder also
contains some hidden symbolic hyperlinks which have the purpose to automatically forward
requests to the old Windows XP folder locations to the new Windows Vista locations.

THE COMMAND NET USER

If it is not possible to create or remove a certain user account try the command NET
USER in the command prompt with additional administrator rights. Right click the
shortcut to the Command Prompt (start menu, All Programs, Accessories) and select

12
 Run as administrator to start the command prompt with administrator rights. The
command NET USER shows a list of all available user accounts. To create a user
account, use the command NET USER loginname /ADD and to delete a user account,
use the command NET USER loginname /DELETE. Especially the last command to
delete a user account can be useful. Use the command NET HELP to view all options of
the command NET.

Copying documents and settings to another account

Copying Windows settings from one account to another is not that difficult. Go to start, All
Programs, Accessories, System Tools, Windows Easy Transfer, Click Next and select Start a
new transfer, My old computer, Use a CD, DVD or other removable media and External
hard disk or to a network location. The default location is C:\from
_old_computer\SaveData.MIG and does not have to be changed. Click Next, select My user
account, files and settings only, if needed change the selection and start the transfer.

Restoring the saved settings and files to the new user account is similar: start Windows Easy
Transfer (which can be done in the same user account as it has been created in), click Next and
select Continue a transfer in progress, No, I've copied files and settings to a CD, DVD, or
other removable media, On an external hard disk or network location, and select
C:\from_old_computer\SaveData.IMG. Click Next, select the newly created user account (in
this case an account which does not have the same name!), click Next and Transfer. When the
transfer has ended, log of the current logged on account and logon to the new account. There will
still be some settings to apply but most of them are already done which saves a lot of time
applying the same settings to multiple user accounts. The last step is to delete the folder
C:\from_old_computer.

TIP: Double clicking the file SaveData.IMG saves time running the wizard.

Documents and settings for all user accounts

The folder Public (in Windows XP known as All Users) contains documents and settings which
apply to all users. For example, if there is a shortcut available in the subfolder Desktop of the
folder Public, it will be shown on the desktop of all user accounts (the same applies to the folder
Favorites). If certain settings or files apply to all users accounts, it is preferred to change the
content of the folder Public (if possible) instead of changing all user accounts individually. Files
which have to be available by all users can be stored in the subfolders Public Documents,
Public Downloads, Public Music, Public Pictures or Public Videos. The folder containing the
Start menu shortcuts which apply to all users has been moved (compared to Windows XP) to the
folder C:\ProgramData\Microsoft\Windows\Start Menu.

Default settings for a new user account

The subfolder Default (in Windows XP known as Default User) contains the default settings for
a new user account. Make changes to this folder to make sure that the desired settings are applied

13
to a newly created account. The more user accounts have to be created, the more time is saved by
setting up the new accounts.

Moving the personal data to a new location

By default the personal files (like documents, pictures, music, videos, e-mail, contacts) are stored
between the operating system files on the Windows partition. This is not the most practical
situation, therefore it is better to save the personal files separately on a data partition. By creating
a personal folder for each user account on this data partition (like D:\Menno), the personal files
can be stored without losing the overview. This has additional advantages (especially when
Windows won't boot anymore), like being able to create a back-up of the personal files
automatically and/or to safely restore an image of the operating system.

Log in with the user account and use the Windows Explorer to open the folder
C:\Users\loginname. Right click the subfolder Documents and select Properties, tab Location.
Click the button Move, select the folder D:\loginname\Documents and click Apply to move the
content of the folder Documents to the new location. Be careful not to select a partition to move
the documents, this is hard to repair (the following option is most safe if you have moved the
documents folder to a partition: create a new user account, move your data to that account and
remove the old account).

In a similar way (right clicking the folder, option Properties, tab Location), the personal folders
for Desktop, Contacts, Downloads, Favorites, Music, Pictures, Videos en Saved Games can
be moved to subfolders of D:\loginname (first create new subfolders for each of them). In the
example below all personal folders have been moved to the D: partition (in this example the
folders for Mail and Calendar have been created as well):

14
TIP: Although it is preferred to use the tab Location to move the personal folders, it is also
possible to move them by cut and paste into the folder D:\loginname using the Windows
Explorer. This procedure is more efficient because multiple folders can be moved at once by
selecting them. After moving these folders using cut and paste, there will still be folders left on
the original location which can be deleted safely.

Change permissions of the personal folder to Full Control

Probably the user account has not been assigned the permission Full Control to the created
folder D:\loginname. If this is the case, the user has not the full control over the created
subfolders with personal data which will cause problems saving data (for example adding a
website address to the list of favorites will cause an error). This problem is solved by giving the
user account the permissions of full control of the folder D:\loginname and its subfolders. This is
done by right clicking this folder and choosing for the option Properties, tab Security, button
Edit, button Add. Enter the name of the user account, click the button Check names to make
sure the name is correctly spelled and finish with OK. The next step is to give this user Full
Control by activating this option in the column Allow.

Moving the Windows Mail and Windows Calendar databases

The next step is to move the Windows Mail and Windows Calendar databases to folders like
D:\loginname\Mail and D:\loginname\Calendar. Changing the Windows Mail database
location is easy by Tools, Options, tab Advanced, button Maintenance, button Store Folder,
button Change (for example D:\loginname\Mail, use the button Make New Folder). Moving
the Windows Calendar database (stored in the file loginname's Calendar.ics) is more
complicated, therefore it is necessary to create a symbolic link with the command MKLINK.
Visit the page about Windows Mail and Windows Calendar how moving the Windows Mail
and Windows Calendar databases is done in more detail.

15
TIP: In the example above, the folders D:\Menno, D:\Menno\Calendar and D:\Menno\Mail
have a special folder icon. Changing the default icon is done by right clicking the folder,
Properties, tab Customize, button Change Icon. Browse other files containing icons if you
would like to have more icons to choose from.

CHANGING THE WINDOWS LIVE MAIL DATABASE

LOCATION
The Windows Live Mail database can be moved to a different location by Tools (use the
ALT-key), Options, tab Advanced, button Maintenance, button Store Folder.

CHANGING THE MICROSOFT OUTLOOK DATABASE

LOCATION
To change the location of the Microsoft Outlook database, the file OUTLOOK.PST
has to be moved to the desired location first. If automatic archiving is enabled, it is also
necessary to move the file ARCHIVE.PST. By default, Windows Vista stores these files
in the folder C:\Users\loginname\AppData\Local\Microsoft\Outlook. The page about
Microsoft Outlook describes in detail how to change the storage location of these PST
files.

16
Changing the storage location of the personal
folders

By default, the personal files (documents, pictures, music, videos, e-mail archive, contacts, e.g.)
are stored on the Windows partition, next to the system files. As you can imagine, this is not the
most practical storage location... That's why I prefer to separate the personal files (like
documents, pictures, videos, e-mail, contacts e.g.) from the system files by moving them to
another storage location (a special data partition). It is important to move the files the right way,
to make sure Windows is aware of the change and will use the new storage location in future.
For that reason, this page not only describes which personal files can be moved to the data
partition, but also how it is done properly!

LET OP: Although it can be done differently, this page assumes that the new storage location is
a separate data partition with the disk letter D:. Furthermore it is assumed that Windows is
installed (as usual) on a partition with the disk letter C:.

The advantages of a data partition

By creating a personal folder on the data partition for each user account (like D:\Menno), it
becomes easy to keep the overview. It becomes even very easy to back-up the personal files
automatically and because the other partition keeps untouched by reinstalling Windows (possibly
by using a system image), the files are stored safely. Especially when Windows won't boot
anymore, it is nice to have quick access to the data partition!

