the Guest and Administrator accounts

  • Thread starter Thread starter yawnmoth
  • Start date Start date
Y

yawnmoth

One of the nice things about Limited accounts is that if you do
encounter a problem with them, you can just delete them and recreate
them. That, however, does not appear to be the case with the Guest
account. You can't delete it or recreate it - you can just enable or
disable it.

Maybe I'm missing the point of the Guest account?

Also, I tried to rename my Administrator account to 'Administrator'
and it said that an account named 'Administrator' already exists.
Why? What does this hidden Admin account do?

This is a fresh install.
 
yawnmoth said:
One of the nice things about Limited accounts is that if you do
encounter a problem with them, you can just delete them and recreate
them. That, however, does not appear to be the case with the Guest
account. You can't delete it or recreate it - you can just enable or
disable it.

Maybe I'm missing the point of the Guest account?
Click to expand...

Yes, you are. Here is information about Guest:

Do not use the Guest account you see in the User Accounts applet in Control
Panel. The Guest account is a special system account, not one meant for
when you are feeling hospitable. It is disabled by default in Windows XP,
Vista, Linux, Unix, and OS X for a reason.

From TechNet:

"The Guest account is intended for users who require temporary access to the
system. However, if this account is enabled, a security risk may exist
because an unauthorized user could gain anonymous access to the system
through this account."

http://technet.microsoft.com/en-us/library/bb418978(TechNet.10).aspx

So if you enabled Guest, disable it now and create a Standard/Limited
(Vista, XP Pro/XP Home) for your visitors. Call the new user account
something like "Visitor".
Also, I tried to rename my Administrator account to 'Administrator'
and it said that an account named 'Administrator' already exists.
Why? What does this hidden Admin account do?
Click to expand...

XP is a multi-user operating system, no matter if only one person is using
it. In all multi-user operating systems - NT, Win2k, XP, Vista, Unix,
Linux, Mac OSX - there is the one built-in account that is "god" on the
system. In Windows terminology, that is "Administrator". In the *nix world,
it is "root". This is a necessary account and is not normally used in
everyday work. You cannot delete the built-in Administrator account nor
would you ever want to.

Create a new user account with administrative privileges and call it
something like "CompAdmin". Also, do no simply rename user accounts.
Renaming a user account makes a cosmetic change only and will not affect
the underlying files. Create the new account instead.

Malke
 
The Guest account is intended for users who require temporary access to the
system.
Click to expand...
Wouldn't a visitor account do the same thing? Since the Guest account
is disabled by default, administrative intervention is required to
activate it, and if administrative intervention is required, why
wouldn't that admin just create a limited account?

It's like... when I get a credit card bill, I can write one check to
pay it or I can write two checks. Writing two checks doesn't make
much sense when I could just write one, and, similarly, activating the
Guest account doesn't seem to make much sense when there's a better
and just as easy option.

Unless, of course, there's something I'm missing.
XP is a multi-user operating system, no matter if only one person is using
it. In all multi-user operating systems - NT, Win2k, XP, Vista, Unix,
Linux, Mac OSX - there is the one built-in account that is "god" on the
system. In Windows terminology, that is "Administrator". In the *nix world,
it is "root". This is a necessary account and is not normally used in
everyday work. You cannot delete the built-in Administrator account nor
would you ever want to.
Click to expand...

Why is the "god" accounts name hard-coded as "Administrator"? That at
least one "god" account must exist doesn't necessarily mean that it
has to have a predetermined name.
 
yawnmoth said:
Wouldn't a visitor account do the same thing? Since the Guest account
is disabled by default, administrative intervention is required to
activate it, and if administrative intervention is required, why
wouldn't that admin just create a limited account?
Click to expand...

No. As I already said, Guest is a special system account with its own set of
permissions. For more information, read the TechNet article I referenced.
It's like... when I get a credit card bill, I can write one check to
pay it or I can write two checks. Writing two checks doesn't make
much sense when I could just write one, and, similarly, activating the
Guest account doesn't seem to make much sense when there's a better
and just as easy option.
Click to expand...

