Top 3 Products & Services
Dated: Feb. 22, 2011
Related CategoriesNetwork Security
By Jim Michaels
By now most Windows users are probably familiar with the notion of user accounts and how all users on a PC can have their own individual settings, documents, and other features. In Windows Vista, Microsoft simplified the user account types down to just two, and locked them down to make the system more secure. Windows 7 takes this approach a step further and makes it easier to configure how user accounts behave and are protected. And thanks to features such as User Account Control, Parental Controls, and Windows Live Family Safety, Windows 7 is not only more secure than previous Windows versions, but also easier to configure from a user account perspective. This tutorial describes these features and explains how they can be put to the best possible use.
Note: Windows 7 user accounts include a variety of obvious functionality that is not covered here explicitly because this book focuses on secrets, those features that are brand-new to Windows 7 and/or are so well hidden you’d never normally know about them. So, yes, you can add cute pictures to your user account; add, change, and remove passwords; and even change your account type, but you can do much more than that. This tutorial looks at the new and improved functionality that makes user accounts so much better in Windows 7 than they were in Windows XP and Vista.
Understanding User Accounts
Starting with Windows XP, Microsoft began to push PC-based user accounts to consumers. That’s because XP, unlike previous consumer-oriented Windows versions (such as Windows 95, 98, and Me), was based on the enterprise-class Windows NT code base. NT originally was developed in the early 1990s as a mission-critical competitor to business operating systems such as UNIX. Previously, consumer Windows products such as Windows 95 and Windows Me were based on legacy MS-DOS code and provided only the barest possible support for discrete and secure user accounts. That’s because those systems were originally designed for single users only.
Eventually, however, Microsoft began moving the two products together. Windows XP, released in 2001, was the first mainstream NT-based Windows version, and this product marked the end of the DOS-based Windows line. Windows Vista, like Windows XP, was based on the NT code base, which means that Microsoft marketed separate versions of Vista to both individuals and businesses. Additionally, Vista retained—and even enhanced—the paradigm of all users having their own user account for accessing the PC. As an updated version of Windows Vista, Windows 7 offers an evolution of the user account capabilities from its predecessor. That said, some of the changes dramatically alter the experience of using and protecting user accounts. Therefore, it’s worth discussing how user accounts have changed in Windows 7 compared to both Windows XP and Vista.
First, however, a short review may be in order. When you installed or configured Windows XP for the first time, you were prompted to provide a password for the special administrator account and then create one or more user accounts. Administrator is what’s called a built-in account type. The administrator account is traditionally reserved for system housekeeping tasks and it has full control of the system. Theoretically, individual user accounts—that is, accounts used by actual people—are supposed to have less control over the system for security reasons. In Windows XP, that theory was literally a theory. Every user account you created during XP’s post-setup routine was an administrator-level account, and virtually every single Windows application ever written until fairly recently assumed that every user has administrative privileges. This resulted in an ugly chicken-or-egg situation that has caused several years of unrelenting security vulnerabilities because malicious code running on a Windows system runs using the privilege level of the logged-on user. If the user is an administrator, so is the malicious code.
In Windows Vista, everything changed. Yes, you can still create user accounts, and hopefully, you create accounts with strong and secure passwords. (Microsoft still doesn’t require this is in Windows 7, for some reason.) And you would still log on to the system to access applications, the Internet, and other services, just as you did in Windows XP. But in Windows Vista, user accounts—even those that were graced with administrative privileges— no longer had complete control over the system, at least not by default. Microsoft, finally, was starting to batten down the virtual hatches and make Windows more secure. Although there were (and still are) ways to counteract these preventive measures, the result was a more secure operating system than previous Windows versions, one that hackers have found and will continue to find more difficult to penetrate.
Microsoft’s approach to user account security in Windows Vista was hugely successful. According to the software giant, Vista users experienced 60 percent fewer malware infections than did XP users. Windows 7 continues using the infrastructure Microsoft created for Vista while adding a few changes at the requests of its customers. The following sections look at what has changed.
Creating the Initial User Account
When you install Windows 7 for the first time or turn on a new computer that has Windows 7 preinstalled from a PC maker, you will eventually run into the so-called out-of-box experience (OOBE), sometimes called the Day One Experience, whereby Windows 7 prompts you for a few pertinent bits of information before presenting you with the Windows desktop for the first time—information used to create your initial administrative account. While this account is technically granted administrative privileges, remember that this privilege isn’t as all-powerful as it was in XP. You’ll see why in just a moment.