The page about partitioning the hard disk describes how to create additional partitions in the case
Windows has to be reinstalled. If a reinstall of Windows is not desirable, resizing the Windows
partition to create free space for a data partition (by using the Windows Disk Manager) is an
option as well.

TIP: Another option is to create a data partition for each user account. This setup has the
disadvantage of less efficient use of the available space...

How to let Windows know what the new storage location is

If moving the personal files is done the right way, the settings for the used storage location are
changed automatically. However, in some cases a manual change is needed, for example by
changing a registry value...

17
ATTENTION: Move the folders for storing the personal files as quickly as possible after
(re)installing Windows, if possible before additional software is installed. If a personal folder is
moved and the program isn't aware of the new location (which does not happen frequently), then
it is logical that the program can't find the files anymore...

UNHIDING THE FILES

By default, the most files which are discussed here are hidden in the Windows Explorer
because they are system or hidden files. For Windows XP, thes files can be shown by
changing the following setting in the Windows Explorer (Tools, Folder Options, tab
View):

 Enable Display the content of system folders

 Enable Show hidden files and folders.
 Disable Hide extensions for known file types (for example it is nice to know if a picture
is JPG-, GIF- and BMP).
 Disable Hide protected operating system files.

Within Windows Vista, the following settings can be changed (by the button Organize
in the menu bar of the Windows Explorer, Folder and Search Options, tab View):

 Enable the option Hide protected operating system files (Recommended).

 Disable Hide extensions for known file types (for example it is nice to know if a picture
is JPG-, GIF- and BMP).
 Enable the option Show hidden files and folders.

Moving the personal files and folders (XP)

This part explains how to change the default storage locations of the personal files and folders in
Windows XP. Changing the default storage location of the personal folders can only be done
when the specific user account is logged on, therefore the procedures below have to be done for
each user account separately!

The My Documents folder

First create a personal folder on the data partition for the logged on user account and a subfolder
named Documents (e.g. D:\Menno\Documents). Then move the folder My Documents

18
(C:\Documents and Settings\loginname\My Documents) within the Windows Explorer to the
new subfolder by right clicking the original folder (My Documents, at the left top of the
Windows Explorer), Properties, tab Target, button Move, navigate to the newly created
subfolder on the data partition and click OK.

By clicking the button Apply all documents and subfolders (like the folders My Pictures, My
Music) are automaticaaly moved from the folder My Documents to the new folfder. At the same
time Windows is informed about the new location, to make it the new default storage location.

TIP: The icon of the folders Mail and Addressbook in the example abover are changed by right
clicking the folder, select Properties, tab Customize, button Change Icon and to navigate to the
icon. Almost every executable file has these icons, if needed select a different file (e.g. the
program which uses the folder).

19
Outlook Express

By default, Outlook Express stores the database in the folder C:\Documents and
Settings\loginname\Local Settings\Application Data\Identities\{....}\Outlook Express. This
folder contains multiple DBX-files to store the received and send e-mail. First, create a subfolder
on the data partition (e.g. D:\loginname\Mail). The next step is to change the storage location
from within Outlook Express, this is done by Tools, Options, tab Maintenance, button Store
Folder, button Change, navigate to the new folder and confirm with the button OK. After
restarting Outlook Express, the original e-mail archive is automatically moved to the new
location.

ATTENTION: To make sure you won't loose any e-mail, first back-up the original DBX files
before changing the storage location! In case the e-mail is lost, the original DBX files can still be
copied to the new location (by using the Windows Explorer)...

Windows Address book

Moving the Windows Addressbook (by default stored in C:\Documents and

Settings\loginname\Application Data\Microsoft\Address Book\loginname.wab) needs some
more effort: a registry change is needed. Create a subfolder using the Windows Explorer on the
data partition (e.g. D:\loginname\Addressbook). Move the WAB file by cut (CTRL-X) and
paste (CTRL-V) to this folder. Use the Windows Explorer search feature (Start, Search and
search for '*.WAB') in case this file can not be found on the location above. Finally open the
registry-editor, search for '.WAB' (press CTRL-F to start the search, press F3 until the registry
value for the storage location is found) and change the registry value which stores the storage
location of the address book.

TIP: This registry tweak can be down automatically with the tool OE Tweaker (download) as
well.

Favorites (Internet Explorer)

Changing the storage location of the folder Favorites (used by Internet Explorer, by default on
the location C:\Documents and Settings\loginname\Favorites) is done by just cutting (CTRL-
X) and pasting (CTRL-V) it to the new location (e.g. D:\loginname). The needed registry
change is done automatically, and Internet Explorer will find the new storage location the next
time it is started. Can't be done more easily!

RSS-feeds (Internet Explorer)

20
Changing the storage location of the folder with RSS-feeds (used by Internet Explorer, by default
stored on the location C:\Documents and Settings\loginname\Local Settings\Application
Data\Microsoft\Feeds) can be moved by cutting (CTRL-X) and pasting (CTRL-V) to the new
location (e.g. D:\loginname\) as well.

However, the default storage location of the RSS-feeds can not be changed. To let Internet
Explorer use the new location, symbolic link (a symlink: on the original location a sort of
shortcut is placed to the new location) must be used. The symbolic link can be created by using
the Sysinternals-tool Junction (download: http://technet.microsoft.com/en-
us/sysinternals/bb896768.aspx). Use the following Junction-command in the command console
to create a symbolic link to the folder Feeds:

JUNCTION -s "%USERPROFILE%\Local Settings\Application

Data\Microsoft\Feeds" "D:\loginname\Feeds"

Moving the personal files and folders (Vista)

This part explains how to change the default storage locations of the personal files and folders in
Windows Vista. Changing the default storage location of the personal folders can only be done
when the specific user account is logged on, therefore the procedures below have to be done for
each user account separately!

The Documents folder

First create a personal folder on the data partition for the logged on user account and a subfolder
named Documents (e.g. D:\Menno\Documents). Then move the folder Documents
(C:\Users\loginname\Documents) within the Windows Explorer to the new subfolder by right
clicking the original folder, select Properties, tab Location, button Move, navigate to the newly
created subfolder on the data partition and click Apply.

21
ATTENTION: Always select a folder and never a partition! Changing the storage location to a
partition is very hard to undo. If you did select a partition by accident, it is even easier to create a
new user account and to transfer the data and settings...

The other subfolders of C:\Users\loginname can be moved as well (like the folders Desktop,
Contacts, Downloads, Favorites, Music, Pictures, Videos and Saved Games; the folders
Links and Searches are less important). For every folder which has to be moved, create a
subfolder of D:\loginname. The original folders (files included) can be moved to the new
location by Properties, tab Location. Windows will be informed about the change
automatically, so no further action needed.

22
TIP: Although the official method is preferred (by using the tab Location, as described above),
moving the data can also be done just by cutting the folders (CTRL-X) and to past them on the
desired location (CTRL-V). This is far more efficient, because they can all be selected and
moved at the same time (by using this method, there is no need to create the subolders on the
new location first and to move the folders manually by using the tab Location). The remaining
folders (with the default color yellow) can be deleted safely.

TIP: The icon of the folders Mail and Calendar in the example abover are changed by rigth
clicking the folder, Properties, tab Customize, button Change Icon and to navigate to the icon.
Almost every executable file has these icons, if needed select a different file (e.g. the program
which uses the folder).

