Managing User Accounts
An account is a set of credentials consisting of both a user name and password that allows access to a system's resources. Your computer accounts and passwords are assigned to you alone. You must never share them with others! Protect your accounts by logging out when you are finished using them.
At IU a user name is automatically assigned and consists of letters based on last name, first name, and possibly a middle name. An email address consists of a user name followed by the appropriate campus designation.
When you accept computing accounts at Indiana University, you agree to use the University’s computing resources responsibly. A major part of responsible use is maintaining the security and confidentiality of your computer accounts and the information you store on them. You are also responsible for following all applicable IU policies.
As an IU student, staff, or faculty, you will need a Network ID or ADS (Active Directory Services) domain account in order to:
- Create additional accounts
- Synchronize or change your passwords
- Access your email account(s) on the IU campus
- Access the IU dial-in modems
- Log into any Mac OS X or Windows computer in the IU Student Technology Centers
- Obtain certain software and downloads via IUware Online
- Connect to the IU network via VPN
To see the various services that can be accessed by both the Network ID and the ADS Domain accounts, go to:
There are also other types of university accounts used for email, file storage, web space, printing, instructional databases, guest accounts, etc. For more information on Accounts and Passphrases, you can go to:
Also, to create and manage computing accounts and passphrases, you can go to:
Another type of account is a local Administrator account. A local account is like a domain account except that a local account only controls access to one single, physical computer. Your local account credentials, which include a user name and password, are stored locally on the computer’s hard drive, and the computer checks its own files to authenticate your login. This is different from network domain accounts, which are created and stored on domain controllers. The local account’s settings determine your rights for running programs, installing and removing programs, accessing files, and enabling or disabling services. Without administrative rights, you cannot perform many system modifications, such as installing software or modifying network settings. The local administrator account cannot access network resources since the local account is recognized only on the local computer; however, it is the account to use when you want to install software or modify system settings.
When you install the Windows operating system, a built-in Administrator account is created with full administrative privileges, and each user account you create during setup becomes a member of the Administrators group. This provides convenience because administrative privileges are necessary in order to run many programs. However, always running as a computer administrator makes your computer and network more vulnerable to virus attacks. If a malicious attacker takes control of your machine while you are logged in as an administrator, then he or she will have administrative rights on your local machine. Therefore, for security reasons, one of the first things you should do after installing a Windows operating system is to rename this built-in Administrator account and to assign it a strong password. Later in the tutorial, we will discuss some guidelines for selecting strong passwords.
During some Windows installations, you will be offered the option of renaming this Administrator account. If you recieve that option, you should take it.
The procedure for securing the built-in administrator account is:
- Look at the members of the Administrators group to see what accounts are there and why.
- Rename the built-in Administrator account to something other than Administrator.
- Give the Administrator account a strong password if this was not done during the initial setup.
- Remove administrative privileges from accounts that don’t need them.
The Principle of Least Privilege
If you look at major threats to computers, they are from user interaction with the Web through tools like browsers and email clients. If you are logged on with administrative privileges and are attacked, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, etc. Some malware works only because the user browsing the Web is an administrator. When logged on with administrative privileges, there is much less protection against modifications being made by intruders to system setup and configurations on your local system. Therefore, anyone running the Windows operating system should avoid logging on for everyday use with an account that belongs to the Administrator’s group.
The Principle of Least Privilege means that the user logs on with an account that has the minimum system privileges for everyday or routine activities, such as running Microsoft Internet Explorer or Outlook and instant messaging. Unfortunately, almost all Windows users today continue to use the administrator account for these daily tasks.
Always secure your own system by setting all daily use accounts to run with least privileges. The key is to log in as Administrator only when you need to install software or perform various other administrative tasks. This practice helps to minimize the risk of someone maliciously damaging a system’s configuration or infecting the machine with a virus or Trojan horse.
