Creating User Accounts

If you share your Mac with other people, you should create a user account for each person who will be using your machine. In addition to protecting your Mac from tampering, user accounts provide specific folders for the other users in which they can store information (such as application preferences) and documents and other files that are specific to them.

You can also customize the environment of each user account in several ways; for example, you can have a different set of applications start up for each user account and each user can have her own Dock and desktop configuration.

Rather than creating a single user account for each person, you can create a user account that several people share. This can be useful if there are people who use your Mac but don't necessarily need private directories. For example, if you share your Mac with children, you might want to create a single user account for them to use.


You should create at least two administrator accounts on your Mac. Use one for your normal activities, such as configuring the machine, working with applications, and so on. Save the other for use during troubleshooting. Sometimes, preferences associated with specific user accounts can become corrupted and other problems related to a specific user account can develop. As part of the troubleshooting process, you can log in under the "clean" administrator account to recover from problems and troubleshoot and solve them. This step often tells you whether a problem is related to a specific user account or your Mac OS X installation, applications, or hardware.


The System Preferences utility is somewhat analogous to the control panels in previous versions of the Mac OS. It enables you to make changes to various system settings. You will be using it throughout this book.

You use the System Preferences utility to create additional user accounts for your Mac with the following steps:

  1. Open the System Preferences utility by clicking its icon on the Dock or by selecting Apple menu, System Preferences. The System Preferences utility window has two panes; the upper pane is the toolbar on which you can store icons you access frequently. The lower pane shows the areas of the OS for which you can set system preferences (those being Personal, Hardware, Internet & Network, and System). Within each section are the icons for each area of the OS that you can configure. When you click an icon, the lower pane is replaced by the controls for the area to which the icon is related.

  2. Click the Accounts icon in the System area to open the Accounts pane of the System Preferences utility (see Figure 2.3). Along the left side of this pane is the list of user accounts on the Mac. At the top, the user account under which you are currently logged in is shown. Under the Other Accounts heading are the other user accounts that exist on the machine. Under each username, you will see the type of account it is, such as Admin, Standard, Simplified, and so on. At the bottom of the user list is the Login Options button, and just below that are the Add User (+) and Delete User buttons (-). The right part of the pane shows the tools you use to configure a user account.

    Figure 2.3. You can create user accounts with the Accounts pane of the System Preferences utility; in this figure, you can see that several accounts have been created on this machine, with two being administrator accounts.



    Notice in Figure 2.3 that the lock icon in the lower-left corner of the window is open indicating that I am currently authenticated as an administrator for this machine.

  3. Click the New User button, which is the plus sign located under the list of users. A new, empty user is added to the list; the tools in the right part of the pane are empty because you haven't configured them yet (see Figure 2.4).

    Figure 2.4. When you create a new user account, you use the fields and tools in the right part of the Accounts pane.


    Only an administrator can create new user accounts. If you aren't logged in as an administrator for your Mac, you have to authenticate yourself as being an administrator before you can create an account. To do so, click the Lock icon located in the lower-left corner of the window, enter the username and password for an administrator account, and click OK. This identifies you as an administrator temporarily so that you can make your changes.

  4. Enter the Name for the user account. The name is the "full" name for the user account; it doesn't have to be a real full name?that is, one name the user can use to log in to this user account. The name can be pretty much whatever you want it to be.

  5. Press Tab to move to the Short Name box. When you do, Mac OS X creates a short name for the user account. The short name is a name used for specific areas under that user account (such as the name of the user's Home folder) and for access to services provided under that account (such as the account's FTP site). The short name can be used instead of the name to cut down on the number of characters you have to type in specific situations, such as when you log in to the account (in which case the short name and name are interchangeable). However, the Home directory is always identified by the short name only.

    Mac OS X automatically creates a short name for the account; it just places all the letters in the name together with no spaces. You can choose to use this one, or you can change it to something else.