Windows Mail

By default, Windows Mail stores the database in the folder

C:\Users\loginname\AppData\Local\Microsoft\Windows Mail. This folder contains multiple
folders to store the received and send e-mail. First, create a subfolder on the data partition (e.g.
D:\loginname\Mail). The next step is to change the storage location from within Windows
Mail, this is done by Tools, Options, tab Maintenance, button Store Folder, button Change,
navigate to the new folder and confirm with the button OK (confirm 3 times). After restarting
Windows Mail, the original e-mail archive is automatically moved to the new location. The next
step is to delete the files and folders on the original location (using the Windows Explorer).
Make sure the storagelocation is changed correctly and the e-mail is available before deleting the
files!

23
Windows Calendar

The Windows Calendar database (C:\Users\loginname\AppData\Local\Microsoft\Windows

Calendar\Calendars\loginname's Celendar.ics) can be moved using the Windows Explorer.
First create a subfolder on the data partition (e.g. D:\loginname\Calendar) and move the file
loginname's Calendar.ics by cut (CTRL-X) and paste (CTRL-V) to the new location.

The next step is to inform Windows Calendar about the new storage location, therefore a
symbolic link needs to be created (a symlink: on the original location a sort of shortcut is placed
to the new location). Go to Start, All Programs, Accessories, right click Command Prompt
and select Run as administrator and give the following MKLINK command (all at one line):

MKLINK "C:\Users\loginname\AppData\Local\Microsoft\Windows
Calendar\Calendars\loginname's Calendar.ics"
"D:\loginname\Calendar\loginname's Calendar.ics"

Of course the login name and storage location need to be changed to the personal situation. This
command only works when the original ICS file is moved to the new location (by cut and paste
in stead of copy and paste!). It's no problem to change the storage location and/or to rename the
database, but if you do so make sure to change the command as well.

RSS-feeds (Internet Explorer)

Changing the storage location of the folder with RSS-feeds (used by Internet Explorer, by default
stored on the location C:\Users\loginname\AppData\Local\ Microsoft\Feeds) can be moved by
cutting (CTRL-X) and pasting (CTRL-V) to the new location (e.g. D:\loginname\) as well.

However, the default storage location of the RSS-feeds can not be changed. To let Internet
Explorer use the new location, symbolic link (a symlink: on the original location a sort of
shortcut is placed to the new location) must be used. To create a symbolic link to the folder
Feeds is done with the following MKLINK command in the Command Console:

MKLINK /d "%LOCALAPPDATA%\Microsoft\Feeds" "D:\loginname\Feeds"

AN ERROR WHILE TRYING TO SAVE DATA

After moving the personal folders to a special data partition, it frequently happens that
the user account does not have the necessary permissions resulting in an error while
trying to save data in one of the subfolders of the newly created personal folder. Think
about an error when trying to save a website to the favorites or subscribing to a RSS feed

24
 or an appointment in the Calendar which has not been saved.

These problems are solved by giving the user account full permissions to the files in the
specific folder (e.g. D:\loginname\Feeds) by right clicking the folder and to select
Properties, tab Security, button Edit, button Add. Enter the name of the user account
(e.g. Menno) and click Check Names. As soon as the added name is recognized as your
user account, the permissions for this account can be changed by clicking the button OK.
Finally the permissions for the user account must be changed to Full Control in the
column Allow.

Changing the storage location of installed software

Most software creates a folder to store personal data, in most cases it will be done as subfolder of
the folder My Documents (XP)/Documents (Vista). But some programs use a different location,
e.g. a subfolder of C:\Documents and Settings\loginname (XP) / C:\Users\loginname (Vista).
For that reason, the personal folders and files of these programs will have to be moved manually.
This part describes how to this for a few popular programs.

Windows Live Mail

Windows Live Mail stores the e-mail by default in the folder C:\Documents and
Settings\loginname\Local Settings\Application Data\Microsoft\Windows Live Mail
(XP)/C:\Users\loginname\AppData\Local\Microsoft\Windows Live Mail (Vista). This folder
contains multiple folders to store the received and send e-mail. First, create a subfolder on the
data partition (e.g. D:\loginname\LiveMail). The next step is to change the storage location from
within Windows Live Mail, this is done by ALT-Tools, Options, tab Advanced, tab
Maintenance, button Store Folder, button Change, navigate to the new folder and confirm with
the button OK (confirm 3 times). After restarting Windows Live Mail, the original e-mail
archive is automatically moved to the new location. The next step is to delete the files and
folders on the original location (using the Windows Explorer). Make sure the storagelocation is
changed correctly and the e-mail is available before deleting the files!

Outlook
To change the Microsoft Outlook database location, the file OUTLOOK.PST has to be moved.
In Windows XP you can find this file in the folder C:\Documents and
Settings\loginname\Local Settings\Application Data\Microsoft\Outlook\ and in Windows
Vista you can find it in the folder C:\Users\loginname\AppData\Local\Microsoft\Outlook\.
After Outlook is closed, the file OUTLOOK.PST can be moved easily using the Windows
Explorer by cutting (CTRL-X) and pasting (CTRL-V) it in the personal folder on the data
partition (e.g. D:\loginname\Outlook). Now the file is removed from the original location,
Outlook will present an error message because the database can't by found anymore. Accept the
error message, navigate to the new location of the OUTLOOK.PST file and restart Outlook.

25
ATTENTION: If the automatic archiving is activated, the file ARCHIVE.PST must be moved
as well! This file can be moved to the same location as OUTLOOK.PST, following the same
procedure.

MS Office dictionary
The storage location of the MS Office dictionary file (with personally added words) can be
changed by moving the file CUSTOM.DIC (XP: C:\Documents and
Settings\loginname\Application Data\Microsoft\Proof or UProof, Vista:
C:\Users\loginname\AppData\Roaming\Microsoft\Proof or UProof) to a subfolder on the data
partition (e.g. D:\loginname\Dictionary). The next step is to inform Office about this change:
start Word, select Tools, Options, tab Spelling & Grammar (Word 2007: Office-button, button
Options for Word, task Proofing), button Custom Dictionaries, button Add.

Other software
For all programs you have to find out the storage location of the stored personal data. If the
program doesn't use the default folder Documents to store the data, the storage location has to be
changed. If there is no setting to change the storage location, one can still use a symbolic link
created by Junction (XP)/MKLINK (Vista), similar to the link created for the RSS feeds.

Changing the storage location of the Shared folders and

files
Besides the personal folders for each user account, Windows creates a shared folder as well (XP:
C:\Documents and Settings\All Users\Shared documents, Vista: C:\Users\Public). This
folder can be used to store files which will be available to all other user accounts as well. Just
like the personal folders, the shared folders need to be moved as well. After moving the folder,
Windows has to be informed about the new storage location. Although the necessary changes are
done almost automatically (if it is done the right way), there are still some changes in the registry
which have to be done manually.

Moving the shared folder in Windows XP

Windows XP uses the folder C:\Documents and Settings\All Users\Shared documents to store
the shared files (this folder contains subfolders like Shared pictures, Shared music, Shared
video and possibly some shared folders of installed programs). According to the shown message,
the folder Shared documents can't be moved because it is a system folder which is needed by
Windows. However, the subfolders can be moved quite easily: create a new folder using the
Windows Explorer (e.g. D:\Shared) and move the files and subfolders in the folder Shared

26
Documents (including the saved files) to this folder. To make sure that the changes are applied
in the registry, the folders have to be moved by cut (CTRL-X) and paste (CTRL-V)!

Finally there is still a manual registry change needed to change the storage location of the folder
Shared documents (in this example D:\Shared). Therefore, the registry value Common
Documents in the following two registry keys has to be changed (using the registry-editor):

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders

The folder Desktop can be moved similarly. But to my experience it is better to keep it where it
is because in most cases it only cotains shortcuts to installed programs...

