What is a User Account?

A user account is a collection of settings and information that tells

Windows which files and folders you can access, what you can do on your
computer, what are your preferences, and what network resources you can
access when connected to a network.

The user account allows you to authenticate to Windows or any other

operating system so that you are granted authorization to use them. Multi-user
operating systems such as Windows don’t allow a user to use them without
having a user account.

In Windows, you can manage your computer’s user accounts by going to

the “Control Panel” and then to “User Accounts and Family Safety > User
Accounts.”

A user account in Windows is characterized by the following attributes:

 User name – the name you are giving to that account.

 Password – the password associated with the user account (in Windows 7 or older
versions you can also use blank passwords).
 User group – a collection of user accounts that share the same security rights and
permissions. A user account must be a member of at least one user group.
 Type – all user accounts have a type which defines their permissions and what they
can do in Windows.
Windows 7 User Accounts

Windows 7 and earlier versions has three important types of accounts:

Administrator

The “Administrator” user account has complete control over the PC. He or she
can install anything and make changes that affect all users of that PC.

Standard

The “Standard” user account can only use the software that’s already installed
by the administrator and change system settings that don’t affect other users.

Guest

The “Guest” account is a special type of user account that has the name Guest
and no password. This is only for users that need temporary access to the PC.
This user can only use the software that’s already installed by the administrator
and cannot make any changes to system settings.

Windows 8 User Accounts

Windows 8 introduces two new types of user accounts, alongside those already
in Windows 7:

Microsoft account

Microsoft accounts are user accounts with an associated e-mail address

that give you access to all Microsoft products and services. They always have
password that’s not blank. If you are using an outlook.com e-mail address (let’s
say [email protected]), you have a Microsoft account with that address.

To further complicate things, Microsoft allows people to create Microsoft

accounts using third-party e-mail services like Gmail. To simplify things for you,
remember that you have a Microsoft account when you use an email address to
log into Windows or to any Microsoft product or service.

Microsoft accounts work on multiple systems and devices. Therefore you

can use the same account to log into all your Windows 8.x devices, your Xbox
One console and your Windows Phone. You don’t have to create a separate
account for each device.

Microsoft accounts can be administrators or standard user accounts.

Local account

Local accounts are classic user accounts that exist locally and can use
blank passwords. For example, in Windows 7 all user accounts are local
accounts. Local accounts can be administrators or standard user accounts. They
work on a single system only, so if you do have multiple devices, you’ll have to
create a separate account for each.

User accounts provide the added benefit of letting you share the same
computer with several people, while having your own files and settings. Each
person accesses his or her user account without interfering with others.

How to tell them apart?

In Windows 8.x you can quickly differentiate local user accounts from
Microsoft accounts by looking at whether they use an email address or not. Look
at the screenshot below, sharing the Manage Accounts window, which is
accessed by going to “Control Panel > User Accounts and Family Safety > User
Accounts > Manage Accounts.”
 The first account, named Ciprian Rusen, is a Microsoft account. All the
other user accounts are local accounts. The Microsoft account is an
administrator, which is marked by the “Administrator” statement beneath its
email address. All other user accounts are standard user accounts because they
do not have the “Administrator” statement.

What is a User Group?

As mentioned earlier, the user group is a collection of user accounts that

share the same security rights and permissions.

Keep Reading…

Windows has a long list of predefined user groups which includes

“Administrators” and “Users.” However, most predefined user groups do not have
user accounts until the administrator or third-party apps start customizing
them. User groups can also be created by third-party software and services like
virtual machines which create hidden user accounts and groups in order to
provide different features or services.

A user account is a member of at least one user group while some user
accounts are members of two groups or more, depending on how they are set.

For example, all user accounts that are set as administrators will be part
of the “Administrators” group. Standard user accounts are part of the “Users”
group. However, both types of user accounts will become members of the
“HomeUsers” group, when you start using the Homegroup networking feature
in Windows.

