Get the most from your computer

Tips & Hints
Our Services
Contact us


Setting up limited user profiles

Posted 9 August 2007

One of the best ways to protect Windows XP and Vista machines from viruses and spyware is to set users as Limited Users.

This means that the day-to-day user can change their own settings like passwords and wallpaper but can't change system settings. With no access to the system, spyware can't mess up the entire machine.

Unfortunately Windows doesn't make it easy.

The biggest problem is this sort of security was unknown in earlier versions of Windows like 3.1 and 98 so a lot of software and hardware was designed without taking this into account.

So there are some tricks to watch when setting up a limited user profile.

To setup and change user accounts it's necessary to go into the user accounts settings of the control panel. To do that, click Start, Settings and Control Panel. Then choose User Accounts.

Warning! Due to a bug on some machines, we don't recommend running this procedure on existing profile. If you do, you may find the user's existing data and settings disappear (although they aren't lost). As with everything, you should backup important data before changing system settings.

Setup an Administrator account

At least one user profile has to be an administrator that can controls all the settings and the other accounts, including the passwords. So choose an existing account and check it is already an Administrator, it will say so under the name.

Then add a password by clicking Create Password and following the instructions. It should also be something other users, particularly the kids, won't easily guess.

This password is important. If you forget it, it can be difficult to get it back, so we'd recommend running the create password recovery disk (click create disk and follow the prompts).

Create the other accounts

First create the accounts for other users by clicking Create an account. The wizard will ask you what type of accounts you want them to be and this stage you should choose Limited User.

Run the new accounts

At first the accounts have to run so all the initial settings and security permissions are set correctly. Log in as a new user, but DON'T run any software or go onto the Internet. Cancel any wizards that try to run and then log off.

Change the new accounts to Administrators

The reason for changing the accounts to administrators is that some software (including Microsoft Office!) needs administrator rights the first time you run them.

Log off the new accounts and go back into the Administrator account. Open in the Administrator profile and open User Settings. Switch the other accounts from Limited User to Administrator through the Change My Account Type. Then log off and log back into each of the new accounts

Set the new account settings

Running each account as administrator, setup all the software and create users settings like email addresses. Check printers, iPods, email and web access are working and check every program you think the user might need.

Switch the user account

Having set everything up in the account, you can then switch the user to being a Limited User. Open in the Administrator profile and open User Settings. Switch the other accounts from Administrator to Limited User through the Change My Account Type.

Check the profiles

Once they've been changed, you should check each profile to see the programs are running. If you find a program that isn't, you'll need to check with the manufacturer's website to see how you can work around this. It might be necessary to change the user back to an administrator while you fix the program.

One of the big frustrations is that some software and hardware will not work at all in a Limited User profiles. The only solution we can recommend is to find a replacement product or only use it on a machine without Internet access.

If this all sounds complex, it is. Microsoft dropped the ball badly with Windows XP security and we are seeing the results in the massive spyware epidemic. Apple have handled security far better and we recommend buying a Mac to prevent music hungry teenagers from destroying your computer.



PC Rescue Pty Ltd
Suite 236, 4 Young Street Neutral Bay NSW 2089
©Technology Publishing Australia, 2008