Lesson 4: Setting Properties for User Accounts

Lesson 4:?Setting Properties for User Accounts

Windows XP Professional creates a set of default account properties for each local user account. After you create a local user account, you can configure the account properties using the Computer Management snap-in. The account properties are grouped under three tabs in a user account-name Properties dialog box: General, Member Of, and Profile.


After this lesson, you will be able to

  • Set properties for user accounts

Estimated lesson time: 30 minutes


The General Tab

The General tab in the account-name Properties dialog box (see Figure 3.10) allows you to set or edit all the fields from the New User dialog box, except User Name, Password, and Confirm Password. In addition, it provides an Account Is Locked Out check box.

Figure 3.10??The General tab of the Properties dialog box for a user account

If the account is active and is not locked out of the system, the Account Is Locked Out check box is unavailable. The system locks out a user who exceeds the limit for the number of failed logon attempts. This security feature makes it more difficult for an unauthorized user to break into the system. If the system locks out an account, the Account Is Locked Out check box becomes available, and an administrator can clear the check box to allow user access.

The Member Of Tab

The Member Of tab in the account-name Properties dialog box allows you to add the user account to or remove the user account from a group. For information about groups, see Lesson 5, "Implementing Groups."

The Profile Tab

The Profile tab in the Properties dialog box allows you to set a path for the user profile, logon script, and home folder (see Figure 3.11).

Figure 3.11??The Profile tab of the Properties dialog box for a user account

User Profile

A user profile is a collection of folders and data that stores your current desktop environment, application settings, and personal data. It also contains all the network connections that are established when you log on to a computer, such as Start menu items and drives mapped to network servers. The user profile maintains consistency by providing the same desktop environment every time you log on to the computer.

Windows XP Professional creates a user profile the first time you log on to a computer and stores it on that computer. This user profile is also known as a local user profile.

User profiles operate in the following way on client computers running Windows XP Professional:

  • When you log on the client computer, you always receive your desktop settings and connections, regardless of how many users share the same client computer.
  • The first time you log on to the client computer, Windows XP Professional creates a default user profile for you. The default user profile is stored in the system_partition_root\Documents and Settings\user_logon_name folder (typically C:\Documents and Settings\user_logon_name), where user_logon_name is the name you enter when logging on to the system.
  • The user profile contains the My Documents folder, which provides a place to store personal files. My Documents is the default location for the File Open and Save As commands. My Documents appears on the Start menu, which makes it easier to locate personal documents.
    Users can store their documents in My Documents or in home folders, such as a home directory located on a network server. Home folders are covered later in this lesson. Windows XP Professional automatically sets up My Documents as the default location for storing data for Microsoft applications. If there is adequate room on the C drive or the drive where Windows XP Professional was installed, users can store their documents in My Documents. However, using My Documents to store personal data greatly increases the amount of space required on a hard disk for installing Windows XP Professional well beyond the minimum.
  • You can change your user profile by changing desktop settings. For example, if you make a new network connection or add a file to My Documents, Windows XP Professional incorporates the changes into your user profile when you log off. The next time you log on, the new network connection and the file are present.
For information about creating, modifying, and managing user profiles, see Chapter 10, "Configuring Windows XP Professional."

Logon Script

A logon script is a file you can create and assign to a user account to configure the user's working environment. For example, you can use a logon script to establish network connections or start applications. Each time a user logs on, the assigned logon script is run.

Home Folder

In addition to the My Documents folder, Windows XP Professional allows you to create home folders for users to store their personal documents. You can store a home folder on a client computer, in a shared folder on a file server, or in a central location on a network server.

Storing all home folders on a file server provides the following advantages:

  • Users can access their home folders from any client computer on the network.
  • You can centralize backing up and administering user documents by moving the responsibility for backing up and managing the documents out of the hands of the users and into the hands of one of the network backup operators or network administrators.
The home folders are accessible from a client computer running any Microsoft operating system, including MS-DOS, Microsoft Windows 95, Microsoft Windows 98, Windows 2000 Professional, and Windows XP Professional.
Store home folders on an NT File System (NTFS) volume so that you can use NTFS permissions to secure user documents. If you store home folders on a file allocation table (FAT) volume, you can restrict home folder access only by using shared folder permissions.

To create a home folder on a network file server, complete the following steps:

  1. Create and share a folder for storing all users' home folders on a network server.

    The home folder for each user will reside in this shared folder.

  2. For the shared folder, remove the default Full Control permission from the Everyone group and assign Full Control to the Users group.

    This ensures that only users with domain user accounts can access the shared folder.

  3. In the account-name Properties dialog box, in the Profile tab, click Connect and select or type a drive letter with which to connect to the user account home folder on the network.
  4. In the To text box, type a Universal Naming Convention (UNC) name (for example, \\server_name\shared_folder_name\user_logon_name).

