User accounts in Windows Vista
In case the computer is used by multiple persons, it is very useful to create multiple user accounts. Each user has his or her own preferred settings, documents, e-mail accounts, contacts, calendar, internet bookmarks (favorites) and probably wants to be logged in with an instant messaging program. For every newly created user account, all the preferred settings have to be applied, which is not very efficient. Think about all the Windows settings, which are enough for half an hour clicking! That’s why this page describes how to setup multiple user accounts as efficient as possible.
Creating and setting up a user account
Changing the account specific settings (like the shown name, the picture, the password, the account type and parental control) can be changed by the item User Accounts of the Control Panel. Creating a new user account is done with the option Manage another account, option Create a new account. The new user account can be setup as a Standard user (an account with limited privileges to change essential system settings) or as an Administrator (an account with complete access to almost all settings). If it is not necessary that the user has to make any system changes, it is wise to create a standard user account with limited rights instead of an
administrator account with full control. Because the rights of a standard user are actually too
limited, it is wise to start with an administrator account and change the account type afterwards to a standard user (or don’t use the standard user at all…).
TIP: Be aware that it is still possible to do administrator tasks within a standard user account, but only when the username and password of an administrator account is known. If a task needs administrator rights, the user will be asked to enter the username and password of an administrator account (if this is not the case, right click the task/program and select Run as administrator).
USE SHORT ACCOUNT NAMES
At the moment of creating a user account, it is better not to use any spaces in the account name. This can be confusing for some older programs. Afterwards, when the user
account has been set up, it is still possible to change the shown account name (for example into a first and last name). After the change of the name, the first given account name will still be used internally.
If one user account is used by multiple persons, it will eventually happen that multiple passwords are stored for one and the same application. Sometimes this can be annoying, especially when Live Messenger has been used by someone else and logs on automatically. These passwords can be removed with the command control userpasswords2 used in the Start Search area of the start menu. Use the button Manage Passwords on het tab Advanced to remove the stored passwords which cause Windows to logon automatically.
Skipping the welcome screen
If there are multiple user accounts, a welcome screen is shown at start-up of Windows, but sometimes it is practical if one of the user accounts is logged on automatically (without showing the welcome screen). Especially when the other user accounts are barely used, this can be very useful. To accomplish the automatic logon, use the command control userpasswords2 in the Start Search area of the start menu, tab Users and deactivate the option Users must enter a user name and password to use this computer. In the next window, specify the user account name and the password of the account to be logged on automatically.
User Account Control and Run as administrator
In Windows Vista, all accounts are subject to additional security measures known under the name User Account Control (UAC). UAC makes sure that for every essential change in the system settings has to be confirmed twice: once by clicking a message from the program itself
and once by clicking a message of User Account Control. If this behavior becomes irritating or causes troubles, UAC can be deactivated with the option Turn User Account Control on or off in the item User Accounts in the Control Panel. The page about User Account Control has more information about limiting the number of UAC messages without completely deactivating User Account Control.
By default, an administrator account does not start with the additional administrator rights. If needed, the administrator rights can be activated by right clicking a program and to chose for Run as administrator. If a program needs these administrator rights to function properly, then it is possible to start the program with these rights by default. This is done by right clicking the shortcut or program and chose for Properties, tab Shortcut, button Advanced and to activate
the option Run as administrator (if available).
WHAT IF THE LIMITED RIGHTS ARE TOO LIMITED?
It happens frequently that a standard user is not able to apply certain necessary changes because the rights are too limited. If it is a onetime issue, the account could be changed to an administrator account temporarily, but that is not a perfect solution. A better method is to give the user account additional rights for files and registry keys to give them access without switching the account to an administrator account. The Sysinternals tool Process Monitor (download: www.microsoft.com) can be used to find out which files or registry keys are causing the problem. This tool monitors the requested files and registry keys after the command Capture Events has been given. The next step is to add permissions to those files and registry keys within an administrator account. These settings are available by right clicking the registry key, option Permissions, tab Security. Change the permissions of the user account to Full Control for the registry key (use the button Add if the user name is not yet available). When Full Control is activated, the user account is allowed to make any changes to the registry key. Changing the permissions of files and folders works similar. The permissions are available by right clicking a file or folder, option Properties, tab Security.
APPLYING EXTREME USER ACCOUNT LIMITATIONS
To prevent users from making undesired changes to the operating system, it is wise to apply account limitations. Windows SteadyState (download: www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx) is a very useful tool for this purpose because it restores all changes to the default settings after rebooting Windows.
Personal documents and settings for every user account
The personal documents and settings are stored in the folder C:\Users which contains subfolders for every user account (this folder is similar to the folder Documents and Settings of Windows XP). For every new user, a new subfolder is created automatically, to store the personal documents and settings. The content of this subfolder is shown in the following snapshot of the Windows Explorer (enable the option Show hidden files and folders in the folder options of the Windows Explorer to view the hidden folder):
The folder is divided in subfolders for personal data like Contacts, Desktop, Documents, Downloads, Favorites (for the Internet Explorer), Music, Pictures, Saved Games, Videos and the important folder AppData with personal Windows and software settings. The stored data and settings in the folder C:/Users/loginname are only available for the user they are created for (but with the right permissions also accessible by other administrator accounts). This folder also contains some hidden symbolic hyperlinks which have the purpose to automatically forward requests to the old Windows XP folder locations to the new Windows Vista locations.