    The short name is used in several places, such as in the Web site address for the user account. Because of this, you should choose a meaningful short name, preferably some variation of the person's name, such as his first initial and last name.

  6. Edit the short name as needed, such as by replacing it if you don't like the one Mac OS X created for you automatically.


    Because of how they're used, short names can't include spaces. If you want to add a space to a short name, you need to use an underscore instead.

    The short name can be as few as one character and can't contain any spaces, dashes, or other special characters (Mac OS X won't let you enter any characters that are unacceptable). Underscores are acceptable. You should adopt a general rule about the short name for an account, such as using the first initial of the first name and the complete last name. Keeping the short name consistent will help you deal with other user accounts more easily.

    After it's created, you can't change the short name for a user account, so be deliberate when you create it.


    You can use a user account for any purpose you want. For example, because each user account has its own Web site, you might want to create a user account simply to create another Web site on your machine. For example, you might want to create a user called "Group Site" to serve a Web page to a workgroup of which you are a member.

  7. Enter the password for the user account. A password is what you expect?it must be used to access the user account. For better security, use a password that is eight characters long and contains both letters and numbers (this makes the password harder to crack). Passwords are case sensitive; for example, mypassword is not the same as MyPassword.

    If you leave the Password field empty, a password will not be required to log in to the account. When you choose to do this, you will see a warning dialog box when you attempt to save the account. If you ignore this warning, the account is created without a password. When the user logs in to the account, he can select it and log in without entering a password. Obviously, this is not a secure thing to do, but it can be useful nonetheless. For example, you might choose to create an account for children whom you don't want to have to use a password. When you create such "unprotected" accounts, you should use the Limitations tools to limit access to your Mac, such as by using the Simple Finder option.


    You can remove a password from an existing account even though the system tells you this can't be done. Just remove the password, save the account changes, click Ignore in the warning dialog box, and then click OK in the dialog box that tells you this change won't be accepted. It is actually accepted and the account no longer requires a password.

    To learn how to configure an account's capabilities, see "Testing and Configuring User Accounts," p. 39.

  8. Press Tab and retype the password in the Verify box.

  9. Press Tab and enter a hint to remind the user what the password is. This reminder is optional; if a user fails to log in successfully after three attempts, this hint can appear to help him remember him password.

  10. Click the Picture tab. This enables you to associate an image with the user account. This image appears in the login box and is the default image associated with a user's address card in his Address Book application.

  11. Select a login picture for the account.

    To choose one of the default images included with Mac OS X, click the Apple Pictures collection. The images it contains appear in the right pane of the window. To select an image, click it.


    When you are working with the current user's account and that user has an image in his Address Book card, the image from the Address Book card is used for the login image.

    To learn about the Address Book, see "Setting Up and Using an Address Book," p. 330.

    If you want to use another image for the account, click the Edit button. The Images dialog box appears (see Figure 2.5). Drag an image onto the image well in the center of the box. Click Choose and move to and select an image, or click Take Video Snapshot to capture an image from a video camera (such as an iSight camera) attached to your Mac. When the image is shown in the image well, use the slider to crop the image to the part you want to use. Then click Set. The image is shown in the image well on the Picture tab and is used for that user account.

    Figure 2.5. You can use the Images dialog box to select an image for a user account.


    The image you use as the login picture can be a JPEG or TIFF. However, you can't use a GIF as a login picture.


    If you have worked with other images recently, click the Recent Pictures pop-up menu at the top of the Images dialog box and select the image you want to use.

    The default login pictures (those shown on the scrolling list) are stored in the directory Mac OS X/Library/User Pictures, where Mac OS X is the name of your Mac OS X startup volume. You can install additional images in this directory to make them available as part of the Apple Pictures collection.

  12. Click the Security tab (see Figure 2.6).

    Figure 2.6. You use the Security tab to make a user an administrator and configure the FileVault feature.


