The latest from the world's leading Windows authority Mark Minasi, Mastering Windows XP Professional is the premier resource for anyone installing, configuring, and administering Windows XP, whether as part of a corporate network or for home or small business use. Depend on it for step-by-step instruction in hundreds of key techniques-not to mention a thorough look at all of XP's new features and troubleshooting advice that will save you time, money, and countless headaches. Updates to this edition include new coverage for administrators on topics including Web and FTP servers, scripting, the Microsoft Mangement Console and Services, and security.
Using the new Start menu and Control Panel
Setting up broadband Internet connections
Setting up and configuring a peer-to-peer network
Securing your PC and network from intruders
Encrypting vital data
Running programs designed for previous versions of Windows
Transferring files and settings from one computer to another
Sharing your desktop with remote users
Connecting to remote computers using Remote Desktop Connection
Using Windows Media Player 8
Communicating in real time using Windows Messenger
Using Windows XP on Portable Computers
Restoring your system to a previous configuration
Preventing disaster; backing up and recovering data
Using the Services and MMC administration tools
Bonus Coverage: Windows XP Essential Skills
Includes 96 pages of full-color visual, step-by-step instruction on the 57 most important Windows XP skills. In minutes, you'll learn how to burn a CD,set up an Internet connection, use XP's powerful System Restore feature, and much more.
About the Author
Mark Minasi, MCSE, is one of the world's leading Windows authorities. He teaches NT/2000 classes in 15 countries, keynotes at industry gatherings, and writes regular columns for Windows 2000 magazine and other prominent publications. His firm, MR&D, has taught tens of thousands of people to design and run Windows networks. Among his eight other Sybex books are Mastering Windows NT Server 4; Mastering Windows 2000 Server, Linux for Windows NT/2000 Administrators: The Secret Decoder Ring, and The Complete PC Upgrade and Maintenance Guide.
About the Author
Read an Excerpt
Chapter 20: Living with Windows XP Professional Strict SecurityIn the previous chapter, I walked you through the steps for creating and configuring a network, but one big piece of the networking pie is still missing: securing the resources on your network. From its inception, the NT family of operating systems was designed with security as a primary feature, and, of course, this architectural element is omnipresent in the Windows XP Professional.
Unlike some other operating systems, Windows XP Professional requires you to create a user account for yourself right on your PC before you can do anything on that PC. Yes, the idea that you must create your own user account on your personal PC before you can do anything with the PC is unusual-after all, most of us are accustomed to requiring network accounts, but not particular accounts on a workstation. But-as your father might say when you complain that something you don't like isn't fair-get used to it!
The user account is an integral part of Windows XP Professional and has some great benefits. For example, suppose you and Sue share a computer. You can set up the computer so that you own a folder on the hard disk and Sue owns another folder on the hard disk, and it is completely impossible for Sue to access your data (and vice versa) unless you give her permission.
In addition, you can restrict access to files and folders by setting permissions. As you may recall, in Windows XP Professional you can use the FAT, FAT32, or NTFS file system. If you use either FAT system, you can exercise only a limited amount of control over file and folder access, but if you use the NTFS system, you can exercise a great deal of control-whether the files are on your local computer or on your network.
In this chapter, we'll first look at how to set up user accounts, and then we'll look in detail at establishing permissions for shares, files, and folders.
In this chapter:
- Understanding and creating accounts in Windows XP Professional
- Setting permissions
- Understanding ownership
Understanding User Accounts in Windows XP ProfessionalAs you have just read, you must create separate user accounts on a Windows XP Professional machine before any user can log on to the workstation-and, unlike Windows 9x, Windows XP Professional won't let you get anywhere until you log on.
If your computer is part of a Windows XP Professional client-server network, two types of user accounts are available: domain accounts and local accounts. A domain account gives you access to the network and to the network resources for which you have permission. The manager of the server normally sets up domain accounts, which are stored in a directory on the server. The directory can either be Active Directory or a Windows NT domain directory.
A local user account is valid only on your local computer; local user accounts sit in a database called the Security Accounts Manager, or SAM. You create user accounts with the Users and Passwords applet, which you'll meet later in this chapter.
In this chapter, I'm going to talk about local user accounts only. If you happen to be the administrator of a domain on a network and you need help creating domain user accounts, take a look at Mastering Windows 2000 Server, Third Edition (Sybex, 2001).
Before I get into how you change or create an account, we need to look at the types of accounts in Windows XP Professional. The two broad categories are users and groups. A user account identifies a user on the basis of their user name and password. A group account contains other accounts, and these accounts share common privileges.
