#image_title

Managing User Accounts and Applications

Introduction

Windows 7 allows you to create, configure and delete user accounts on your computer. Parental control feature provides a family with safety that allows you to supervise the children activity on pc without them knowing and provides a report of their online activity.

When you migrate your operating system from earlier version of windows operating system to latest version, some of the applications which work on earlier version will not work with latest version. This is called as compatibility issue. Windows 7 provide several numbers of solutions to resolve this compatibility issue.

User Account

Several people can work in a single computer by creating their own user accounts. Each user account has unique settings and preferences. Each user account can be configured to set their own desktop background, screen saver, themes etc. you can create different types of user accounts on a computer. Windows 7 allows you to change, create and delete a user account.

You can make your user account password protected
#image_title

Types of User Accounts

Windows 7 provide three different types of user accounts namely administrator, standard user and guest user. Different user accounts posses different level of control over the computer.

Administrator user – Administrator has complete access to the computer. As administrator can make desired changes on your computer settings. An administrator account is a user account that allows you to make changes that will affect other users of the computer like installing software or changing security settings. The built-in administrator account is disabled and the account created by user himself is used. You need to create a user account when you set up windows. This account is an. Administrator account that allows you to set up your computer and install any programs that you would like to use.

Standard userA standard user can do almost all the jobs that you can do with an administrator account except the changes that affects other users and security of the computer. You can use most programs that are installed on the computer, but you cannot install software and hardware, delete files that are required for the computer to work, or change setting of the computer that affect other user.

Guest userif you want to allow a person to log on to your computer, and you don’t want to allow him to access all of your files, then you can create a guest user account. A guest user account allows a user to log on to a network, browse the internet and can shut down the PC.

You can change the account type of a user account. The steps to change account type depends on the network type of user. The computer may be on a domain or work group.

  1. Click Start- control panel – User Accounts and Family Safety – User Accounts – Manage another account.
  2. Select the account that you want to change account type and click Change the account type.
  3. Select the account type that want and then click Change Account type.

Create New User Account

Windows 7 allows you to create multiple users to on same computer. This allows each individual user to have their own profiles on the computer where they can store their personal documents, pictures, videos and other personal data. It allows multiple users on the same computer which permits each individual user to have their own profiles on the computer. It is applicable where multiple users work on shifts and use a single on the computer. It is applicable where multiple users work on shift and use a single pc. You must have an administrative control in order to create a new user account.

#image_title

Hands on exercise

Perform activity mentioned in lab no. 1 at the end of this chapter.

Changing the account name and account type

Windows 7 allows you to change the name and account type of existing user accounts.

Hands on exercise    

Perform activity mentioned in lab no.2 at the end of this chapter.

Enabling and disabling a guest account 

Windows 7 allows you to enable or disable the guest account. The guest account allows anonymous access to the computer. Disabling this account will prevent “others” from using services you may have left open by mistake.

Hands on exercise   

Perform activity mentioned in lab 3. At the end of this chapter.

Deleting an account       

Windows 7 allows you to delete an already existing account if you are not using that account for a long time.

hands on exercise   

perform activity mentioned in lab 4. At the of this chapter.

Implementing user account on a shared computer 

In the case of shared computers, the privacy and security of the user account should be maintained for which you can configure the user account. You can protect your data on a shared computer by making your user account password protected.

Hands on exercise            

Perform activity mentioned in lab no. 5 at the end of the chapter.

Application compatibility          

For a small number of application, that were able to perform certain functions in earlier version of windows are unable to perform the same function when run on windows 7. This is known as application compatibility issue. This compatibility issues creates big problem when the administrators try to migrate organizations from earlier windows client operating system to windows 7. There are several numbers of options available to resolve these application compatibility problems which are described below.

Configuring compatibility options   

You can configure the application which work on earlier version of windows and do not work with windows 7 to resolve the application compatibility issues. To configure these applications to run on windows 7, you can use program compatibility troubleshooter.

The program compatibility troubleshooter in windows 7 is a tool that automatically selects compatibility settings to run the application in earlier versions of windows mode. In this case operating system itself fixes problems. So this is the simplest method to sort out application compatibility issues.

Operating system detects the compatibility problem and determines the solution to resolve the problem while troubleshooting the issue. Once the operating system has fixed the compatibility issue, it remembers the solution and same issue will not occur the future.

the program compatibility troubleshooter is applicable only for executable files. It cannot troubleshoot installation issues. MSI format files.

Built in compatibility Modes and options

If the program compatibility troubleshooter cannot resolve the compatibility issue, then you can use the compatibility modes option. Windows 7 provides several built   compatibility modes that configure application to run using setting which modes for an application, select the application and right click to open properties window. Navigate to compatibility tab of application’s properties window. The compatibility tab of properties window is shown in figure.

In compatibility modes that configure application to run using settings which provide earlier windows operating system environment. To configure compatibility modes for an application, select the application and right click to open properties window. navigate to compatibility tab of application’s properties windows. The compatibility tab of properties windows is shown in figure.

Different compatibility modes are available under compatibility mode section of the properties windows. You can select the required compatible modes from the drop down list and click Apply.

Application compatibility Toolkit

Application compatibility Toolkit is a collection of tools that allow you to resolve application compatibility issues. This tool determines whether existing applications are compatible with windows 7 before migrating in to new operating system. the components of application compatibility toolkit are the following.

