IN IT SUPPORT CIRCLES, A GREAT MANY ISSUES
are blamed on a PEBKAC, which is an acronym for “Problem Exists Between
Keyboard And Chair.” It’s impossible to have a computer problem without a
user being involved in some way, usually as the cause, inadvertently or
otherwise. This is why IT support departments have such strict rules
about how users operate their computers. It’s also why the people who
manage and work in IT departments are often regarded as aggressive and
authoritarian. But if a system goes down, it could cost an organization
thousands, maybe tens of thousands, of dollars in lost revenue or
productivity, and the IT department is ultimately responsible for
mitigating such losses.
This brings us back to the user, which is undeniably the weakest part
of any computer system’s integrity. I say this because computers can
only do things according to their programming. A piece of software or
hardware will do things the same way every time. Human beings, on the
other hand, are unpredictable, driven by emotion, mood, and
circumstance. To prevent issues, you have to be able to control the
user, even if that user is you!
1. How User Account Control Works
With every legacy version of Windows up to and including Windows XP,
users are administrators by default. This means that they have complete
control over everything in the operating system and can install programs
and delete or move files without restriction. This is still the case
with Windows 8, but User Account Control (UAC) adds a layer of protection.
Because of problems running legacy software in Windows, the full
security afforded to other operating systems, such as Apple OS X and
Linux, isn’t possible. But Windows developers recognize that users might
occasionally make changes to the operating system, either
unintentionally or without understanding the true repercussions. More
important, Windows developers know that malicious software and viruses
will want to do this, too.
UAC helps prevent
inadvertent or malicious changes to critical system processes by putting
a security layer between the user and any action that Windows
determines could cause harm to or destabilize the operating system. When
UAC is activated by a questionable action, Windows 8 drops into a secure desktop where only the UAC dialog box is active and where only a user, not software, can make a selection.
UAC is a useful but not foolproof way to protect Windows 8 from
attack. As comedy science fiction author Douglas Adams once famously
said, “A common mistake people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.” Although this observation fails to take into account the simple
fact that many people are often bemused or confused by technology, or
even tricked by malware into clicking something they shouldn’t, it does
apply to some degree to UAC. It’s still too easy for a user to click Yes
without reading or properly understanding the implications of making
such a decision. What isn’t helpful is that UAC messages are frequently
unclear, and it can be difficult to determine what is trying to change
what.
2. Managing User Accounts
There are a great many ways to manage users on a computer and to
prevent anyone from installing unauthorized software, making unnecessary
changes, and downloading and opening harmful files from the Internet.
But managing user accounts can be a complex process. This section covers
some ways to manage user accounts.
Setting an Administrator Password
With UAC, a user can bypass security warnings by simply clicking
through a dialog box. For better security on a multiuser desktop, you
can set the main user as an administrator and all other users as standard users. Standard users have far fewer privileges to change Windows. They are even further restricted if you establish a password for the administrator account so that nobody can click through a UAC dialog box without entering the password.
To set up additional user accounts on your computer, follow these simple instructions:
-
Open the Start screen and swipe in from the right of the screen or press Windows logo key+C.
-
Click the Settings charm.
-
Click Change PC Settings.
-
Click Users, as illustrated in Figure 1.
-
Click the + (plus) button next to Add A User.
You now have a choice of whether to allow the user to use their Live
ID on the computer or you can click Don’t Want This User To Sign In
With A Microsoft Account? to create a user account specific to this
computer, as shown in Figure 2.
If you sign in with a Live ID the computer will ask for your username and password. If you creating a local account, proceed to step 7.
Caution
Signing into a computer that you do not intend to use regularly can
leave Internet Favorites and temporary files on the PC that can
potentially be accessed by other users. Deleting the user account when
you are finished or signing in to the guest account can help prevent these problems occurring.
-
Windows 8 displays an explanation regarding the difference between creating a local or Live ID account (see Figure 3). Click Local Account to continue.
-
In the text boxes shown in Figure 4, type a username and optional password for the account.
-
When the account has been created, click Finish, as demonstrated in Figure 5.
The guest account
setting in Windows 8 can prevent occasional visitors from making changes
on your computer or doing things that can affect other users.
It is also a useful way to quickly create a user account when you have
visitors or someone new who wants to use your computer.
You turn on the Guest account from the Users section of the full Control Panel. To do this, open the Start screen, search for User, and then in the settings search results, click User Accounts.
Note
A guest account is simply an existing standard user account that can
be switched on and off as needed. It should be noted that unless you
have a password on your administrator account, anyone logged in as the
guest user will be able to click Yes on UAC security prompts.
