In both business and home environments, many computer systems are used by more than one person.  In such environments, it is increasingly important to retain and maintain levels of privacy and security between the various individuals who require access to a specific computer. 

Windows XP significantly improves the security features that are available to individual users.  The following notes explain some of the basic facilities provided by XP. 

Access to Windows XP is usually provided by requiring each user to log on to the computer (although this can be disabled if you do not wish to force each user to log on, in which case, each user will share the same folders and there will be no security between users).  Normally however, each user will be provided with a user “account” which defines the users ID, password, and what features and facilities are available to that user. 

New accounts and modification to existing accounts can only be carried out by the Administrator or someone who has been delegated with Administration authority (see below).

The Administrator

Unlike earlier versions of Windows (’95, ’98 and ME), XP introduces the concept of an “Administrator” for the computer.  The Administrator user of Windows XP is created during the installation of Windows XP and is automatically given full control over every aspect of the computer on which Windows is installed.  It is VERY important that when this account is created during installation, the password associated with the Administrator account is kept secure and not lost.  There are many facilities built in to XP that can only be implemented or modified by the Administrator.

Since the Administrator has so much power over the configuration, and security of the system, it is usually wise to limit when the Administrator logs on to the system.  Conventionally, a second user account is usually created, and granted the same rights as the Administrator. 

This “super user” can carry out the same functions, but should his account become damaged, or accidentally deleted for example, then it is still possible to gain access to the system to carry out the administrative functions by using the Administrator logon account (which cannot be deleted). 

The Administrator (or any other user who has been given Administrator rights) is the only person who can add new user accounts to the system and implement any of the extensive security features of Windows XP.

Creating a new account

If you are the Administrator, or have administration rights, then you can create or modify existing user accounts.  Here’s how:

1.        Go to CONTROL PANEL and click on the USER ACCOUNTS icon.

2.        Select CREATE NEW ACCOUNT.  You are then asked to type in the name of the new user.  This should be the log on name that the user will enter to log on to the computer.

3.        The following screen asks you to “Pick an account type” – this determines whether this new user is to have Administrator rights or be a “Limited user”.  A limited user will have full access to his or her own folders and any folders that have been declared as “shared”, but cannot do any administrative functions. 

NB: If you hover the mouse over each of the two alternatives, the screen will describe the rights available to each category. 

4.        Select which category is appropriate for this user and click on CREATE ACCOUNT.  This will take you back to the main User Accounts screen.

5.        The next step is to define other parameters that will apply to the account.  Click on the name of the new account that was just created and you will be presented with the following screen:

6.        From here, you can change this user’s name, create a password (recommended!), change the icon associated with the user, change the user from a “limited” user to one with administrator privileges or delete the account.  If you do not create a password for the user, then anyone can access his or her folders without any security.

Having set the new user up with a User ID and password, he or she will be able to log on to the computer and be assured that other users of the same computer will not be able to gain access to any private folders (those in the MY DOCUMENTS folder and any sub-folders), as these are secure and only accessible by that user.

Folder security within Windows XP is quite extensive, allowing the Administrator to grant or deny access to any folder or resource on the computer.  “Access” can mean full control (create, modify, or delete folders and files), or the ability only to read files within specific folders.  These facilities can become quite complex, and space does not allow us to cover the subject in any further detail.  However, you can obtain extensive help if you go here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418&Product=winxp

Alternatively, if you require further assistance in implementing tighter security on your computer system(s), then call Alan Finch on 01224 697457.