Professional Documents
Culture Documents
Users displays the two built-in user accounts, Administrator and Guest, as
well as any user accounts you create. The built-in user accounts are created
automatically when you install Windows 2000 or Windows XP.
Administrator account.
Guest account.
Administrator account
The Administrator account is the one you use when you first set up a workstation or
member server. You use this account before you create an account for yourself.
The Administrator account is a member of the Administrators group on the
workstation or member server.
The Administrator account can never be deleted, disabled, or removed from the
Administrators local group, ensuring that you never lock yourself out of the
computer by deleting or disabling all the administrative accounts. This feature sets
the Administrator account apart from other members of the Administrators local
group.
Administrators Can:
Create, modify, and access local user accounts
Install new hardware and software
Upgrade the operating system
Back up the system and files
Claim ownership of files that have become
damaged
Do anything a Power User can
Guest account
The Guest account is used by people who do not have an actual account on the
computer. A user whose account is disabled (but not deleted) can also use the Guest
account. The Guest account does not require a password. The Guest account is
disabled by default, but you can enable it.
You can set rights and permissions for the Guest account just like any user account.
By default, the Guest account is a member of the built-in Guests group, which
allows a user to log on to a workstation or member server. Additional rights, as well
as any permissions, must be granted to the Guests group by a member of the
Administrators group.
Guests Can:
Log in and out
Run installed applications
Navigate through the file system
Shut down the system
User Options
There are three fundamental levels of security granted to users. These are
granted to end users through membership in the Users, Power Users, or
Administrators groups.
Default security settings
Administrators
Only trusted personnel should be members of this group.
Install the operating system and components .
Install Service Packs and Windows Packs.
Upgrade & repair the operating system.
Configure critical operating system parameters (such as password policy, access
control, audit policy, and so on).
•Take ownership of files that have become inaccessible.
•Manage the security.
•Back up and restore the system.
Default security settings
Power Users
The Power Users group primarily provides backward compatibility for running non-
certified applications. Members of the Power Users group have more permissions than
members of the Users group and fewer than members of the Administrators group.
Install programs that do not modify operating system files or install system services.
Customize system wide resources including printers, date, time, power options, and other
Control Panel resources.
Create and manage local user accounts and groups.
Stop and start system services which are not started by default.
Power Users do not have permission to add themselves to the Administrators group.
Default security settings
Users
The Users group is the most secure, because the default permissions allotted to this
group do not allow members to modify operating system settings or other users' data.
The Users group provides the most secure environment in which to run programs.
On a volume formatted with NTFS, the default security settings on a newly installed
system.
Users cannot modify system wide registry settings, operating system files, or program
files. Users can create local groups, but can manage only the local groups that they
created. They can run certified Windows XP Professional programs that have been
installed or deployed by administrators.
Users have Full Control over all of their own data files and their own portion of the
registry (HKEY_CURRENT_USER).
Default security settings
Backup Operators
o Members of the Backup Operators group can back up and restore files on
o the computer, regardless of any permissions that protect those files.
o Backing up and restoring data files and system files requires permissions to
read and write those files. The same default permissions granted to Backup
Operators that allow them to back up and restore files also make it possible
for them to use the group's permissions for other purposes, such as reading
another user's files.
Default security settings
Special Groups
Several additional groups are automatically created by Windows XP Professional.
Interactive. This group contains the user who is currently logged on to the
computer. During an upgrade to Windows 2000 or Windows XP Professional,
members of the Interactive group will also be added to the Power Users group, so
that legacy applications will continue to function as they did before the upgrade.
Network. This group contains all users who are currently accessing the system over
the network.
Terminal Server User. When Terminal Servers are installed in application serving
mode, this group contains any users who are currently logged on to the system
using Terminal Server.
Groups Options