New User Account Features

By now, most Windows users are probably used to the notion of user accounts and how each user on a PC can have his or her own individual settings, documents, and other features. In Windows Vista, Microsoft has simplified the user account types down to just two, and locked them down to make the system more secure. Using new Windows features such as User Account Control and parental controls, it’s possible to modify Vista’s user-related security features. In this article, we’ll examine both of these new features.

Understanding User Accounts Starting with Windows XP, Microsoft began really pushing the concept of user accounts to consumers. That’s because XP, unlike previous Windows versions, was based on the Windows NT code base, and NT was developed to be a mission-critical competitor to business operating systems such as Unix. Previously, consumer Windows products like Windows 95 and Windows Me had provided only the barest possible support for discrete and secure user accounts because those systems had been architected for single users only. Windows Vista, like Windows XP, is based on the NT code base. And that means that versions of Vista are being marketed to both individuals and businesses, and that Vista will retain - and enhance - the notion of each user having his or her own user account through which they access the PC. What we’re concerned with primarily is how user accounts have changed in Windows Vista. Okay, maybe a short review is in order. When you installed or configured Windows XP for the first time, you were prompted to provide a password for the special Administrator account and then create one or more user accounts. Administrator is what’s called a builtin account type. The Administrator account is typically reserved for system housekeeping tasks and has full control of the system. Theoretically, individual user accounts - that is, accounts used by actual people - are supposed to have less control over the system for security reasons. In Windows XP, that theory was literally a theory. Every user account you created during XP’s post-setup routine was an administrator-level account, and virtually every single Windows application ever written assumes that every user has administrative privileges. It was an ugly chicken-and-the-egg situation that has resulted in several years of security vulnerabilities, because malicious code running on a Windows system runs using the privilege level of the logged on user. If the user is an administrator, so is the malicious code. In Windows Vista, everything has changed. Sure, you still create user accounts, hopefully with passwords. And you log on to the system to access applications, the Internet, and other services. But in Windows Vista, user accounts - even those that are graced with administrative privileges - no longer have complete control over the system, at least not by default. Microsoft, finally, is starting to batten down the virtual hatches and make Windows more secure. And although there are ways to counteract these moves, the result is a more secure operating system than previous Windows versions, one that hackers will find more difficult to penetrate. Let’s see what’s changed.

Creating the Initial User Account When you install Windows Vista for the first time, or turn on a new computer that has Windows Vista preinstalled, you will eventually run into the so-called out-of-box experi- ence (OOBE), where Vista prompts you for a few pertinent bits of information before presenting you with the Windows desktop. Unlike with XP, an Administrator account is not created by default. Instead, you are prompted to create a first user account during the OOBE, and that account is granted administrative privileges.

Understanding Account Types Windows Vista, unlike XP, supports just two account types. The first, administrator, is exactly what it sounds like, and is the same as the administrator account type in Windows XP. Administrators have complete control of the system and can make any configuration changes they need to, though the method for doing so has changed somewhat since XP. The second user account type is called standard user. A standard user can use most application software and many Windows services. Standard users are, however, prevented from accessing features that could harm the system. For example, standard users cannot install applications, change the system time, or access certain Control Panel applets. Naturally, there are ways around these limitations, which we’ll discuss in a bit. Microsoft would like most people to run under a standard user account. And although this would indeed be marginally safer than using an administrator account, we can’t recommend it. That’s because Microsoft has actually locked down the administrator account in Windows Vista, making it safer to use than before. More important, perhaps, you’ll ultimately find an administrator account to be less annoying than a standard user account. To find out why that’s so, we need to examine a new security feature in Windows Vista called User Account Control.

User Account Control In order to make the system more secure, Microsoft has architected Windows Vista such that all of the tasks you can perform in the system are divided into two groups, those that require administrative privileges and those that don’t. This required a lot of thought and a lot of engineering work, naturally, because the company had to weigh the ramifications of each potential action and then code the system accordingly. What they’ve arrived at is a decent compromise, and although some of the security controls in Windows Vista will likely cause fits in certain circles, many users will understand that they’re in place to keep the system more secure and will learn to live with them. Our feeling is that anyone who’s been bitten by a worm, virus, Trojan, or other bit of malicious code will gladly and willingly accept the new restrictions. Here’s how it works. Every user, whether configured as a standard user or administrator, can perform any of the tasks in Windows Vista that are denoted as not requiring administrator privileges, just as they did in Windows XP. You can launch applications, change time zone and power management settings, add a printer, run Windows Update, and perform other similar tasks. However, when you attempt to run a task that does require administrative privileges, the system will force you to provide appropriate credentials in order to continue. The experiences differ a bit, depending on the account type. Standard users receive a User Account Control credentials dialog box, 9-1.

