Configure User Accounts In Windows 7 For Optimal Security
Did you know that more than one user accounts is created during the installation of the Windows 7 operating system? This actually is something that Microsoft did in previous operating systems as well. In Windows 7, a guest and administrator account are created next to the account of the installing user.
The following guide explains how to configure those user accounts for optimal system security, and while it does so with Windows 7 in mind, it can be easily applied to previous and future Windows operating systems as well.
It may not sound that bad to have additional user accounts configured on the system. The secure way however is to either deactivate accounts that are not needed, or password protect them so that no one without proper authorization can log in using one of those accounts.
Probably the easiest way to do that is to use the Local Users And Groups Policy. It can be opened with the shortcut Windows-R, typing lusrmgr.msc and hitting enter.
Please note that this control panel is only available in Windows Professional, Ultimate and Enterprise and not Basic, Starter or Home editions.
Once loaded it displays the two items Users and Groups in the left sidebar. A click on users displays all users of the operating system.
A double-click on an entry opens a properties menu for the selected user. Here it is possible to disable the account. It is recommended to disable the guest account in Windows 7, as it is usually not used at all.
Checking the "Account is disabled" box and clicking on Ok will disable the account, so that no one can use it to log in.
The Administrator account is the second account that gets automatically created during installation. It is disabled by default, and a double-click can be used to verify that.
A right-click on a user account opens a context menu with options to set passwords for each account. It is a good security practice to set secure passwords for all accounts, even the disabled ones. The password should have a length of at least 16 chars, and consist of numbers, letters and special chars.
As mentioned previously, Windows 7 Home, Starter and Basic owners do not have access to the configuration panel. Their option is to open the Control Panel from the Windows Start Menu, and there the User Accounts panel.
Information about the current account are displayed, plus an option to Manage another account.
Please note that only the guest account is displayed along the user accounts of the operating system. A click on the Guest account displays options to change the picture of the account, and to turn the guest account off.
Now that the guest account has been disabled, it is time to do the same for the Administrator account. For that you need to open an elevated command prompt. Do that by clicking on the Start Menu orb, then All Programs, Accessories, right-click the Command Prompt link and select Run as administrator.
Now enter the following command to disable the Windows 7 Administrator account:
net user administrator /active:no
To change a password for a user account type
net user username password
with username being the name of the account, and password the new password.