Special Edition Using Microsoft Windows XP Professional (3rd Edition)

2017-07-07 02:10:07

By default, Windows does not create passwords for user accounts when they're created. You really should set a password for every account on your computer. Not only do passwords prevent people from using your computer without permission, but Windows disables some features on accounts without passwords. For example, the Remote Desktop feature isn't available to you if your account doesn't have a password.

So, to get the most out of Windows and for safety's sake, create a password on every account on your computer.

You can create or change your own password at any time. Computer Administrator users also can change the passwords for other local users' accounts. The exact procedure depends on whether or not your computer is a member of a domain network.

If you are a member of a domain network

1.	Press Ctrl+Alt+Del to bring up the Windows Security dialog box.
2.	Click the Change Password button.
3.	Enter your current password and desired new password twice, as indicated.
4.	Click OK.

You also can edit account passwords using the User Accounts Control Panel applet, as described later in this chapter under "User Management for Domain Networks."

If your computer is not part of a domain network, or is not part of any network

1.	Click Start, Control Panel, User Accounts.
2.	Select your account if necessary, and choose Create a Password or Change My Password.
3.	If you're adding a password for the first time, you'll be asked to enter the password twice, to be sure of the spelling. You also should enter a password hint, something that will remind you (and only you) what your password is. The hint will be displayed on the Welcome screen if you mistype you password when you try to log on. Remember that anyone can see the hint, so "My husband's name" is not a good choice. Then, click Create Password. If you're changing your password, you'll have to enter your current password, and then type in your desired new password twice as indicated. Then click Change Password.
4.	If you're entering a password for your own account for the first time, you'll be asked if you want to make your My Documents folder private. (This privacy feature works only if your hard disk was formatted with or updated to use the NTFS file system, as discussed in Chapter 29, "Managing the Hard Disk.") If you choose to make it private, other users will not be able to see into it or view its files. If you change your mind about this later, open My Computer, right click your My Documents folder, select the Sharing tab, and check or uncheck Make This Folder Private. Click OK to confirm the change.

Because passwords aren't created when you first installed Windows, you'll probably want to change your password the first time you log on. That's a good time to go ahead and make a password reset disk, as described later in this chapter.

Changing Other Users' Passwords

There are two times you may have to change someone else's password: First, when you're setting up a new computer, you probably don't want to leave the newly created accounts unprotected. Second, people forget their passwords from time to time. While no one can find out what the lost password was, a Computer Administrator user can set a new password for the account so the user can log on again.

On Windows XP, if a user has made a Password Reset disk, they can solve the problem themselves with that. But, if a reset disk is not available, the password can be changed by a Computer Administrator user. But this has a significant cost: As a security measure, Windows will erase any other passwords it has associated with that user, including the key needed to read encrypted files and email.

NOTE

Computer Administrator users can change any local user account's password through the User Accounts control paneljust select the desired account's icon and click Change Password or Create Password. However, the actual "Administrator" account itself doesn't appear in the User Accounts list. You can change the Administrator account password with the Local Users and Groups computer management tool, which I'll discuss later in this chapter.

Changing Network Passwords

You also can change passwords that Windows has stored for other computer networks. Whenever you access a network resource on a workgroup computer you don't have an account on, or on a domain network you're not a member of, Windows will prompt you for a username and password to use while accessing just that resource. Windows stores the passwords in a list for reuse later on.

NOTE

You will rarely need to view or modify this list, but you may wish to delete entries in it if you've accessed sensitive network resources and you're worried that someone else might use your account to get access to them.

To modify or delete stored passwords for other computers, open Control Panel and select User Accounts. Then

If you don't have administrator privileges, Windows will display a dialog box with a link titled Manage Your Passwords. Choose this.

On a domain network, select the Advanced tab and click Manage Passwords.

If you have a workgroup network, select Manage My Network Passwords on the Related Tasks list.

Any stored passwords will be displayed in the dialog box shown in Figure 28.3. You can select and remove entries, or click Properties to change the username and password used to access the listed server.

Figure 28.3. This dialog box lets you delete or alter the list of passwords that Windows stores for use on remote computers.

Preventing Password Disasters

Your password is the key to all the information you have stored in the computer. This includes not only private files and email, but also additional security information such as your Microsoft .NET Passport, Wallet, network passwords, and access to any files you've encrypted. The use of passwords to protect this information is essential. Then again, people tend to forget passwords or to leave jobs, so there has to be a way to gain access to a user's files without the password.