TIP: The necessary registry changes can be done with the free tool TweakUI as well (My
Computer, Special Folders).

Moving the shared folder in Windows Vista

Windows Vista uses the subfolders of C:\Users\Public to store the shared files: Public
Documents, Public Pictures, Public Music, Public Videos, Public Downloads and Public
Desktop and possibly some shared folders of installed programs.

Moving these public folders is quite simple, but can only be done after User Account Control is
temporarely disabled (Control Panel, sub User Accounts, option Turn user Account Control
on or off) and the computer is rebooted. Create a new folder on the desired location using the
Windows Explorer (e.g. D:\Public) and move the subfolders (files included) from the folder
C:\Users\Public to the new folder. To make sure that the changes are applied in the registry, the
folders have to be moved by cut (CTRL-X) and paste (CTRL-V)! After moving the folders, the
yellow colored folders on the original location (if there) can be deleted safely.

ATTENTION: After disabling User Account Control, the folders can be moved by selecting
Properties after right clicking them, tab Location as well. Because this has to be done for all
folders separately, this procedure it takes some more effort.

Finally there is still a manual registry change needed to change the storage location of the folder
Public (in this example D:\Public). Therefore, the registry value Public in the following two
registry keys has to be changed (using the registry-editor):

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

ATTENTION: Although simply copying the folder Public (including the subfolders) to the new
location and applying the above registry change should be sufficient, it can cause problems for
already installed programs. Therefore I advise to move the public folders as described above.

27
Programs which use the shared/public folder

The next step is to verify the programs which have stored files in the shared/public folders. If
they still refer to the original location, they need some special attention like changing the registry
key which stores the location of the shared/public folder or reinstalling the program. This can be
very annoying, therefore it is wise to move the shared/public folders directly after a new
Windows installation.

TIP: In stead of the default folders for sharing files, one can also create a new folder and share it
with all user accounts. By creating a shortcut to this folder on an easy accesible location (like the
folder with personal documents of each user account), the shared files are quickly accessible by
ever user. Keep in mind that there will be programs which will still use the default shared/public
folders of Windows!

Making personal files private (XP)

If the other user accounts are not allowed to view the personal files of the logged on user
account, you have to make them private by changing the permissions of the folder. This is done
most easily by making the folder private: right click the folder (e.g. D:\loginname\Documents),
select Properties, tab Sharing and activate the option Make this folder private (the subfolders
will be made personal as well).

ATTENTION: In Windows XP Pro this option is only available when in the Windows Explorer
the option Use simple file sharing (Recommended) has been activated (by Tools, Folder
Options, tab View).

Limitations of making folders private

This default procedure has a disadvantage: only the folders which are related to a user account
and have been created by Windows can be made private. This procedure doesn't apply for folders
created by the user! In case the created folders for e-mail, contacts, favorites, RSS feeds or other
data must be made private, they have to be moved to a subfolder of D:\loginname\Documents as

28
well, to make them part of the already private folder. As alternative, the storage location of the
folder My documents (the original folder on the C: partition) can be changed to D:\loginname
(in stead of D:\loginname\Documents) which will result in a less deep tree structure.

ATTENTION: Administrator accounts can take ownership of folders which have been made
private by another user account. If this is undesirable, degrade all other administrator accounts to
user accounts with less permissions (this can be done by the sub User accounts in the Control
Panel)!

Using the tab Security to set the permissions

These problems which occur by making folders private can be overcome by changing the
permissions using the tab Security (these are available as well by the properties of a folder).
However, this tab is not available by default: in Windows XP Home the computer has to be
rebooted in safe mode (press a few times the F8 button while booting Windows) and in Windows
XP Pro by disabling the folder option Use simple file sharing (Recommended).

On the tab Security of the folder D:\loginname, change the permissions in a way that only the
logged on user account has the permissions to read and write: right click the folder, select
Properties, tab Security, button Advanced and deactivate the option Inherit from parent the
permission entries that apply to child objects, resulting in the following window:

Select the button Remove to remove the currently set permissions. Right after removing the
current permissions, add the logged on account using the button Add: enter the name of the
account (e.g. Menno) and click the button Check Names. As soon as the added names have
been recognized as one of the registered user accounts, the permissions for this account can be
changed: click the button OK and change the status of the permissions to Full Control (first
row) into Allow (all permissions below this row will change in the status Allow as well). After
clicking twice on OK, a window is shown which shows that the specific user account is the only
account which has full permissions for the personal folder.

29
TIP: In some cases it is wise to give the overall administrator account permissions to read and
write the personal folders of the other accounts as well. Else it won't be possible to make an
automated back-up of all personal files from all user accounts at once!

Making personal files private (Vista)

If the other user accounts are not allowed to view the personal files of the logged on user
account, you have to make them private by changing the permissions of the folder (e.g.
D:\loginname\Documents). Right click the folder, select Properties, tab Security, button
Advanced, button Edit and deactivate the option Include inheritable permissions form this
object's parent, resulting in the following window:

30
Select the button Remove to remove the currently set permissions. Right after removing the
current permissions, add the logged on account using the button Add: enter the name of the
account (e.g. Menno) and click the button Check names. As soon as the added names have been
recognized as one of the registered user accounts, the permissions for this account can be
changed: click the button OK and change the status of the permissions to Full Control (first
row) into Allow (all permissions below this row will change in the status Allow as well). After
clicking three times on OK, a window is shown which shows that the specific user account is the
only account which has full permissions for the personal folder.

31
It is preferred to change the permissions before the personal data have been moved to the new
location. Newly added subfolders will inherit automatically the same permissions.

TIP: In some cases it is wise to give the overall administrator account permissions to read and
write the personal folders of the other accounts as well. Else it won't be possible to make an
automated back-up of all personal files from all user accounts at once!

ATTENTION: Administrator accounts can take ownership of folders which are owned by
another user account. If this is undesirable, degrade all other administrator accounts to user
accounts with less permissions (this can be done by the sub User accounts in the Control Panel)!

32
 Setting up Windows Vista Parental Controls

With the launch of Windows Vista, Microsoft has introduced a new security feature called
Windows Parental Controls. Windows Parental Controls allows a parent to configure, on a per
user basis, various restrictions on what that user can do on the computer. These settings range
from blocking websites to controlling what games they can play. Having access to these types of
controls allows a parent to feel comfortable with their children using a computer and at the same
time gives them the flexibility to customize these settings to their specific needs.

It is important to note that not all programs are compatible with Windows Parental Controls. In
order for Windows Parental Controls to properly monitor and control certain activities on the
computer, the application must be compatible with this new service. For the most part, most of
the settings can be enforced across all applications, but it is important to test these controls using
the applications that your users will be using. This way you know for sure that any restriction
you put into place can be enforced. It is also important to note that Windows Parental Controls
can only be assigned to a Standard User, which is a user with limited rights on the computer, and
cannot be assigned to accounts that are configured as an Administrator. This is so a user cannot
remove restrictions placed on them.

One of the more powerful features of this new service is that you will be able to view reports of
the activity for each user that you have configured Parental Controls. The information you see
will be determined by whether or not the user is using applications that are compatible with
Windows Parental Controls. Assuming that all the applications are compatible you will be able
to monitor the following activity.

 Most recent websites blocked.

 Attempts to visit sites that have been specifically blocked or allowed.
 What files were downloaded.
 What file downloads were blocked.
 When the user logged on.
 What programs they have run.
 Emails sent and received
 Instant Messages sent and received.
 What games were played.
 What media such as movies and videos were played.

