Home > Safe Computing Principles > Secure Your Computer System > User Accounts

Secure your Computer System: User Accounts

Other Safe Computing Principles

Windows Administrator Account

Windows NT, Windows 2000, and Windows XP machines have a local account called the administrator account. This account allows complete access to all information on the computer. It's important that you ensure that this account has a secure password because hackers commonly scan networks for blank or weak administrator passwords. If the password is not secure, a hacker could gain complete control of your system by doing such a scan.

To create or change a password for any user account:

Windows 2000/XP

Press CTRL-ALT-DEL to access the Windows Security options.
Click Change Password button.
In the Old Password box, type the current password. If there is no assigned password leave it blank.
In the New Password box, type a new secure password.
In the Confirm New Password box, type the new secure password again.
Click OK.

Note for Windows XP users: If when you press CTRL-ALT-DEL you do not get the Windows Security screen, but instead get the Windows Task Manager screen, it means that the Windows Welcome screen is enabled. To disable this option, complete the following steps and then follow the instructions above to change or create a password.

Click Start —> Control Panel.
Click User Accounts.
Under the Pick a task heading, click Change the way users log on or off.
Uncheck the Use the Welcome screen box
Click Apply Options button.
Close the User Accounts screen.

Note for WSU staff: If you have local technical support staff in your school, college, or department, it is most certain that an adminstrator password has already been set; but if you don't have support staff, or are not sure if you do, contact the C&IT Help Desk at 313-577-4778 for information on how to change your password.

Windows Guest Account

This account allows anonymous access to your computer. It is disabled by default on the Windows 2000 and Windows XP/Home edition computers. However, if your computer has been compromised, a hacker could have enabled the Windows guest account.

To ensure that the Windows guest account is disabled, follow these instructions:

Windows XP Professional or Home Edition

Click Start —> Control Panel.
Click User Accounts.
Under or pick an account to change, click Guest.

If the account is already disabled, the screen will read: Do you want to turn on the guest account? Leave as is and click Cancel.
If the account is enabled, the screen will read: What do you want to change about the guest account? In this case, click Turn off the guest account.

Windows 2000

Click Start —> Settings —> Control Panel.
Click Administrative Tools —> Computer Management.
Click Local Users and Groups —> Users.
Right click the Guest account and choose properties.
Under the General tab, make sure the Account is disabled box is checked. If not, click in this box, and click OK.

Macintosh User Account

In Mac OS X, the user account is set up when you turn on the machine for the first time. It is at this time that you also have the option of setting up a password for the account you create. With Mac OS X, there is no account called "administrator", but the account you do initially set up has administrator rights, so it is extremely important to set a secure password for your account. Follow these instructions to set up password:

On the Apple menu, click System Preferences.
Under the System heading, click Accounts.
Under the Password tab you will see a Password box and a Verify box.
Type in your password, and re-type it in the Verify box.
At this point, click the red button on the upper left to exit the Accounts control panel

Note: On Mac OS 9.x and earlier, due to the operating system architecture, true accounts do not exist. For this reason, Mac OS 9.x and earlier, are not really susceptible to this type of hack and, therefore, do not apply in this discussion.