    FileVault encrypts all of a user's files for security purposes. To learn how to use FileVault, see "Securing Your Mac with FileVault," p. 897.

  13. If you want this account to be an administrator account, check the "Allow user to administer this computer" check box. If you make the account an administrator account, skip to step 14.

  14. Click the Limitations tab (see Figure 2.7). You use this tab to set limits on the user account. (When working with an administrator account, this tab is grayed out because an administrator has no limitations.)

    Figure 2.7. You can use the Limitations tab to define exactly which areas of the system a user will be able to access.


There are three tabs on this screen. Each implies a set of permissions for the user account you are configuring:

  • No Limits? If you click this tab, the user has no limits except those actions that are reserved for an administrator account, such as changing certain system preferences, installing applications, and so on. If you select this option, you don't do any further configuration.

  • Some Limits? This tab, shown in Figure 2.7, presents controls you can use to limit a user to certain actions, including opening (not changing!) all system preferences, modifying the Dock, changing a password, and burning CDs and DVDs. If the check boxes for those actions are checked, the user can perform those actions; if they are not checked, the user is prevented from performing those actions.

    The lower part of the window enables you to select specific applications to which the user has access. To do this, check the "This user can only use these applications" check box. The controls in the bottom part of the window become active. To allow all the applications stored in a specific area, such as in the Applications folder, check the box for that area. To limit a user to specific applications within an area, click the area's Expansion triangle, which causes a list of the applications in that area to be shown. Check the box next to each application you want the user to be able to use; uncheck the box for those applications you don't want the user to be able to use.


    Use the Allow All button to allow the user to use all applications. Use the Uncheck All button to uncheck all the boxes shown in the window. Use the Locate button to locate and select applications outside of those shown in the areas listed in the window.

  • Simple Finder? This provides the most basic level of access. As you might expect from its name, the Simple Finder provides a less complex interface for a user and greatly restricts what that user can do. When a user is logged in with the Simple Finder, the Dock contains only five icons: Finder, My Applications, Documents, Shared, and Trash. These are the only areas the user can access. For example, under the Simple Finder, a user can store documents only in his Documents folder and can't open other folders. The only Finder commands the user can access are Sleep, Log Out, About Finder, the Hide/Show Finder commands, and Close Window. The Simple Finder makes your machine more secure because it limits the actions of a user so severely. Using the Simple Finder can be a good choice if the user for whom you are creating an account has minimal computer skills, such as for very young children or someone who is totally new to the Mac.

    When you select this option, you will see the same application configuration tools that appear on the Some Limits tab. They work in the same way, too. Along with being limited to specific applications, when a user has the Simple Finder limitation, he has a simplified Dock, Apple menu, and other options.


If you have not turned off the Automatic Login mode and you create a new user account, you will see a dialog box asking whether you want that mode to be turned off. The account that is logged in automatically is also shown in this dialog box. (If you have disabled the Automatic Login mode already, you won't see this dialog box.)

Following are a few more points about setting a user account's capabilities:

  • Some settings are dependent on others. For example, if you uncheck the "Open all System Preferences" check box, the "Change password" check box becomes disabled. This is because, if the user can't access the System Preferences utility, she won't be able to access the Accounts pane that contains the tools needed to change the password.

  • You can use the Check All or Uncheck All button to select or deselect all applications at the same time.

  • The Locate button enables you to select applications that don't appear on the list of applications by default. When you click this button, an Open dialog box appears. You can use this dialog box to move to and select an application.

  • The last entry on the list of application folders is Others. If your machine can access applications that aren't stored in one of the standard Mac OS X application folders, they appear under the Others category.


Under Mac OS X, the default button in a dialog box is indicated by the pulsing (also called throbbing) action. As under previous versions of the Mac OS, you can activate the default button by pressing the Return or Enter key (as with the OK button in the authentication dialog box).

    Part I: Mac OS X: Exploring the Core
    Part III: Mac OS X: Living the Digital Life