In this guide we will go into detail on how to use Windows Parental Controls to restrict a user's
activity. If you read through this guide, at the end you will know all that you need to know about
Windows Parental Controls and how to use them to provide a safe computing environment for
your children.

33
 Welcome to Windows Vista Parental
Controls

In order to access and start using the Vista Parental Controls you need to log onto to your
computer using an account that is an administrator. Once logged in you should do the following:

1. Click on the Start ( ) button.

2. In the Start Menu Search Box ( ) type Parental Controls and press
enter on your keyboard.

3. A User Account Control prompt will appear asking if you would like to continue. Click
on the Continue button to proceed with opening the Parental Controls.

You will now be at the Vista Parental Controls welcome screen. This screen is the main
launching pad for setting the global Parental Controls options as well as configuring Parental
Controls for the Standard Users on your computer. From this screen you can create a new
Standard User account, configure existing user's Parental Controls settings, configure the global
game rating system, and set some other basic global settings.

Figure 1. The Main Vista Parental Controls Screen

34
The first option we will explore is to create a new Standard User account that you can assign
Parental Controls to. You can do this by clicking on the Create a new user account option
which will bring up a screen that enables you to create a new account as shown below.

Figure 3. Create a new account

In this screen you would type the login name for the new user account that you would like to
create. We also suggest that you leave the option labeled User must set password at next logon
checked so that when the user logs on for the first time they will be prompted for a new
password enabling them to keep their password private. When you are ready to create the user,
you would click on the Create Account button to finish the creation process. You would then be
brought to the Parental Controls page for that particular user. We will go into more detail about
setting user controls later in the tutorial so just press the OK button to get back to the welcome
screen..

The first global setting you can modify from the main welcome screen is the games rating system
that will be used for all Parental Controls enabled accounts. To view or modify your current
setting you should on the Select a games ratings system option.

35
 Figure 4. Global game rating systems setting

It is advised that you stick with the Entertainment Software Rating Board, ESRB, rating
system as your default but feel free to choose another if you wish. Once you are finished
selecting the rating system, or keeping the current one, press the OK button to exit this screen
and go back to the welcome screen.

This brings us to the next set of global settings, the Family Safety Options. By clicking on
Family Safety Options you will be brought to a page that contains two global settings.

Figure 4. Family Safety Options

36
The first option is labeled How often would you like to be reminded to read activity reports.
This option allows you to specify how often you should be reminded that there are Parental
Controls activity reports available to be viewed. You will see these reminders when you log into
an administrator account. An example of this alert is below.

Figure 5. Activity Report Reminder

The second option labeled Reset the Web Content filter to be the Windows Vista Web
Content Filter allows you to configure Vista to use the built-in content filter rather than a 3rd
party software that you may have installed. If you had installed another web content filtering
software and would like to reset it back to using the Vista one, you can click on the Reset button.
When you are done configuring these options you should press the OK button to get back to the
main welcome screen.

Now that we have explored the main welcome screen, lets dig down into configuring the Parental
Controls for the individual users on your computer. To start this process you simply need to click
on a Standard User listed in the welcome screen. As said previously, you can only enable
Parental Controls on an account that is a Standard User. If you attempt to add Parental Controls
to an administrator you will instead receive the following message.

Figure 6. Cannot apply controls to an administrator

Once you click on a Standard User account you will be brought to the User Controls screen
where you can view the users activity log, enable or disable Parental Controls, and fine tune the
various Parental Controls for this particular user. If the user that you are configure Parental
Controls for is currently logged on you will receive a warning stating that the new settings may
not go into affect until the user logs off and back on.

37
 Figure 7. User Controls Screen

On the left hand side of the screen are the various options that you can configure for this user.
These settings will be disabled if Parental Controls is not turned on for this user. On the right
hand side of the screen you will find a summary of the user's currently configured controls as
well as have the ability to view the user's activity reports by clicking on the View activity
reports option.

Let us start by enabling the Parental Controls for this particular user. To do that you would select
the option labeled On, enforce current settings. Once this option is selected you will now have
access to the other settings on this screen. It is important to note that once you select this option,
default restrictions will go into place. These default restrictions are described below. We then
suggest that you enable the option under the Activity Reporting: category labeled On, collect
information about computer usage. With this option enabled, Vista will log to the user's
activity report their activity on the computer.

Now that you have enabled Parental Controls for this user, the following options will become
available under the Windows Settings category.

Windows Vista Web Filter

This section allow you to controls the sites the user is allowed to visit, whether or not
they can download files, and the type of web site content they can view.

Time Limits
This section allows you to specify the specific times that the user is allowed to use the
computer.

Games

38
 This section allows you to specify what games are allowed to be played on this computer
based on their rating, content or title.

Allow and Block Specific Programs

This section allows you to specify programs that a user can or cannot use.

Each of the above settings is discussed in greater detail in their own sections below. Let's move
on to the first of these four sections and learn about the Windows Vista Web Filter.

Configuring the Windows Vista Web Filter

If you select the Windows Vista Web Filter option you will be brought to the Web Restrictions
screen shown below. At this screen you have a variety of different options that enable you to
control what sites the user can visit.

Figure 8. Web Restrictions Page

By default, when you enable Parental Controls on an account Web Restrictions are automatically
enabled and the Block some websites or content option will be selected. To disable restrictions
select the Allow all websites and content option. When web restrictions are enabled, Vista will
automatically set your restriction level, which can be set under the Block web content
automatically category, to Medium. If the medium setting is too relaxed or too strict you can
modify it one of the following settings:

Custom - If you select this category you will be brought to a new screen where you can select
the specific site categories that you would like to restrict this user from visiting.

39
 Figure 9. Custom Content Filtering Level

None - There will not be any web content restrictions on the sites this user visits.

Medium - This level will block unratable content and content that fits in the following
categories: mature content, pornography, drugs, hate speech, and weapons.

High - Block all websites except those approved for children.

It is important to note when using web restrictions that these settings may not block every site
that fits these categories due to the fact that what some people find objective others do not. The
restrictions will, though, be able to block a large amount of sites that fall under the particular
category. When a user attempts to visit a site blocked by Parental Controls, the user will see a
screen in Internet Explorer, or another browser, similar to the one below:

Figure 10. Site blocked by Parental Controls

If the user knows the administrator password then they can click on the Ask administrator for
permission link in the blocked site's message. They will then be prompted to enter the
administrator's login information to unblock the site.

40
Under the Block web content automatically category is another option labeled Block file
downloads. If you enable this option then the user will not be able to download files through
Internet Explorer. When using this feature, it is fairly easy to circumvent it as not all browsers
are blocked. For example though Internet Explorer is able to block downloads, users of Firefox
will have no problems downloading anything. Therefore you should not rely on these features
entirely, but rather test them with the various applications your users will be using. When
Parental Controls blocks a download it will show an alert similar to the one below.

Figure 11. Download blocked by Parental Controls

The last category under web restrictions is Allow and block specific sites. This section allows
you to specify specific sites that you want to deny or allow the user to visit. When adding sites to
the block or allow list they override any restrictions based on the sites content that were
configured previously. In this way you can use this section to fine tune the content filters based
on a specific site. To configure this setting click on the Edit the Allow and block list option.
This will bring you to the Allow Block Webpages screen as shown below.