This dialog box requires you to enter the password for an administrator account that is already configured on the system. Consider why this is useful. If you’ve configured your children with standard user accounts, they can let you know when they run into this dialog box, giving you the option to allow or deny the task they are attempting to complete. Administrators receive a simpler dialog box, called the User Account Control consent dialog box, which is shown in article 9-2. Because these users are already configured as administrators, they do not have to provide administrator credentials. Instead, they simply need to click Continue to keep going. By default, administrators using Windows Vista are running in a new execution mode called Admin Approval Mode. This is the reason you see consent dialog boxes appear from time to time. You can actually disable this mode, making administrator accounts work more like they did in XP, without any annoying dialog boxes popping. However, you should realize that disabling Admin Approval Mode could open up your system to attack. If you’re still interested in disabling this feature, or disabling User Account Control, we will discuss ways to do so at the end of this section. Conversely, administrators who would like Windows Vista to be even more secure can also configure the system to prompt with a User Account Control credentials dialog box - which requires a complete password - every time they attempt an administrative task. This option is also discussed shortly. The presentation of both of these dialog boxes can be quite jarring. If you attempt to complete an administrative task, the screen will flash, the background will turn black, and the credentials or consent dialog will appear in the middle of the screen. You cannot continue doing anything else until you have dealt with these dialog boxes one way or the other. For the record, there’s actually a third type of User Account Control dialog box that will appear occasionally regardless of which type of user account you have configured. This dialog box appears whenever you attempt to install an application that has not been digitally signed or validated by its creator. These types of applications are quite common, so you’re likely to see the dialog box shown in article 9-3 fairly frequently. By design, this dialog box is more colorful and in-your-face than the other User Account Control dialog boxes. Microsoft wants to make sure you really think about it before continuing. Rule of thumb: You’re going to see this one a lot, but if you just downloaded an installer from a place you trust, it’s probably okay to go ahead and install it.

Disabling and Configuring User Account Control As we mentioned previously, many people are going to be annoyed by User Account Control and will want to simply disable it. This is easily done, but it’s not recommended. You can also configure various User Account Control features using a hidden management console. In this section, we’ll describe both of these options.

Disabling User Account Control You can disable User Account Control across the board for all users of a given PC by navigating to the User Controls section of the Control Panel (in Control Panel -> User Accounts and Family Settings -> User Accounts) and selecting the option titled Change security settings. This will load the Change Security Settings window shown in article 9-4. To disable User Account Control, simply uncheck the option titled Use User Account Control (UAC) to help protect your computer and then click the OK button. Note that you will have to reboot your computer for the changes to take affect. If you want to disable User Account Control for just a single user, you simply need to select a single check box in the User Accounts Control Panel. The quickest way is to open the Start menu and click the picture that’s associated with your user account. Then, in the User Accounts window that appears, click Turn User Account Control on or off. You’ll see the required check box in the next window.

Configuring User Account Control Microsoft makes a number of User Account Control settings available through the hidden Local Security Settings management console. To launch this console, open the Start menu and type

secpol.msc and then tap Enter. To access the User Account Control options, you will need to expand the Local Policies and Security Options nodes in the tree view under Security Settings in the left pane of the management console. When you do so, the right pane will fill up with a list of security options. Scroll to the bottom and you will see eight security options related to User Account Control. The Local Security Settings management console should be used only on PCs that are not centrally managed by a Windows Server–based Active Directory (AD)-based domain. Unless you work for a large company, it’s unlikely that your PC is centrally managed in this way.

Parental Controls Although Windows XP was the first version of Windows to make user accounts truly usable, Windows Vista is the first to make them safe for children. Now, it’s possible to apply parental controls on your children’s accounts that will keep them away from the bad stuff online and off, and give you peace of mind that was previously lacking when the kids got on a computer. Vista’s parental controls are available on a per-user basis, and you might be surprised by how well they work. Parental controls are available in Windows Vista Home Basic, Home Premium, and Ultimate, but not Business or Enterprise.