Understanding Account Types
Windows 7, like Windows Vista, but unlike XP, supports just two account types:
- Administrator: This is (almost) exactly what it sounds like, and is basically the same as the administrator account type in Windows XP. Administrators have complete control of the system and can make any configuration changes they want, though the method for doing so has changed somewhat since XP.
- Standard User: A standard user can use most application software and many Windows services. Standard users, however, are prevented from accessing features that could harm the system. For example, standard users cannot install most applications, change the system time, or access certain Control Panel applets. Naturally, there are ways around these limitations, discussed in a bit.
Microsoft would like most people to run under a standard user account; and although this would indeed be marginally safer than using an administrator account, we don’t recommend it, assuming that you log on to your account with a password. That’s because Microsoft has actually locked down the administrator account in Windows 7, making it safer to use than ever before. More important, perhaps, you’ll ultimately find an administrator account to be less annoying than a standard user account, even given some of the changes Microsoft has made in this release. To find out why that’s so, you need to examine an important security feature in Windows 7: User Account Control.
User Account Control
No Windows feature has proven as controversial and misunderstood as User Account Control, or UAC. When it debuted in Windows Vista, tech pundits screamed far and wide about this reviled feature, spreading mistruths and misunderstandings and generally raising a lot of ruckus about nothing. If these pundits had just calmed down long enough to actually use User Account Control for longer than a single afternoon, they’d have discovered something very simple: it’s not really that annoying, and it does in fact increase the security of the system. Indeed, we would argue that User Account Control is one of the few features that really differentiate modern Windows versions from the increasingly crusty XP, because there’s no way to add this kind of functionality to XP, even through third-party add-on software. User Account Control is effective, and as ongoing security assessments have proven, it really does work.
Great, but what is it exactly? In order to make the operating system more secure, Microsoft has architected Windows so that all of the tasks you can perform in the system are divided into two groups, those that require administrative privileges and those that don’t. This required a lot of thought and a lot of engineering work, naturally, because the company had to weigh the ramifications of each potential action and then code the system accordingly.
The first iteration of UAC was implemented in Windows Vista with what Microsoft thought to be a decent technical compromise. In response to overwhelming user feedback surrounding the frequency of prompts, however, Microsoft modified UAC in Windows 7 to make it “less noisy” (that is, less annoying) by default. They did this by implementing a pair of “Notify me only when. . .” options, letting users perform common configuration tasks, prompting only when something out of the ordinary is done (for example, changing important configuration settings). The result is that UAC in Windows 7 is more configurable and less irritating than it was in Vista. But it’s even more controversial, because it’s not clear that it’s as secure as it used to be.
How UAC Works
Every user, whether configured as a standard user or an administrator, can perform any of the tasks in Windows 7 that do not require administrator privileges, just as they did in Windows XP. (The problem with XP, from a security standpoint, of course, is that all tasks were denoted as not requiring administrative privileges.) You can launch applications, change time zone and power-management settings, add a printer, run Windows Update, and perform other similar tasks. However, when you attempt to run a task that does require administrative privileges, the system will force you to provide appropriate credentials in order to continue. The experiences vary a bit depending on the account type. Predictably, those who log on with administrator-class accounts experience a less annoying interruption.
Standard users receive a User Account Control credentials dialog. This dialog requires you to enter the password for an administrator account that is already configured on the system. Consider why this is useful. If you have configured your children with standard user accounts (as, frankly, you should if you’re going to allow them to share your PC), then they can let you know when they run into this dialog, giving you the option to allow or deny the task they are attempting to complete.
Administrators receive a simpler dialog, called the User Account Control consent dialog. Because these users are already configured as administrators, they do not have to provide administrator credentials. Instead they can simply click Yes to keep going.
The presentation of these User Account Control dialogs can be quite jarring if you’re not familiar with the feature or if you’ve just recently switched to Windows 7 from XP. (Vista users are very well accustomed to this effect.) If you attempt to complete an administrative task, the screen will flash, the background will darken, and the credentials or consent dialog will appear somewhere onscreen. Most important, the dialogs are modal: you can’t continue doing anything else until you have dealt with these dialogs one way or the other.