Figure 12. Allow Block Webpages Screen

At this screen you can enter specific URLs, with only http:// URLs currently being supported,
into the Website address: field and then either press the Allow or Block button. If you press the
Allow button it will add that URL into the allow list and the site will always be accessible by the
user. If you add it to the block list then the user will not be allowed to access it. When adding

41
URLs to these lists, any URL in the allow list overrides the same URL, or a more general URL,
in the block list. For example, if you add the broad and general URL, http://www.example.com,
to the block list it would block every page that started with http://www.example.com/. Now if
you added a more specific URL for that domain, http://www.example.com/safepage.html, to the
allow list, that one URL would be accessible overriding the block list.

If you really want to harden the system so that almost no sites can be accessed you can put a
checkmark in the Only Allow websites which are on the allow list checkbox. With this checked
only URLs that you enter into the allow category will be able to be visited. It is strongly
suggested that you do not select this option, as you will be seriously curtailing the amount of
useful sites available on the web.

Last but not least, you also have the ability to export and import your Allow and Block lists to a
file. This is useful if you want to use the same rules on a different computer or if you have
compiled a really good list and want to share it with your friends. If you want to save your Allow
and Block list to a file you would click on the Export button. This will bring up a prompt where
you give your list a name and then save it in the folder of your choice. If you would like to
import a list, you would click on the Import button and browse to the Web Allow Block Lists
file that you would like to import. We will go into more detail about these types of files later in
the tutorial. When you are done configuring the Allow and Block lists, press the OK button to
save your settings.

That covers the configuration of the Windows Vista Web Filter for this user. Press the OK
button again to get back to the main User Controls screen so we can configure this the time
restrictions for this user.

Configuring time restrictions

When you select the Time Limits option in the Users Controls you will be brought to a screen
where you can specify the hours that the user is allowed to use the computer.

42
 Figure 13. Time Restrictions

By default a user can logon to and use the computer at any time in the day. If you want to limit
when they can use the computer you can specify using this screen the specific times they can log
on. The hours are represented as individual boxes, where each box represents a specific hour on a
specific weekday. If you click on a box, it turns it blue which means the user cannot log on to the
computer at that particular time. To remove this restriction you simply need to click once again
on the same box so it becomes white. You are also able to select multiple time restrictions at the
same time. To do this left click on a box and while holding down the left mouse button, drag the
pointer over the time boxes that you would like to restrict. As you highlight each box it will turn
blue and block the user from logging on during that time period.

When a user attempts to log on to the computer when they are restricted they will receive the
error shown below.

Figure 14. User is restricted from logging on to the computer

Once you have finished configuring the time restrictions for this particular user, you can save
these restrictions by clicking on the OK button. This will bring you back to the main User
Controls screen where we will now configure what types of games the user can play.

43
Configuring Game Restrictions

When you select the Games option in the Users Controls screen you will be brought to the Game
Restrictions screen where you can control whether or not the user can play games and what type
of games can be played.

Figure 15. Game Controls Screen

By default all users with Parental Controls can play games of any content level. To disable
access to games you can select No under the Can username play games? category. If you want
to allow this user to play games, you can specify the maximum content rating of a game that the
user can play, by clicking on the Set game ratings option.

44
 Figure 16. Game Restrictions

From this screen you can specify whether or not the user can play games that are not rated as
well as specify the maximum content rating of a game that a user can play. When games are
created they are given a rating similar to a movie rating so that a parent can determine if the
game is appropriate for a child's age. Depending on what you feel is best for your child; select
the rating of the games that your child can play. When selecting a rating it is important to
remember that the user can play games up to and including the rating you select. Some games,
for whatever reason, may not have a rating. If you want to block these types of games from being
played you can select the Block games with no rating option. If you don't mind that the user
will play games with no rating you should instead select the Allow games with no rating option.

To further filter games you can also select various game content that you would like a user not to
be able to play. Examples of content that you can prohibit are blood, alcohol reference, drug
reference, nudity, etc. These settings will override any game ratings that you select, so if you
specify that you do not want the user to play games with cursing, but you allow a game rating
that allows for that, the games with cursing will still not be allowed. When you are done
configuring this section you would click on the OK button to save your changes.

You will now be back at the main Game Controls screen. From this screen we will configure the
last available setting, which is for allowing or blocking specific games. By clicking on the Block
or Allow specific games option you will come to the Game Overrides screen.

45
 Figure 17. Game Overrides Screen

At this screen you can specify whether or not a game can be played on a per game basis. There
are three options next to each game title. The first option is User Rating Setting, which will
block the game based on the Parental Controls settings previously set. The Always Allow or
Always Block settings will override the other Parental Controls settings and allow access to the
game based on the choice in this screen.

When you are done configuring this screen, you can press the OK button to save your changes
and bring you back to the main Game Controls screen. Now that we are done configuring game
settings, we would press the OK button again to exit back to the User Controls screen.

Configuring what programs are allowed or are blocked

We are now at the User Controls screen and there is one last section that we have not explored.
When you click on the Allow and Block Specific Programs option you will be brought to a
screen asking if the user can use all programs or only ones that you allow. If you want the user to
be able to use all of the programs on the computer you should press the Cancel button to exit this
screen. Otherwise select the Username can only use the programs I allow option and Vista
will scan your computer for programs and then display them in a list as shown below.

46
 Figure 18. Application Restrictions

You can now pick and choose the specific programs that you wish to allow the user to use. To
allow a program to be used, simply put a checkmark in the checkbox next to the programs name.
If there is a program that is missing from the list, and you would like the user to have access to it,
you can click on the Browse button and browse to the executable. When the executable is added
it will automatically be checked. You can also select the Check All button to allow all the
programs or the Uncheck All button to disallow all of the listed programs. When you are done
selecting the programs you want to permit access to, click on the OK button to save these
settings and bring you back to the User Controls screen.

Congratulations! You have now completed setting up Parental Controls for this user. As this was
the last group of settings to configure for this user, you can now press the OK button to get back
to the main Parental Controls welcome screen. You can now configure Parental Controls for any
other users on your computer, or close the screen to finish this process. In the next sections we
will go over some advanced material about Parental Controls. If you have no need for this
material, then you can skip to the conclusion.

How to create a custom Web Allow Block Lists file

The Windows Vista Web Filter allows you to export and import lists of sites that you would like
to allow or block for a particular user. These lists of sites are stored in a file called a Web Allow
Block Lists file. These files are text files that have the extension of .WebAllowBlockList and
contain a list of URLs. The URLs are formatted in a particular way so that the Vista Web Filter
knows whether or not they should be added to the Allow or Block lists. Below we describe the
format of the file so that you can make your own Web Allow Block Lists files.

47
The contents of all Web Allow Block Lists files start with the tag and end with the tag. In
between these two tags are URL statements using the following syntax:

http://example.com

The value of the AllowBlock variable, represented by X, can either be the number 1 or the
number 2. If you specify the value of AllowBlock to be 1 then the Web Filter will add that URL
into the Allow list. On the other hand if you specify the value of the AllowBlock to be 2 then the
Web Filter will add that URL into the Block list. It is also important to note that when you add
URLs to the list, you can only add URLs that start with http://. Below are some example URL
statements:

http://www.example.com would allow all pages that start with www.example.com/ to be

accessible.

http://www.example.com/badurl/ would block access to the specific URL

http://www.example.com/badurl/

You can list as many URL statements as you wish as long as you use the syntax shown above
and as long as they are in between the opening and the closing tags. An example Web Allow
Block Lists file can be found below so that you can see the format used.

http://apple.test.com/
http://test.com/test
http://mac.test.com/
http://test.com/
http://test.com/blocked

One frustrating issue when making a Block Lists file is that certain legitimate types of http://
URLs are not permissable in a Web Allow Block Lists file which makes it difficult to automate
the conversion of existing lists of unwanted sites to this new format. The first is that you cannot
use a &, ampersand, in an URL. So an URL that looks like the following is not allowed:

http://www.example.com/test.html?test=1&bad=1

When trying to import urls that contain an &, you will get an error message stating the import
failed. One last caveat, which is not necessarily a problem, is that the import process will strip
off the first GET variable in an URL so that it is only the specific page, without arguments, that
gets added to the lists. Let's look at the following URLs list as an example:

http://www.example.com/index.php
http://www.example.com/index.php?type=.html

48
Both URLs are legitimate and both may perform differently when you visit them, but when you
import this list, you will be notified that the URLs are redundant, the importer will strip off the
arguments, and you will only be left with the single URL, http://www.example.com/index.php,
in your block list. I understand that they are doing this so that you have a more general URL to
block, but I find it strange that the import process is fine with the first variable designated by a ?,
but has problems with further arguments specified with an &.

