The Windows operating system combines user authentications with groups of users to define rights and permissions. In this video, you’ll learn how to manage the local users and groups in your Windows OS.
<< Previous Video: Using Windows Device ManagerNext: Windows Local Security Policy >>
— start your Windows operating system, you are commonly prompted for a username or a password, and that gives you access to have certain rights and permissions while you’re using the operating system.
These rights informations are assigned to you as a user. You’re assigned a username and you use that username during the login process. There are a couple of different kinds of users. One is the administrator. This is the one that really has all of the control when you’re using Windows.
There’s also a guest user that is commonly disabled, but you can configure it to give people very limited access to the operating system. This can be a bit of a security concern, so the guest account is commonly disabled by default. And everyone else is the regular user. You’re not an administrator, you’re not the limited to guest user, you’re a user with certain rights and permissions that are associated with you while you’re using the operating system.
Another feature that allows you to set permissions for large groups of people at one time is built into the operating system, and it’s called Groups. Inside of these groups, we can assign users, and groups of users would then have access to a certain area of the hard drive. They might have access to a particular shared folder, or they may have the ability to perform certain operating system functions, like perform backups or reset passwords on the computer.
You can see some of the built in groups, like Administrators, Users, Backup Operators, Power Users. There’s many more that you can see inside of the operating system, and you can create groups for yourself so that you can administer who might have access to shared folders or other parts of the OS.
One of the easiest places to administer your users and your groups is in your computer management. So in Windows Vista and Windows 7, you choose your Control Panel under Administrative Tools and choose Computer Management.
Inside of Computer Management is a section for local users and groups. Notice that it says local users and groups. There are also users and groups that might be part of a Windows domain. A Windows domain is a much larger environment where you have centralized domain controllers and you assign all of the rights and permissions for all of your users on that central facility. You don’t go to everybody’s individual machine and set up your rights and permissions that way.
If you’re a medium to large business, it’s very common to have those Active Directory controllers set up to provide you with that Windows domain functionality. But if you’re not going to use a Windows domain, or this is a standalone computer, you need to configure all rights and permissions on everyone’s individual device. And that’s why it says local users and groups. Any changes we make inside of this users and groups area will only be applicable to this local computer.
This is a fresh installation of Windows 7, so let’s see the users that are available. I’ll click the Users folder. And you can see, there are three users in here currently. There is an administrator, a guest, and a user that was created during the installation process, called Rodney McKay.
If we look at the properties of a user, you can then administer the different capabilities for this user. You can set a full name for this user, a description of who this user is, you can change password settings. In this case, notice that Rodney’s password never expires. And you could, of course, decide that, yes, his password should expire, and you can apply that, and now there will be a time out and he will periodically need to update his password.
You can see what members of groups this particular user is, and you see Rodney is only a member of the administrators group. If we wanted to add him to different groups, maybe we would not want him to be an administrator, we can always choose the Add button and choose to set different configurations inside of here.
You might even want to search for different groups that you might have on this computer, and we can find one, for instance, as backup operators. And if we choose that option, now Rodney becomes an administrator group and a backup operator group. And we can make changes to other groups as well, add multiples at the same time, and change whatever rights and permissions this user might need to have available to them.
If we wanted to add a new user, it’s a similar process. We simply right mouse click and choose New User, and we can fill in the blanks there. So you can add, remove, change configurations, and do whatever you need to do for the local users who might be accessing resources on this individual computer.
Now, let’s look at the groups. If I close this and choose the Groups section, you saw earlier there were a lot of built-in groups available, and you can see all of them listed here. Everything from administrators and backup operators, cryptographic operators, event log readers. All of these different groups give different rights and permissions.
If you wanted to add a new group, you simply right mouse click, and you can add a new group into this list, and even add the members into this group in the same way that you have before. You can also go into the individual group, for instance, the administrators group, and look at the properties and see who might be in there as well. And then you can add or remove individuals from those groups.
So this combination of groups and users give you a way to really precisely define what type of rights and permissions someone might have when they’re accessing resources on your individual computer.