Configure User Accounts In Windows 7 For Optimal Security - gHacks Tech News

Configure User Accounts In Windows 7 For Optimal Security

Did you know that more than one user accounts is created during the installation of the Windows 7 operating system? This actually is something that Microsoft did in previous operating systems as well. In Windows 7, a guest and administrator account are created next to the account of the installing user.

The following guide explains how to configure those user accounts for optimal system security, and while it does so with Windows 7 in mind, it can be easily applied to previous and future Windows operating systems as well.

It may not sound that bad to have additional user accounts configured on the system. The secure way however is to either deactivate accounts that are not needed, or password protect them so that no one without proper authorization can log in using one of those accounts.

Probably the easiest way to do that is to use the Local Users And Groups Policy. It can be opened with the shortcut Windows-R, typing lusrmgr.msc and hitting enter.

Please note that this control panel is only available in Windows Professional, Ultimate and Enterprise and not Basic, Starter or Home editions.

Once loaded it displays the two items Users and Groups in the left sidebar. A click on users displays all users of the operating system.

windows7 users lusrmgrmsc
windows7 users lusrmgrmsc

A double-click on an entry opens a properties menu for the selected user. Here it is possible to disable the account. It is recommended to disable the guest account in Windows 7, as it is usually not used at all.

disable windows7 guest account
disable windows7 guest account

Checking the "Account is disabled" box and clicking on Ok will disable the account, so that no one can use it to log in.

The Administrator account is the second account that gets automatically created during installation. It is disabled by default, and a double-click can be used to verify that.

A right-click on a user account opens a context menu with options to set passwords for each account. It is a good security practice to set secure passwords for all accounts, even the disabled ones. The password should have a length of at least 16 chars, and consist of numbers, letters and special chars.

As mentioned previously, Windows 7 Home, Starter and Basic owners do not have access to the configuration panel. Their option is to open the Control Panel from the Windows Start Menu, and there the User Accounts panel.

Information about the current account are displayed, plus an option to Manage another account.

manage another account
manage another account

Please note that only the guest account is displayed along the user accounts of the operating system. A click on the Guest account displays options to change the picture of the account, and to turn the guest account off.

Now that the guest account has been disabled, it is time to do the same for the Administrator account. For that you need to open an elevated command prompt. Do that by clicking on the Start Menu orb, then All Programs, Accessories, right-click the Command Prompt link and select Run as administrator.

Now enter the following command to disable the Windows 7 Administrator account:

net user administrator /active:no

To change a password for a user account type

net user username password

with username being the name of the account, and password the new password.

Summary
Configure User Accounts In Windows 7 For Optimal Security
Article Name
Configure User Accounts In Windows 7 For Optimal Security
Description
A tutorial that explains how to properly secure a Windows operating system in regards to default user accounts that exist it on.
Author




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    Leave a Reply