Advanced Information

In this section we will touch on some advanced information as to the inner workings of Parental
Controls. The configuration settings for the Parental Controls are stored in the following
Windows Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental
Controls

Under that key are a variety of global settings, exemption lists, and the per user settings. For each
user that has Parental Controls there is a subkey named for their SID, or Security Identifier,
under the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental
Controls\Users

Under the SID subkey you will find all the settings that were configured for the user. An
interesting subkey is the Web\Overrides subkey, which contains the Web Filter overrides.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental
Controls\Users\S-1-5-21-2583266263-1766765975-3327590656-1004\Web\Overrides

Each value name is the particular URL in our block or allow list and the data of that value is
either the number 1 or 2, with 1 meaning the URL is allowed and 2 meaning it is blocked. These
settings are obviously only accessible by an Administrator so we do not have to worry about
malware running under a standard user's account modifying this information.

According to a blog post by David Bennet, a developer on the Windows Parental Controls team,
there are four different exclusion lists, in two categories, for Parental Controls. These lists
contain URLs and programs that are white listed so that they cannot be blocked or filtered. The
first category of white lists are for entries added to the list by programs so that they can update
themselves, retrieve help information, or activate their products. These program writable lists are
the HttpExemptionList and the UrlExemptionList. They are found at the following Registry
keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental
Controls\HTTPExemptions

49
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental
Controls\URLExemptions

HTTPExemptions are a list of programs that are can't be blocked from accessing the HTTP
protocol and URLExemptions are urls that can't be blocked by the Vista Web Filter. Below are
default exemptions for a Vista Ultimate installation.

HTTPExemptions
C:\Program Files\Windows Media Player\Wmprph.exe
C:\Program Files\Windows Media Player\Wmpnscfg.exe
C:\Program Files\Windows Media Player\Wmlaunch.exe
C:\Program Files\Windows Media Player\Wmpenc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\Wmpsideshowgadget.exe
C:\Program Files\Windows Media Player\Wmpnetwk.exe
C:\Program Files\Windows Media Player\Wmpshare.exe
C:\Program Files\Windows Media Player\Wmpconfig.exe

URLExemptions
http://services.wmdrm.windowsmedia.com
http://preview.services.wmdrm.windowsmedia.com
http://drmlicense.one.microsoft.com

The second type of white list is read-only and is a list of Windows programs and URLs that are
required for proper Windows functionality. These entries cannot be added or removed by
standard means and will most likely only be altered via future Windows updates. The Registry
keys associated with these white lists are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental
Controls\WinHTTPExemptions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental
Controls\WinURLExemptions

WinHTTPExemptions are a list of programs that are can't be blocked from accessing the HTTP
protocol and WinURLExemptions are urls that can't be blocked by the Vista Web Filter. Below
are default exemptions for a Vista Ultimate installation.

WinHTTPExemptions
C:\\Windows\eHome\ehrec.exe
C:\\Windows\HelpPane.exe
C:\\Windows\eHome\MCUpdate.exe

WinURLExemptions
http://www.microsoft.com/windowsvista/images/lockedout_uncompressed48.png
http://wer.microsoft.com

50
http://oca.microsoft.com
http://www.microsoft.com/library/media/1033/windowsvista/images/shield.png
http://images.metaservices.microsoft.com
http://games.metaservices.microsoft.com
http://go.microsoft.com/fwlink/

Conclusion

Now that you understand how to use Vista's Window Parental Controls, it is possible to create a
safe and productive environment for the children in your household. It is particularly comforting
knowing that the Windows Parental Controls team envisioned that what one parent may find
offensive, another may not, and thus provided us a set of tools that we can customize to fit our
own requirements.

How to Set "Parental Controls" Using

Windows XP

"Parental Controls" are used to keep children from seeing things

that parents find undesirable. Microsoft has this utility built
into their operating systems. You may also wish to
purchase an additional software program to
monitor your children's browsing.

Please note: Setting "Parental Controls" may result in having a "password requester"
appearing due to the content within the web page. If this occurs, you will
need to type in the password chosen during this setup.

1. On the desktop, double click on My Computer. In the My Computer

window, double click on the Control Panel.

51
2. In the Control Panel window, double click on the Internet Options
button:

3. In the Internet Options window, click on Content tab:

52
4. Under the Content Advisor, click on the Enable button:

53
Click on the Language key, and slide the adjustable ruler over to the right hand
side of the screen (there are four different levels to choose from). Click on Apply
at the bottom of the screen.

5. Next, click on the Nudity key:

54
Slide the adjustable ruler towards the right hand side of the screen to make your
selection of levels. Click Apply at the bottom of the screen.

6. Next, click on the Sex key:

55
Slide the adjustable ruler towards the right hand side of the screen to make your
selection of levels. Click on Apply at the bottom of the screen.

7. Next, select the Violence key:

56
Slide the adjustable ruler towards the right hand side of the screen to make your
selection of levels. Click on the Apply button at the bottom of the screen.

8. Click on the General tab at the top of the screen and place a check mark
in the box next to "Users can see sites that have no rating"

57
Click Apply and then OK.

9. You will then be asked to type in a password to save the controls you
just created.

After selecting the password, type it again under the Confirm Password box and
click OK.

10. The Content Advisor is now active, click OK.

58
11. In the Internet Properties screen, click OK.

Your Parental Controls are now set. Please remember to keep your Password in a
safe place!

12. Cancel remaining windows in the Control Panel and My Computer

screens.

To reset forgotten passwords: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q155609

How To Use Parental Controls in Windows

7
The Parental Controls feature is a valuable tool for controlling the amount of time your children
spend on the computer and the programs they’re using. Today we take a look at how to setup and
use Parental Controls in Windows 7.

Parental Controls

To access Parental Controls open the Start Menu and type parental controls into the Search box
and hit Enter.

59
Alternatively you can open Control Panel and click on Parental Controls.

When you open Parental Controls, click on the child’s account you want to set up.

60
Make sure to password protect your Administrator account…otherwise anyone can turn off
Parental Controls and use the computer with no restrictions.

If you see a password hasn’t been set when you go into Parental Controls, click on the message
and you’ll be prompted and Ensure Administrator Passwords.

61
Under Parental Controls mark the radio button next to On, enforce current settings. Then you
can go through and control their computer time, games, and programs.

Set Time Limits

Click on Time limits to control when your child has access to the computer. If you want to only
allow a few hours each day, it’s easiest to left-click and drag the mouse across all of the time
slots to block them. Then allow the time blocks when you want to make the computer available.

62
Control Games

Click on Games to control the type of access your child has to games on the computer. You can
completely block all games or select games by ratings and game names. These game ratings are
based on the Entertainment Software Rating Board.