    Type the username variable as the user's logon name to automatically give each user's home folder the user logon name (for example, \\server_name\Users\%username%). Naming a folder on an NTFS volume with the username variable assigns the NTFS Full Control permission to the user and removes all other permissions for the folder, including those for the Administrator account.

To set User Account properties, complete the following steps:

  1. Click Start, point to All Programs, point to Administrative Tools, and click Computer Management.
  2. Under System Tools, double-click Local Users And Groups, and then click Users.
  3. In the details pane, right-click the appropriate user account, and then click Properties.
  4. Click the appropriate tab for the properties that you want to configure or modify, and then enter values for each property.

Practice: Modifying User Account Properties

This practice presents exercises that allow you to modify user account properties and test them.

Run the UserAccountProperties file in the Demos folder on the CD-ROM accompanying this book for a demonstration of modifying user account properties.

Exercise 1: Setting User Account Properties

In this exercise you set and then test the User Cannot Change Password property.

To set the User Cannot Change Password property and the Account Is Disabled property

  1. Log on as Fred or with a user account that is a member of the Administrators group.
  2. Click Start, click Run, type mmc, and then click OK.

    MMC starts and displays an empty console.

  3. On the File menu, click Computer Management Local.
  4. Expand Local Users And Groups and then click Users.

    MMC displays the user accounts in the details pane.

  5. Right-click User1 and then click Properties.
  6. In the User1 Properties dialog box, in the General tab, select User Cannot Change Password, and then clear all other check boxes.
    When you select the User Cannot Change Password check box, the User Must Change Password At Next Logon option is unavailable.
  7. Click OK to close the User1 Properties dialog box.
  8. Right-click User2 and then click Properties.
  9. In the User2 Properties dialog box, in the General tab, select the Account Is Disabled check box and clear all other check boxes.
  10. Click OK to close the User2 Properties dialog box.
  11. Close the Computer Management window, and if you are prompted about saving the console settings, click No.
  12. Log off the computer.

Exercise 2: Testing User Account Properties

In this exercise you test the properties for a user account.

To test User Account properties

  1. On the Welcome screen, click User1.
  2. In the Type Your Password dialog box, click the question mark icon for your password hint.

    Windows XP Professional displays the password hint you entered.

  3. In the Type Your Password text box, type password, and then press Enter.
  4. In the Control Panel, click User Accounts.

    Windows XP Professional starts the User Accounts tool.

  5. Click Change My Password.
  6. In the Type Your Current Password text box, type password.
  7. In the Type A New Password and Type The New Password Again To Confirm text boxes, Type User1.
  8. Click Change Password.

    What happens? Why?

  9. Log off as User1.

    Notice that disabled accounts such as User2 don't appear on the Welcome screen.

Lesson Review

The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."

  1. When can you select the Account Is Locked Out check box for a user and why?
  2. Which of the following statements about local user account properties are correct? (Choose all that apply.)
    1. You can configure all of the default properties associated with each local user account using the User Accounts tool located in the Control Panel.
    2. In Computer Management, the General tab in the account-name Properties dialog box for a user account allows you to disable the account.
    3. In Computer Management, the General tab in the account-name Properties dialog box for a user account allows you to select the Account Is Locked Out check box to prevent the user from logging on to the computer.
    4. You can use the Computer Management snap-in to configure all of the default properties associated with each local user account.
  3. Which of the following statements about user profiles are correct? (Choose all that apply.)
    1. A user profile is a collection of folders and data that stores the user's current desktop environment, application settings, and personal data.
    2. A user profile contains all the network connections that are established when a user logs on to a computer.
    3. Windows XP Professional creates a user profile when you create a new local user account.
    4. You must create each user profile by copying and modifying an existing user profile.
  4. Which of the following statements about user profiles are correct? (Choose all that apply.)
    1. Users should store their documents in home directories rather than in their My Documents folders.
    2. The Profile tab in the account-name Properties dialog box for a user account allows you to set a path for the user profile, logon script, and home folder.
    3. A user profile contains the My Documents folder, which provides a place for users to store personal files.
    4. When users change their desktop settings, the changes are reflected in their user profiles.
  5. What three tasks must you perform to create a home folder on a network server?

Lesson Summary

  • Each local user account that you create has an associated set of default properties.
  • The Computer Management snap-in allows you to easily configure or modify the local user account properties.
  • The General tab in the account-name Properties dialog box allows you to set or edit all the fields from the New User dialog box, except for User Name, Password, and Confirm Password. In addition, it provides an Account Is Locked Out check box.
  • The Member Of tab in the account-name Properties dialog box allows you to add the user account to or remove the user account from a group.
  • The Profile tab in the account-name Properties dialog box for a user account allows you to set a path for the user profile, logon script, and home folder.