To this end, a Computer Administrator can reset any other user's password. But a security system wouldn't be worth much if the administrator could go in and read any user's "encrypted" files or get at their credit card information. The compromise reached in Windows XP is that the Administrator can change a user's password to regain access to an account, but as I noted earlier, there is a cost: as a security measure, Windows will erase any other passwords it has associated with that user, including the key needed to read encrypted files and email. Why? Since Windows offers to remember the passwords you type for Web sites, network computers, email, and other protected resources, these would become available to anyone who was able to change your Windows password. Erasing them after a forced password change eliminates this risk.

On a domain-type network, you'll have to contact a network administrator if you lose or forget your password. That's your only recourse. However, if you have a non-networked Windows XP computer, or you have a workgroup-type network, users can protect themselves from all this by creating password reset disks before a password emergency occurs. With a reset disk, you can change even a forgotten password without the risk of losing your encrypted files and your .NET Passport.

To create a password reset disk, you will need a blank, formatted floppy disk. Follow these steps:

1.	Click Start, Control Panel, User Accounts.
2.	Select your own account and, from Related Tasks, choose Prevent a Forgotten Password.

Then, follow the wizard's instructions. When the wizard has finished, be sure to label the disk clearly, like "Mary's password disk for Computer XYZ."

CAUTION

A Password Reset Disk is as good as your password for gaining access to your computer, so store the reset disk in a secure place.

You don't have to re-create the disk if you change your password in the future. The disk will still work regardless of your password at the time. However, a password disk works only to get into the account that created it, so each user should create one for him or herself.

If You Forgot Your Password…

Forgetting the password to your computer account is an extremely unpleasant experience. It's definitely no fun to have your own computer thumb its proverbial nose at you and tell you it's not going to let you in to get your own files. If this happens to you, take a deep breath. You might be able to recover from this. Here are the steps to try, in order of preference:

1.	If you created a password reset disk, as I described in the previous section, you're in good shape. Follow the instructions under "Using a Password Recovery Disk."
2.	If you are a member of a domain network, contact the network administrator to have her or him reset your password. The administrator might be able to recover any encrypted files you created.
3.	Log on as Administrator or with any Computer Administrator user account and follow the procedure outlined under "Creating and Managing User Accounts," later in this chapter, to reset your account's password. (If your computer uses the Welcome screen, you can sign on as Administrator by typing Ctrl+Alt+Del twice. This brings up the standard Windows logon dialog.)
4.	If you don't remember the password to any Administrator account, or you can't find someone else who does, you're in big trouble. There are programs available that can break into Windows XP and reset the Guest or Administrator account password. It's a gamblethere's a chance these programs might blow out your Windows installation. Still, if you're in this situation, you probably will want to risk it. Here are some programs you might look into: ERD Commander from Winternals.com is able to replace the Administrator or Guest password through an easy-to-use GUI interface. Windows XP/2000/NT Key from LostPassword.com works just as well on Windows XP as it does on Windows NT and Windows 2000. In fact, this little guy saved my own you-know-what a couple of years ago. It creates a Linux boot disk, which pokes through an NTFS or FAT volume, finds the Windows security registry file, and replaces the administrator's password so you can reboot and log on. There are some other password-reset programs that I haven't personally tested, but you might be able to use: NTAccess from www.sunbelt-software.com and NTAccess from www.mirider.com.
5.	If you only need to retrieve files, you can remove the hard drive and install it in another Windows XP or 2000 computer as a secondary drive. Boot it up, log on as a Computer Administrator, and browse into the added drive.
6.	If you get this far and are still stuck, things are pretty grim. You'll need to reinstall Windows using the Clean Install option, which will erase all your user settings. Then, as Administrator, you can browse into the Documents and Settings folder to retrieve files from the old user account folders.

If you are not a member of a domain network, I hope you can avoid all this by creating a password reset disk ahead of time. (I've had to go as far as step 4 myself, so I know how frustrating this can be.)

Using a Password Recovery Disk

If you have lost your password and have a password reset disk, you can use it to log on and reset your password. Just attempt to sign on using the Welcome screen. When the logon fails, click Did You Forget Your Password, and then click Use Your Password Reset Disk. If you're using the old-style "classic" logon, click the Reset button when you get the Logon Failed dialog box.

Then, follow the Password Reset Wizard's instructions to change your password, and store the password reset disk away for another day. You don't need to make another recovery disk after using it.