63
You can also select different game rating systems if it’s more appropriate for your location or if
you like a certain system better than another.

You can also block games based on the type of content it contains…and it gives you a lot of
choices.

64
Control Programs

If you want to restrict certain programs on the machine, click on Allow and block specified
programs then scroll through the list of installed programs and block them.

65
Additional Controls

Windows 7 doesn’t have a Web Filter included like Vista did. If you want additional controls
like Web Filtering and activity reports, you’ll need to install Windows Live Family Safety which
is part of the Window Live Essentials suite. With it you can block access to certain sites and also
get access to an activity report that shows you what sites your children have been visiting.

66
Everything can be controlled online which makes it nice if you want to access a report or change
settings while at work.

The Parental Controls feature is easy to use and helps you administer how your children use the
computer. Of course nothing is perfect or foolproof and the Parental Controls won’t replace good
old fashioned “real parenting” but it makes it easier.

67
 How to Use Fast User Switching in
Windows 7

Fast User Switching Saves Time

Windows 7 like its predecessors, Vista and XP, allow users to quickly switch between user
accounts while logged in.

This is a great feature because you could essentially keep two different accounts logged in
without having to loose the things you are working on or waste time logging out and logging
back in.

User Accounts Must be Active

If you share your Windows 7 computer with other members of the family you most likely
employ user accounts for each member of the family so that preferences, files, and other items
are limited to each account.

If you only use one account in Windows 7 then this feature wont apply.

User Switching is Useful

If you are still uncertain about the advantages of user switching, let me illustrate a common
scenario.

You are working on a Word Document using your Windows account. Your wife walks up to you
and tells you that she needs to access files that are stored in her personal folders.

68
Rather than having to close the document you are working on, log out of your computer, and
then have her log in you can just switch users and leave your work as is, without having to close
applications or files. All in three simple steps.

How to Quickly Switch Users in Windows 7

To quickly switch between accounts, follow the instructions below.

1. While logged in to your account, click the Windows Orb to open the Start Menu.

2. Click the small arrow next to the Shut Down button to expand the menu.

3. Click Switch User from the menu.

After you click Switch User you will be taken to the Windows Log-in screen where you will be
able to select the account you wish to switch to.

The original session will remain active, but in the background while the other account is
accessed.

When you are done using the second account you have the option of switching back to the first
account while keeping the second account in the background or logging out the second account
altogether.

Switch Again or Log Out?

Unless you need to access the second account right away, I recommend that you sign out from
the second account before returning to the first account.

The reason for this, is that keeping two active logins affects performance due to additional
resources necessary to keep both accounts logged in.

View Hidden Files and Folders

By default, Windows does not display hidden files and folders. Virus writers often take advantage of this,
by dropping hidden files to the system that the casual user can't see. Though the default isn't technically
a rootkit, for the inexperienced computer user it can have the same effect. Here's how to change the
default settings in Windows so you can view hidden files and folders.

69
Here's How:
1. Windows XP, 2000 users: To begin, double-click the My Computer icon on the desktop, then
skip to Step 4.
2. Windows Vista users: Click Start, then Control Panel. Click "Appearance and Personalization"
then click the Folder Options icon and skip to Step 5.
3. Windows ME, NT, 98, and 95 users: To begin, double-click the My Computer icon on the
desktop, then skip to Step 6.
4. Windows 2000 and XP users: Click Tools | Folder Options | View then skip to Step 7.
5. Windows Vista: Click View then skip to Step 7.
6. Windows ME/95/98/NT: Click View | Options | View
7. Under Hidden files and folders, select "Show hidden files and folders"
8. Now close the dialog boxes you have opened to perform this task. You should now be able to
view hidden files and folders on the system. Note that this change may cause the hidden (and
legitimate) file 'desktop.ini' to appear on the desktop.

Lock Down Windows 7 With User

Account Control

One of the greatest annoyances users had with Windows Vista was User Account Control, also
known as UAC. This technology was intended to make Windows safer by alerting a user when a
program wanted to make a change to the computer. Although it was a good idea, the
implementation of UAC drove most users crazy, with an unending series of popups and prompts.

Microsoft realized that and significantly changed UAC in Windows 7, making it much more
user-friendly, and giving you greater control over its operation. In Vista, UAC had two states:
Off and On. In Windows 7, you have a number of choices. Here's what you need to know about
each of them, to make your computer more secure.

First, reach the UAC window by clicking on Start/Control Panel/Sytem and Security/Change
User Account Control Settings. That will bring up the window seen at the top of this article. As
you can see, there are four settings: they start at the most secure at the top, going down to the
least secure. The slider on the left is used to set the UAC level. We'll discuss each level.

 Level 1: Always notify. This top-most setting is the most secure, and the most annoying -
- it is essentially the UAC setting from Vista. It always notifies you when a setting has
been changed by you or a program, or another program (not controlled by you) tries to

70
 make changes. This will result in multiple pop-ups, and you could quickly grow tired of
them. On the other hand, it assures that you will know about any changes made to
Windows. In you work in high-security settings like the military or with sensitive
financial data, for example, this may be the proper setting for you -- in fact, it may be
required in some cases.
 Level 2: Notify when programs make changes. This step down is the default UAC
setting, so it's what Windows 7 will be set to initially. It won't tell you about changes
you're making to Windows; it's concerned about other programs making changes. It also
dims your screen when it detects these changes, and won't let you do anything else until
you allow or disallow the change a program is attempting to make. This screen-dimming
behavior is known as "secure desktop."
 Level 3: Same as Level 2, only without "secure desktop". This brings up alerts for the
same things as Level 2, but without dimming your screen. Microsoft says it's "slightly"
less secure than Level 2, and "not recommended." It is less secure, if only slightly less so.
 Level 4: The "no secure" option. If you turn off UAC, you won't be alerted when any
programs make changes to Windows. Only use this setting if you want your computer
compromised and open to the bad guys on the Internet. I join with Microsoft in urging
you to keep UAC turned on.

In general, I would recommend keeping the default setting, which is Level 2. Yes, the screen
dimming can be annoying, since it keeps you from doing anything else for a moment. But the
tradeoff in increased security is well worth it, in my opinion. And you won't get nearly as many
prompts as you did with Vista. I think it's a good balance between productivity and security.

One further caution: security experts have written that since UAC has been so annoying in the
past, many users simply ignore the warnings and choose to install whatever program or setting
change is listed in the prompt, whether they recognize a program or not. Others simply turn UAC
off altogether.

This is very dangerous. It's there to protect you, not annoy you. If you just downloaded a
program from the Internet or loaded a program from a CD, you can be confident that it's making
changes you know about. If you did not specifically make a change or load some software, do a
Google or other Internet search for the program about which you're being warned: it could well
be a piece of malicious software trying to infiltrate your computer. Read the prompts, and don't
install something you weren't expecting, or that you know nothing about.

71
 How to Delete User Accounts in Windows

Open the User Accounts Tool

Open the Control Panel

In this tutorial, you'll learn how to delete user accounts. You might want to delete user accounts
if a previous user of your computer no longer needs access to it.

Click on the Start Menu, then click Control Panel.

72
Open User Accounts

In the Control Panel, click User Accounts. Within the User Accounts window, click the User Accounts
icon.

Select the Account to Delete

Select the account to delete (In this example, Elwood Blues is selected). Click on Delete the account.

73
Confirm Keeping or Deleting User's Files

Keep or Delete User Files

Confirm that you want to keep or delete the user files associated with this account. (In the case of
Elwood, we are deleting his work 'cause we never want him to use this PC again...)

Note that the final screen shows that the account has been deleted (Elwood is gone.)

74