User groups are managed automatically by Windows and you won’t need
to fiddle with them, even though you can if you are an administrator. This
concept is important so that you better understand how file sharing works, how
permissions are assigned, etc.

What are File & Folder Permissions?

Permissions are a method for assigning access rights to specific user

accounts and user groups. Through the use of permissions, Windows defines
which user accounts and user groups can access which files and folders, and
what they can do with them. To put it simply, permissions are the operating
system’s way of telling you what you can or cannot do with a file or folder.

To learn the permissions of any folder, right click on it and select

“Properties.” In the Properties window, go to the Security tab. In the “Group or
user names” section you will see all the user accounts and use groups that have
permissions to that folder. If you select a group or a user account, then see its
assigned permissions, in the “Permissions for Users” section.
 In Windows, a user account or a user group can receive one of the following
permissions to any file or folder:

 Read – allows the viewing and listing of a file or folder. When viewing a folder,
you can view all its files and subfolders.
 Write – allows writing to a file or adding files and subfolders to a folder.
 List folder contents – this permission can be assigned only to folders. It permits
the viewing and listing of files and subfolders, as well as executing files that are
found in that folder.
 Read & execute – permits the reading and accessing of a file’s contents as well
as its execution. When dealing with folders, it allows the viewing and listing of
files and subfolders, as well as the execution of files.
 Modify – when dealing with files, it allows their reading, writing and deletion.
When dealing with folders, it allows the reading and writing of files and
subfolders, plus the deletion of the folder.
 Full control – it allows reading, writing, changing and deleting of any file and
subfolder.

Generally, files inherit the permissions of the folder where they are placed,
but users can also define specific permissions that are assigned only to a specific
file. To make your computing life simpler, it is best to edit permissions only at a
folder level.

Why are Permissions Important to Sharing in Windows?

Permissions are important because when you share something in

Windows, you actually assign a set of permissions to a specific user account or
user group. A shared folder can only be accessed by someone with a user account
that has the permission to access that folder.

For example, when using the Sharing Wizard, you choose the user name
or the user group and then one of these two permission levels:

 Read/Write – it is the equivalent of the “Modify” permission level.

 Read – it is the equivalent of the “Read & execute” permission level.
 When using the Sharing Wizard you will also see a permission level named
“Owner.” This is not a permission level per-se. It just signals that the folder you
are about to share is owned by the user account for which you see this entry. An
owner has full control over that folder. You will learn more about the Sharing
Wizard and how to use it in lesson 6.

When using advanced sharing, you can assign one of these three permission
levels:

 Full Control – it allows reading, writing, changing, and deleting of any file and
subfolder.
 Change – it is the equivalent of the Modify permission level.
 Read – it is the equivalent of the Read & execute permission level.
 When sharing resources with the network, you will encounter a special
group that’s named “Everyone.” This user group stands for anyone with or
without a user account on the computer who is sharing the resource with the
network. As you will learn in future lessons, this user group is very useful when
you have a network with very diverse devices and operating systems. Advanced
sharing will be explained in detail, in lesson 7.

Why is it Useful to Use a Microsoft Account in Your Network?

Using a Microsoft account has both benefits (e.g. the ability to sync all
your apps and settings across multiple devices) and downsides (e.g. you will give
more data to Microsoft). From a network sharing perspective, using a Microsoft
account can be useful if you have a network with many PCs and devices with
Windows 8.x:

 You log in with the same Microsoft account on all your devices, using the same
credentials.
 You don’t have to create separate local accounts on each computer or device
with Windows 8.x.
 Setting up permissions when sharing is easier because you don’t have to deal
with multiple local user accounts.
 Accessing network shares is also easier because you log in with the same user
account everywhere and you can quickly access everything that’s shared with
it.

If you have a very diverse network that includes Macs, Chromebooks or

Linux PCs alongside Windows, then using a Microsoft account doesn’t provide
any special benefits from a network sharing perspective.