The ability to use a computer is controlled through a user account.
- The user account identifies a specific user.
- Logon is the process of authenticating to the computer by supplying a user account name and the password associated with that user account.
- On Windows systems, the ability to perform actions on a computer, such as modifying system settings or installing hardware, are called rights.
- Access to files, folders, and printers is controlled through permissions. Permissions identify what the user can do with the associated object.
- Windows includes two built-in users.
- The Administrator account has all rights and permissions on the computer.
- The Guest account has very limited capabilities, usually restricted to logging on, viewing files, and running some programs. As a security measure, Windows XP and later automatically disables the Guest account to prevent logon to the system.
- Rights and permissions can be assigned to multiple users by using groups. Privileges assigned to the group are granted to all group members.
- On a Windows system, users and groups are stored in one of two locations:
- Local accounts are stored on each computer and control access to resources on that computer.
- Domain accounts are stored in a central database called the Active Directory. A domain controller is a special server that holds (among other things) user accounts, groups, and the rights and permissions assigned to them.
Windows systems have default groups that are created automatically. These groups have preassigned rights, permissions, and group memberships. You can rename these groups, but cannot delete them. The following table lists some of these groups:
|Administrators||Members of the Administrators group have complete and unrestricted access to the computer, including every system right. The Administrator user account and any account designated as a "computer administrator" is a member of this group.|
|Backup Operators||Members of the Backup Operators group can back up and restore files (regardless of permissions), log on locally, and shut down the system. Members cannot change security settings.|
|Power Users||Members of the Power Users group can:
|Users||Members of the Users group can use the computer but cannot perform system administration tasks and might not be able to run legacy applications.
|Guests||Members of the Guests group have limited rights (similar to members of the Users group). Members can shut down the system.|
Additional groups such as Network Configuration Operators and Replicator also exist. Additionally, many features or applications may create default groups. In most cases, you should not modify the membership or privileges of these groups without understanding how they are used.