Not only do many Windows users run with an administrator account because “Administrator” is the default new account for Windows Vista and 7(or an account that you name, that is placed in the Administrators group), but restricting users to a limited account can be frustrating at times because some applications, as well as some Windows-based tasks, expect users to have administrative privileges. As a result, some applications and tasks will fail to operate correctly when launched by a least-privileged user account (LUA). However, developers are constantly trying to improve their programs so that almost everyone can run as an LUA and still complete their regular daily work without encountering undue inconvenience or special workarounds.
In the next section, you will learn how to secure the Administrator account and how to create a new LUA account, depending upon your IU role and the control that you may have over your own local machine.
Option 1: Only the LSP Manages the Local Machine
DO NOT make any changes to any administrative accounts at IU unless you have first checked with your LSP. There must be at least one account that you or someone else can use to gain access to your local computer with administrative privileges. Your LSP may have already set up an Administrator account on your local machine and may not want you to create any new accounts, especially accounts with administrative privileges.
Option 2: The User Manages the Local Machine
If you manage and have control over your own machine, either at work or at home, then securing the built-in Administrator account, as well as creating new accounts, will most likely be your responsibility. Next we will rename the built-in Administrator account.
Renaming the Built-In Administrator Account
Be sure to log on as the Administrator. Click the screenshot below to see the simulation on how to rename the Administrator account:
To set a password for this Administrator account, press Ctrl + Alt + Del, and then Click Change password. Enter the new password in the New Password and Confirm Password fields. The next time you log off and back on, you will be required to enter the new administrator name and password.
Note: Another default account set up during the Windows Vista and 7 install is the Guest account, which provides convenient access for occasional users, By default, the Guest account is disabled, but renaming this account offers a little more protection from would-be attackers. If you occasionally need this account, enable it only when necessary. You can rename the Guest account following the same procedure as renaming the Administrator account.
Removing Your Domain Account from the Local Administrators Group
Once you have secured your built-in Administrator account, the next step is to make sure that your everyday user account is not a member of the Administrators group. At Indiana University, the University Information Security Office recommends that you normally run your Windows computer as a member of the Users Group and not as an administrator or as a member of the Power Users Group.
Setting up an account with restricted privileges is fairly simple. If the account you use for everyday tasks is your ADS domain account and if it has local administrative privileges, you should change it to a non-administrative account by removing the account from the Administrators group and placing it in the Users group.
You will need to log in as the Administrator to perform the following steps to remove your domain account from the Administrators group.
Click the screenshot below to see the simulation on removing an account from the local Administrators group:
Adding Your ADS Domain Account to the Users Group
Once you have removed your ADS domain account from the Administrators group, the next step is to add it to the local Users group so you will have log-in rights. Be sure to log in as the Administrator before trying to perform this step.
Click the screenshot below to see the simulation on adding your ADS domain account to the Users group:
Creating a New User Account
If you do not have an ADS domain account or a regular user account (except the Administrator account), then it is important that you create a new local account for everyday usage (for example, on your home PC).
Windows XP Home edition or Windows Vista in a standalone environment supports two levels of user privileges: computer administrator and limited. Users with limited accounts have permissions to do things that affect only their own account, such as changing or removing a password, changing theme and desktop settings, or viewing and editing files that they created.
Next, you will see how to create a new user account, which will have limited privileges in a standalone environment. In a network environment, the account will be a regular user account and, therefore, a member of the Users group.
Click the screenshot below to see the simulation on how to create a new user account:
This is the account with which you should perform everyday routine tasks, which include email and browsing the Web.
Performing Administrative Tasks Using the Run As Command
If you need to perform administrative tasks, such as upgrading the operating system, you can log off and log back on as the Administrator. However, a better option than logging on as the Administrator is to use the Run As Administrator command in Vista or Windows 7 (or "Run As..." in XP) to start or run programs as a local administrator.
To open the Run As dialog box, in Windows Explorer, Right-Click the executable program file that you want to open and click Run as administrator. Log in with your local administrator name and password.
Return to Top