THE COMMAND NET USER
If it is not possible to create or remove a certain user account try the command NET USER in the command prompt with additional administrator rights. Right click the shortcut to the Command Prompt (start menu, All Programs, Accessories) and select Run as administrator to start the command prompt with administrator rights. The command NET USER shows a list of all available user accounts. To create a user account, use the command NET USER loginname /ADD and to delete a user account, use the command NET USER loginname /DELETE. Especially the last command to delete a user account can be useful. Use the command NET HELP to view all options of the command NET.
Copying documents and settings to another account
Copying Windows settings from one account to another is not that difficult. Go to start, All
Programs, Accessories, System Tools, Windows Easy Transfer, Click Next and select Start a
new transfer, My old computer, Use a CD, DVD or other removable media and External hard disk or to a network location. The default location is C:\from
_old_computer\SaveData.MIG and does not have to be changed. Click Next, select My user account, files and settings only, if needed change the selection and start the transfer. Restoring the saved settings and files to the new user account is similar: start Windows Easy Transfer (which can be done in the same user account as it has been created in), click Next and select Continue a transfer in progress, No, I’ve copied files and settings to a CD, DVD, or other removable media, On an external hard disk or network location, and select C:\from_old_computer\SaveData.IMG. Click Next, select the newly created user account (in this case an account which does not have the same name!), click Next and Transfer. When the transfer has ended, log of the current logged on account and logon to the new account. There will still be some settings to apply but most of them are already done which saves a lot of time applying the same settings to multiple user accounts. The last step is to delete the folder C:\from_old_computer.
TIP: Double clicking the file SaveData.IMG saves time running the wizard.
Documents and settings for all user accounts
The folder Public (in Windows XP known as All Users) contains documents and settings which apply to all users. For example, if there is a shortcut available in the subfolder Desktop of the folder Public, it will be shown on the desktop of all user accounts (the same applies to the folder Favorites). If certain settings or files apply to all users accounts, it is preferred to change the content of the folder Public (if possible) instead of changing all user accounts individually. Files which have to be available by all users can be stored in the subfolders Public Documents, Public Downloads, Public Music, Public Pictures or Public Videos. The folder containing the Start menu shortcuts which apply to all users has been moved (compared to Windows XP) to the folder C:\ProgramData\Microsoft\Windows\Start Menu.
Default settings for a new user account
The subfolder Default (in Windows XP known as Default User) contains the default settings for a new user account. Make changes to this folder to make sure that the desired settings are applied to a newly created account. The more user accounts have to be created, the more time is saved by setting up the new accounts.
Moving the personal data to a new location
By default the personal files (like documents, pictures, music, videos, e-mail, contacts) are stored between the operating system files on the Windows partition. This is not the most practical situation, therefore it is better to save the personal files separately on a data partition. By creating a personal folder for each user account on this data partition (like D:\Menno), the personal files can be stored without losing the overview. This has additional advantages (especially when Windows won’t boot anymore), like being able to create a back-up of the personal files automatically and/or to safely restore an image of the operating system. Log in with the user account and use the Windows Explorer to open the folder C:\Users\loginname. Right click the subfolder Documents and select Properties, tab Location. Click the button Move, select the folder D:\loginname\Documents and click Apply to move the content of the folder Documents to the new location. Be careful not to select a partition to move the documents, this is hard to repair (the following option is most safe if you have moved the documents folder to a partition: create a new user account, move your data to that account and remove the old account).
In a similar way (right clicking the folder, option Properties, tab Location), the personal folders for Desktop, Contacts, Downloads, Favorites, Music, Pictures, Videos en Saved Games can be moved to subfolders of D:\loginname (first create new subfolders for each of them). In the example below all personal folders have been moved to the D: partition (in this example the folders for Mail and Calendar have been created as well):
TIP: Although it is preferred to use the tab Location to move the personal folders, it is also possible to move them by cut and paste into the folder D:\loginname using the Windows Explorer. This procedure is more efficient because multiple folders can be moved at once by selecting them. After moving these folders using cut and paste, there will still be folders left on the original location which can be deleted safely.
Change permissions of the personal folder to Full Control
Probably the user account has not been assigned the permission Full Control to the created folder D:\loginname. If this is the case, the user has not the full control over the created subfolders with personal data which will cause problems saving data (for example adding a website address to the list of favorites will cause an error). This problem is solved by giving the user account the permissions of full control of the folder D:\loginname and its subfolders. This is done by right clicking this folder and choosing for the option Properties, tab Security, button Edit, button Add. Enter the name of the user account, click the button Check names to make sure the name is correctly spelled and finish with OK. The next step is to give this user Full Control by activating this option in the column Allow.
Moving the Windows Mail and Windows Calendar databases
The next step is to move the Windows Mail and Windows Calendar databases to folders like
D:\loginname\Mail and D:\loginname\Calendar. Changing the Windows Mail database location is easy by Tools, Options, tab Advanced, button Maintenance, button Store Folder, button Change (for example D:\loginname\Mail, use the button Make New Folder). Moving the Windows Calendar database (stored in the file loginname‘s Calendar.ics) is more complicated, therefore it is necessary to create a symbolic link with the command MKLINK. Visit the page about Windows Mail and Windows Calendar how moving the Windows Mail and Windows Calendar databases is done in more detail.
TIP: In the example above, the folders D:\Menno, D:\Menno\Calendar and D:\Menno\Mail have a special folder icon. Changing the default icon is done by right clicking the folder, Properties, tab Customize, button Change Icon. Browse other files containing icons if you would like to have more icons to choose from.