  1. Application compatibility Manager
  2. Compatibility Administrator
  3. Internet Explorer Compatibility Test Tool
  4. Setup Analysis Tool
  5. Standard User Analyzer

Application compatibility manager

The application compatibility manager enables to configure, collect, analyze and test the compatibility data to resolve any kind of compatibility issue which occurs when you deploy a new operating system in your organization. Application compatibility manger communicates with Microsoft SQL server database which stores all the data.

We can use application manager to create data collection packages. Data collection packages collect all the data about hardware, software and device information for a group of specified  client computers  on a network in your organization. The application compatibility manager sends this data collection package to Microsoft SQL server database present on the network. Then application compatibility manager analyzes the content of database to understand the compatibility issue for a give application. Figure 5.2 shows the functions of application compatibility manager.

Compatibility Administrator

The compatibility administrator is a tool provided by application compatibility toolkit which enables to resolve a large number of compatibility issue before deploying a new windows to your organization. Compatibility administrator provides a set of compatibility fixes and compatibility modes that can be used to resolve compatibility issues with particular applications.

Compatibility fix is a piece of software which stops application programming interface calls from applications and modifies these application to run on new operating system such as windows 7. Collection of compatibility fixes makes a compatibility mode.

Many of already existing applications have compatibility fixes that enables the application to run on windows 7 platform.

Internet Explorer Compatibility Test Tool

Internet Explorer compatibility Test tool is tool provided by Application compatibility Toolkit that allows you to test the compatibility problems of websites which will display on the internet Explorer 8.

Window 7 comes with internet Explorer 8 version. You have to download an application compatibility toolkit from Microsoft website.

 

Internet Explorer Test Toolkit tests the site that you visit and keeps all the information about compatibility issue related with specified websites and web applications.

To use Internet Explorer test toolkit:

  1. Click -start – All programs – Microsoft Application compatibility toolkit -Developer and test tools – internet Explorer Compatibility test tool- click on Enable
  2. Now open a new internet explorer, a message appears that informs you that compatibility tool is enabled. Thereafter you can open the website and web application that you want to test.

Application and software restriction policies

If you want to limit the applications that a user can run on your computer running on windows 7, you can block some specific programs from running. Windows 7 provides different policies to block application from running. Two different technologies available in windows 7 to restrict the execution of some specific applications are software restriction policies and App locker policies. 

Software restriction policies

Software restriction policies are used to protect computers against conflicts and security threats such as malicious viruses and trojan horse programs. You can manage software restriction policies through group policies. To find the software restriction policies:

Click start-control panel-system and security – Administrative Tools- local Security policy – software restriction policies.

You must create software Restriction rules manually. There are no inbuilt rules present in software Restriction policy wizard.to create a new software Restriction policy ,open local group policy wizard and select software Restriction Policy node. Go to the Action menu, and select new software Restriction policies. the wizard showing action menu is shown in figure.

Software Restriction Policies are applied in a particular order. If two conflicting rules with different security rules are applied for the same program, then the most specific rules takes precedence. The order is as follows.

  1. Hash Rules
  2. Path Rules
  3. Certificate Rules
  4. Zone Rules
  5. Default Rules

Hash rule

Hash rule generates a digital finger prints based on binary characteristics of each file to identify that file. This rule does not need file name or location of the file to identify it. You cannot create hash rule software policies automatically. You have to create hash rule manually for each and every file.

Software updates may modify the binary properties of the file. The file which is modified by software updates does not match the original digital finger print of that file. So you must also modify the hash rule each time that you apply a software update on application.

Path rule

Path rules allow you to apply software restrictions for a specific file, folder or registry key by specifying their path. For example you can apply path rule that sets the file C:\Program files \Application\app. Exe to Unrestrict.

If you create a path rule to block a file in one directory, then an attacker can execute the same file by moving the file from that directory to another or by renaming the same file.

Certificate rule                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              

Certificate rule uses a signed software publisher certificate to identify application. Certificate rule can be applied to multiple applications. To configure certificate rule you require a certificate from a trusted vendor. Before executing the application, you have to check the certificate validity of that application on which you applied the certificate rule .

Network Zone rule

This rule can be applied only for the windows installer file (.msi) package.

Different types of software Restriction policy are given below.

Security levels

This level allows you to set software Restriction Policies default rule. When there is no software Restriction policies rule that matches an application, then you can apply this default rule. The three different default rules are following.

Disallowed – when you set this rule, users are unable to execute an application if that application is restricted by an existing software restriction policy.

Basic user- when you set this this rule, then the users cannot execute applications that require administrator rights.

Unrestricted – you can set this as default rule, in this case the user is able to execute an application even though the software restriction policy restricts that application.

 Enforcement

Enforcement policy rules are used to apply software Restriction policy to all users or all users except for members of the local administrators group. You can apply this rule to all software files. If you set default rule as Disallowed and you want to apply enforcement by the program to use that program.

Designated file types           

Designated file types determines which type of file that you want to execute according to the software Restriction policy. An administrator user can modify this rule. For example they can add new file type and remove an existing file type through Designated file type properties.

App locker application control policies     

Like software restriction policies, app locker policies are also used to block some specific applications on a computer. We can apply this policy to all future version of the product, which are already blocked by the app locker. App locker policies are also known as application control policies.

App locker feature is available only in the Enterprise and Ultimate editions of windows7.

To run app locker policies:

  1. click start – control panel – system and security- administrative tools -local security policy – application control policies.
  2. expand application control policies.
  3. Double-click app locker. The local group policy editor with app locker node is shown in figure.

Different rules under app locker are.

Support …..

Read  More…..

                                                                                                                                                                                                                                                                                                                           

Leave a Reply

Your email address will not be published. Required fields are marked *