This is incorrect reasoning. Again, refer to the article at TechNet. The
Guest account does *not* have the limited permissions that a true
Limited/Standard account does.
Unless, of course, there's something I'm missing.
Click to expand...

Yes, not meaning to offend you, you are.
Why is the "god" accounts name hard-coded as "Administrator"? That at
least one "god" account must exist doesn't necessarily mean that it
has to have a predetermined name.
Click to expand...

Because that is the way that Windows NT-based operating systems are written.
Just as *nix uses "root". Just as the sky is blue. ;-)

Malke
 
No. As I already said, Guest is a special system account with its own setof
permissions. For more information, read the TechNet article I referenced.
Click to expand...

Looking at it, I see this:
The account itself is not disabled for incoming user connections from across the
network and can still be used with simple file sharing.
Click to expand...

How can I disable it from even that? Is deleting it, as mentioned in
that article, the only way? If so, how do I delete it?
Because that is the way that Windows NT-based operating systems are written.
Just as *nix uses "root". Just as the sky is blue. ;-)
Click to expand...

I actually don't think the two are comparable. Last time I setup
Linux, logging in as root was easy. You're prompted for the root
password when you set it up. But you're not for the Administrator
account. Why?

When you install Windows XP, you're prompted for a username and that
username is made an administrator. But the account named
"Administrator" is also an administrator. Why? Is there a password
that /does/ work for the Administrator account that I don't know? Is
it a backdoor placed there by Microsoft?

For scheduled tasks, you need to have a user with a password. Certain
tasks, no doubt, require an administrator. Maybe the Administrator
account exists to schedule system tasks, like defragging RAM (although
the term is generally used with regard to hard drives, certainly RAM
can manifest fragmentation, as well) or getting the current time from
an Internet timeserver (like time.windows.com or something)?

Of course, that still doesn't answer the question of whether or not
the "Administrator" user has it's own password.
 
yawnmoth said:
Looking at it, I see this:
Click to expand...

No, the "guest" referenced in file/printer sharing is not the same as the
Guest user account you see in Control panel.
How can I disable it from even that? Is deleting it, as mentioned in
that article, the only way? If so, how do I delete it?
Click to expand...

I really don't know what you're talking about here. If you don't want to
have the Guest account enabled, simply disable it on Control Panel>User
Accounts. If you don't want to have file/printer sharing enabled over a
LAN, disable it. If you do want file/printer sharing enabled but want more
control over who can access shared resources, you must have XP Pro/MCE and
disable "simple file sharing" in Folder Options. XP Home only connects as
guest by design.
I actually don't think the two are comparable. Last time I setup
Linux, logging in as root was easy. You're prompted for the root
password when you set it up. But you're not for the Administrator
account. Why?
Click to expand...

There are comparable. As to whether you are prompted for the root password
(and whether root is enabled), it depends on the distro. Ubuntu asks for a
regular user password and uses it for root's. Fedora and SUSE ask for a
separate root password. OS X has true root disabled by default, just like
Vista. Other Linux distros also have root disabled.

You *are* prompted for the Administrator password in Windows XP Pro setup.
Since the built-in Administrator can only be accessed in Safe Mode in XP
Home, during setup a regular (Computer Administrator but not the built-in
one) is created and you can set a password for that account then. The
built-in hidden Administrator password is blank by default.
When you install Windows XP, you're prompted for a username and that
username is made an administrator. But the account named
"Administrator" is also an administrator. Why? Is there a password
that /does/ work for the Administrator account that I don't know? Is
it a backdoor placed there by Microsoft?
Click to expand...

See my paragraph above. Using the term "backdoor" smacks of paranoia. The
default password for Administrator is null (blank). No "backdoor" is
necessary since *any* operating system can be gotten into by someone who
knows what s/he is doing and who has physical access.
Of course, that still doesn't answer the question of whether or not
the "Administrator" user has it's own password.
Click to expand...

Yes, I've already answered that. The default is a blank and you can change
it at any time to one of your choosing.

I really don't have anything else to add to this thread. If you want to get
into deep technical details about user account structure in Windows
operating systems, the place to do your research is Microsoft TechNet.

EOT for me.

Malke
 
Back
Top