Understanding Windows User Account Types and Profiles

Posted on Jan 8, 2025 in Computers

Understanding Windows User Account Types

The administrator account is designed for users who can make changes throughout the system, install software, and access all non-private files on your computer. Users with administrator accounts are the only ones with full access to other user accounts. A user with an administrator account:

  • Can create and delete user accounts.
  • Can change account names, images, passwords, and other account types.
  • Cannot change their account type to limited unless there is at least one other administrator account.
  • Can manage network passwords and create a password reset disk.

The limited account is for users who are restricted from changing most computer settings and deleting important files. A user with a limited account:

  • Cannot install software or hardware but can access installed programs.
  • Can change their account picture and password.
  • Cannot change the name or type of their account.
  • Can manage network passwords and create a password reset disk.

The Guest Account is for users who do not have an account on the computer. It has no password, allowing quick access for tasks like checking email or browsing the internet. A user logged in with the Guest account:

  • Cannot install software or hardware but can access installed applications.
  • Cannot change the type of the Guest account.
  • Can change the image of the Guest account.

Usernames, login names, and full names must be unique, up to 20 alphanumeric characters. A naming convention should:

  • Allow employees to identify duplicate names.
  • Allocate passwords for account managers.
  • Determine who controls passwords.
  • Educate users on password best practices.
  • Avoid obvious passwords.
  • Use long passwords with mixed case characters.

Local user accounts are created on computers running Windows, on separate servers, or on Windows Servers. They reside in SAM.


Introduction to User Profiles

A user profile defines customized desktop environments, including display settings, network connections, and printers. The user or system administrator can define the desktop environment. Types of user profiles include:

Local User Profile

Created the first time a user logs on to a computer and stored on the computer’s local hard disk. Changes are specific to that computer.

Roaming User Profile

Created by the system administrator and stored on a server. Available whenever the user logs on to any computer on the network. Changes are updated on the server.

Mandatory User Profile

A roaming profile used to specify a particular configuration for users or user groups. Only system administrators can make changes.

Local Groups Guidelines

Use local groups on computers that do not belong to a domain to control access to resources and tasks. Rules for local groups:

  • Local groups can only contain user accounts on the computer.
  • Local groups cannot belong to other groups.
  • Members of the Administrators or Power Users groups can create local groups.

Integrated Local Groups

Integrated groups have a default set of rights and cannot be deleted. Members have the right to perform system tasks. Special accounts can be added. Membership cannot be modified.