User accounts are of three types:
Computer Administrator This account has full and complete rights to the computer and can do just about anything to the computer. The Computer Administrator account was created during installation and setup of Windows XP Professional. The Computer Administrator account cannot be deleted. You'll need to log on as Computer Administrator when you want to create new accounts, take ownership of files or other objects, install software that will be available to all users, and so on.
Limited This account is intended for use by regular old users, those who should not be allowed to install software or hardware or change their user name. Someone with a limited account can change their password and logon picture.
Guest This built-in account allows a user to log on to the computer even though the user does not have an account. No password is associated with the Guest account. It is disabled by default, and you should leave it that way. If you want to give a visitor or an occasional user access to the system, create an account for that person, and then delete the account when it is no longer needed.
As I said earlier, a group is an account that contains other accounts, and a group is defined by function. Using groups, an administrator can easily create collections of users who all have identical privileges. By default, every Windows XP Professional system contains the following built-in groups:
Administrators Can do just about anything to the computer. The things that they can do that no other type of user can do include loading and unloading device drivers, managing security audit functions, and taking ownership of files and other objects.
Backup Operators Can log onto the computer and run backups or perform restores. You might put someone in this group if you wanted them to be able to get on your system and run backups but not to have complete administrative control. Backup operators can also shut down the system but cannot change security settings.
Guests Have minimal access to network resources. As I mentioned earlier, creating user accounts for occasional users is a much safer bet than using Guest accounts.
Network Configuration Operators Can manage network configuration with administrativetype access. Although they do not have administrative access to your system, these users can modify network and dial-up connections.
Power Users Can create new printer and file shares, change the system time, force the system to shut down from another system, and change priorities of processes in the system. They can't run backups, load or unload device drivers, or take ownership.
Remote Desktop Users Have the right to log on remotely.
Replicator Enables your computer to receive replicated files from a server machine.
Users Can run programs and access data on a computer, shut it down, and access data on the computer from over the network. Users cannot share folders or create local printers.
HelpServicesGroup A group of users for the Help and Support Center.
IIS_WPG The Internet Information Services Worker Process Group; this group is available only if you have installed IIS. A member of this group can manage the IIS Web server (not content, just service).
Understanding User RightsBut what's this about shutting down the machine or loading and unloading drivers? Well, actually, the notion of a user right is an integral part of how Windows XP Professional security works. Basically, the difference between regular old users and administrators lies in the kinds of actions that they can perform; for example, administrators can create new user accounts but regular old users cannot. In Windows XP Professional terminology, the ability to perform a particular function is a user right. To take a look at the user rights in Windows XP Professional and the types of users to whom they are assigned, follow these steps...
Table of ContentsIntroduction
Essential Skills for Windows XP Professional
Part 1 • Windows XP Professional Basics
Chapter 1 • Introducing Windows XP Professional
Chapter 2 • Installing Windows XP Professional (and Automating Installation)
Chapter 3 • Using the Desktop and Getting Help
Chapter 4 • Customizing the Interface
Chapter 5 • Installing, Running, and Managing Applications
Chapter 6 • Managing Files and Folders
Chapter 7 • Installing and Working with Printers and Fonts
Chapter 8 • Installing and Configuring Hardware
Chapter 9 • Media Player and Movie Maker
Chapter 10 • Using Windows XP Professional on Notebook PCs
Part 2 • Communications and the Internet
Chapter 11 • Connecting to the Internet
Chapter 12 • Web Browsing with Internet Explorer
Chapter 13 • Using the Communications Programs
Chapter 14 • Using Outlook Express for E-mail and News
Part 3 • Networking Windows XP Professional
Chapter 15 • Windows XP Professional Networking and Network Design Primer
Chapter 16 • Setting Up and Configuring a Peer-to-Peer Network
Chapter 17 • Connecting to Domains
Chapter 18 • Living with Windows XP Professional Strict Security
Chapter 19 • Auditing Security
Chapter 20 • Secure Telecommuting
Part 4 • Diagnosing, Administering, Automating and Troubleshooting Windows XP
Chapter 21 • Administrative and Diagnostic Tools
Chapter 22 • Understanding and Using the Registry
Chapter 23 • Using Scripts to Automate Windows XP
Chapter 24 • Disaster Prevention And Recovery
Chapter 25 • Advanced Troubleshooting Methodology
Part 5 • AdvancedTopics
Chapter 26 • The Microsoft Management Console
Chapter 27 • Manage Windows XP Professional Services
Chapter 28 • Hosting Web/FTP Servers
Appendix A • Web Publishing with Windows XP Professional
Appendix B • Connecting to Novell NetWare Networks
Appendix C • Active Directory Essentials