Configuring Parental Controls To set up parental controls, you first need to configure one or more user accounts as standard user accounts. Then, from an administrator account, you can configure parental controls. To do so, navigate to Control Panel -> User Accounts and Family Safety -> Parental Controls. You can only configure parental controls on one account at a time. If you have three children to which you’d like to apply identical parental controls, unfortunately, you will have to repeat these steps for each of your children’s accounts. Also, note that you cannot apply parental controls to an administrator account. By default, parental controls are not configured for any standard user accounts. When you enable parental controls, you can configure the features discussed in the following sections.

Activity Reporting When this feature is enabled, your children’s parental control-related activity is recorded and presented to you periodically in report form. The reports are available from this Parental Controls window and include such things as top 10 web sites visited, most recent 10 web sites visited, logon times, applications run, instant message conversations, link exchanges, web cam usage, audio usage, game play, file exchanges, and SMS messages, e-mails received and sent, and media (audio, video, and recorded TV shows) played. Reports are available for each standard user account. There’s also a different report type, called General System, that logs such things as when parental control settings, accounts, or the system clock are changed, or when users fail to log on correctly because of entering an incorrect password (or when attempting to log on during a time period that is forbidden because of parental controls).

Web Restrictions The web restrictions parental controls determine what web content your children can access. 9-8, this control gives you fine-grained control over web access. You can block web content using web restriction levels (plain English ratings like Low, Medium, and so on) or by content type (block sites related to alcohol, bomb making, gambling, hate speech, and other categories). You can also completely block all file downloads.

Time Limits The time limits parental control uses a graphical grid to let you configure exactly when your kids can use the computer. By default, Windows Vista users can use the PC on any day at any time. But by dragging your mouse around the grid shown in article 9-9, you can prevent your children from using the computer at specific hours, such as late at night or during school hours.

Games The games parental control determines whether your children can play games on the PC and, if so, which games they can access. By default, standard account holders can play all games. However, you can fine-tune that setting using the screen shown in article 9-10, which appears when you click Set game ratings. Here, you can set acceptable game ratings using the Entertainment Software Ratings Board’s (ESRB) rating system, or block games based on content (online, blood and gore, drug reference, and so on). You can also block or allow specific games, which is surprisingly helpful because many Windows games do not digitally identify their ESRB rating.

Allow and Block Specific Programs This final setting lets you manually specify specific applications that you do or do not want your child to use. By default, standard users can access all of the applications installed on the system. However, using the interface shown in article 9-11, it’s possible to fine-tune what’s allowed. If you don’t see an application in the list, click Browse to find it. One of the most unique features of Windows Vista’s parental controls is that they don’t need to be used only with children. Indeed, many security-conscious users will find that it’s actually worth setting up a standard user account for themselves, applying various parental controls to it, and then using that account for their normal PC operations. Why would you want to do such a thing? Well, you might want to protect yourself from some of the nastier things that happen online for starters. Something to think abou

Running as Standard User with Parental Controls You may be wondering what the experience is like running a standard user account to which parental controls have been applied. For the most part, it’s just like running a standard account normally. However, certain actions will trigger parental control blocks, depending on how you’ve configured parental control restrictions. Note that you can ask for permission to run individual blocked applications. When you choose this option, the User Account Control credentials dialog box appears, giving the parent a chance to come over to the machine, review what is happen, and decide whether to give their permission. The Web experience is similar. If you use Internet Explorer to browse to a type of site that is forbidden via parental controls, IE will display the page shown in article 9-13. Again, you can click the Ask an administrator for permission link to get an override. When you do so, the User Account Control credentials dialog box appears as you might expect. If you attempt a web download, and web downloads are restricted with parental controls, you’ll see the dialog box in article 9-14. In this case, there is no administrator override: Downloads have been explicitly restricted with parental controls.

Summary Windows Vista, for the first time, makes it possible for users to run the system in more secure ways, thanks largely to advances in the way that user accounts are handled. Although features like User Account Protection will often seem annoying, the alternative is worse, as evidenced by the past half-decade of Windows security vulnerabilities. Vista’s parental controls, meanwhile, finally extend a measure of safety to your children, whether they’re using local applications or browsing the Web.