There’s also a third type of User Account Control dialog that sometimes appears regardless of which type of user account you have configured. This dialog appears whenever you attempt to install an application that has not been digitally signed or validated by its creator. These types of applications are quite common, so you’re likely to see the dialog fairly frequently, especially when you’re initially configuring a new PC. Over time, these prompts will occur less and less because you won’t be regularly installing applications anymore.
By design, this dialog is more colorful and “in your face” than the other User Account Control dialogs. Microsoft wants to ensure that you really think about it before continuing. Rule of thumb: you’re going to see this one a lot, but if you just downloaded an installer from a place you trust, it’s probably okay to go ahead and install it.
The behavior of User Account Control has led some to describe this feature as needlessly annoying and a contributing factor to the (perceived) demise of Windows Vista. In reality, however, Windows Vista wasn’t the first operating system to use this type of security feature: Mac OS X and Linux, for example, have utilized a UAC-type user interface for years now. (You can see Mac OS X’s version of UAC—which debuted way back in 2001.)
And unlike with other operating systems, User Account Control actually becomes less annoying over time. That’s because most UAC dialogs pop up when you first get Windows 7. This is when you’ll be futzing around with settings and installing applications the most; and these two actions, of course, are the very actions that most frequently trigger User Account Control. The moral here is simple: after your new PC is up and running, User Account Control will rear its ugly head less and less frequently. In fact, after a week or so, User Account Control will be mostly a thing of the past. You’ll forget it was ever there.
How UAC Has Changed in Windows 7
User Account Control debuted in Windows Vista to a resounding thud, for both users and reviewers. And that’s too bad, because as we’ve noted again and again, UAC is both effective and far less annoying than many realize. But Microsoft is a customer-centric company, and when people complain, they actually listen. And sometimes, when the stars align just right, they do something about it.
In the case of UAC, this action took a number of forms. At a general level, Microsoft has dramatically reduced the number of tasks that require UAC elevation prompts. So the overall experience should be less annoying, assuming you’re used to how UAC works in Windows Vista. And Microsoft has even given users a graphical interface, logically called User Account Control settings, for adjusting how UAC behaves.
You access User Account Control settings from the Action Center; there’s a link in the side pane titled User Account Control settings that will trigger the UI. Or, simply type user account control in Start Menu Search.
User Account Control settings couldn’t be easier: there’s a simple slider control with four settings, which one might think of as “really annoying,” “annoying,” “less annoying,” and “Windows XP.” (Homeland security might consider a similar scale.)
More formally, these settings are as follows:
- Always Notify: At this most heightened level, UAC will prompt you anytime a software install or configuration change is detected, or whenever the user makes changes to Windows settings.just like Windows Vista.
- Notify me only when programs try to make changes to my computer: This is indeed the default setting. Here, UAC will prompt you anytime a software install or configuration change is detected. But it will not prompt when the user makes changes to Windows settings. Initial setup tasks like setting the clock, updating device drivers, and formatting partitions can now be performed speedily without having to confirm each time.
- Notify me only when programs try to make changes to my computer: This setting is almost identical to the previous setting, but with one important difference: UAC does not invoke the secure desktop during prompts. This has a few ramifications. First, UAC will be less annoying (though no less frequent) than with the default setting, because you won't see that jarring flash that occurs when the secure desktop is invoked. The screen will not go dark, and the UAC prompt will not be modal, meaning you can do other things instead of addressing the prompt immediately. (On the flip side, you can also easily lose track of the UAC prompt because it will just be one of many potential windows on screen and won't appear prominently or appear special in any way.) Finally, it will be slightly less secure: the secure desktop feature ensures that malicious software applications cannot spoof the UAC dialog.
- Never notify: In this least secure setting and least recommended setting, UAC will not warn you when software is installed or changed, or when the user makes changes to Windows settings.
So, with all these options, I know you're eagerly awaiting our expert opinion on what it is you should do. And that's maybe the easiest advice we've ever given: you should do nothing. In fact, you should never even visit this UI. Just leave UAC alone and let it do its thing. UAC is there for a reason and, as noted earlier, it gets less annoying over time anyway. There is absolutely no reason to change how UAC works.
Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!