Managing local users
In this section, we will look at the local users in Windows 10. If you have experience with an earlier edition of Windows, you might be familiar with configuring local users since this has remained unchanged over the years.
Before you log into Windows 10, you must create a user account during the initial setup. There are three types of accounts you can use to do this:
- Local account
- Domain account
- Microsoft account
In this chapter, we will focus on the local account, because this will appear in the MD-100 exam.
As described previously, a user account is required to log on in Windows 10. To secure it, the user account should have a password. While installing Windows 10, user accounts that are automatically created. We will look at this shortly.
Configuring local accounts
As the name suggests, a local user account resides on the local device only. It does not allow a user to access resources on other Windows 10 computers. Typically, you use local user accounts for workgroup environments in which you have networked only a few computers, and in which users typically work with resources attached to their own devices.
Choose a local account if you are not connecting to a network domain. You will be able to log in, change your settings, install software, and keep your user area separate from others on the system. However, local users will not be able to access features made available by Microsoft Accounts.
Default local accounts
While installing Windows 10, three accounts are created automatically:
- Administrator
- DefaultAccount
- Guest
Local user accounts, including the three default accounts, are stored in the Security Accounts Manager (SAM) database in the registry.
The default administrator account cannot be deleted or locked out, but you can rename or disable it. When the default administrator account is enabled, it will require a strong password. By default, the administrator account is disabled.
You can create additional local user accounts and give these accounts any name you want, but keep in mind that the username must fulfil the following requirements:
- It must be 1 to 20 characters in length.
- It must be unique among all the other accounts and group names.
- It cannot contain the following characters: \, /, ", [, ], :, |, <, >, +, =, ;, ,, ?, *, @.
The initial user account that's created while you install Windows 10 is automatically a member of the local Administrators group and can perform local management tasks on the device.
Creating a local user
To create another account on your Personal Computer (PC) for someone else who does not have a Microsoft account, follow these steps:
- Right-click the Start menu or press Win + X and click on Computer Management.
- The Computer Management console will open.
- Expand System Tools.
- Expand Local Users and Groups.
- Click on Users:
Figure 4.1 - Users folder in Computer Management console
- Right-click somewhere in the middle pane.
- Click on New User….
- The New User window will open:
Figure 4.2 - Adding details for New User
- Fill in the empty fields for a new user, click Create, and then click Close. The new local user account has now been created.
After you have created the new local user account, you can modify more properties by double-clicking the user account. This will open the Properties window of the user account. Here, you will see three tabs: the General tab, the Member Of tab, and the Profile tab. The General tab is shown in the following screenshot:
Figure 4.3 - The user's Properties window general tab
In the Member Of tab, you can add the user to one or more local groups or remove the user from one or more groups on the computer. In the Profile tab, you can modify the following properties:
- Profile Path: This is the path to the location of a user's profile. The profile stores the user's settings, such as the color scheme, wallpaper, and app settings. By default, each profile will be stored in the C:\Users\Username folder.
- Logon Script: Here, you can type in the path to a script that will run while the user logs in. Typically, this type of script is a .cmd or .bat file.
- Home Folder: This is the personal storage location for the user where they can store their personal documents. By default, it is the C:\Users\Username folder, but you can specify an alternate location by using Local Path or the Connect field. Local Path is a different path that's local on the computer, for example, D:\Users\Username. Using the Connect field, you can set up a network location as the default user's folder with a specified drive letter; for example, H:\Users\Username.
The preceding settings can be seen in the following screenshot:
Figure 4.4 - The Profile tab of a user
Let's move on and learn how to use Windows PowerShell.
Using Windows PowerShell
You can use Windows PowerShell to view, add, modify, or delete a local user account. You need to run the cmdlets with elevated rights.
To manage local users with PowerShell, you can use the following cmdlets:
- Disable-LocalUser: This cmdlet disables local user accounts.
- Enable-LocalUser: This cmdlet enables local user accounts.
- Get-LocalUser: This cmdlet gets local user accounts.
- New-LocalUser: This cmdlet creates a local user account.
- Remove-LocalUser: This cmdlet deletes local user accounts.
- Rename-LocalUser: This cmdlet renames a local user account.
- Set-LocalUser: This cmdlet alters or modifies a local user account.
For example, to add a new local user with a password, run the following cmdlets:
$Password = Read-Host -AsSecureString
New-LocalUser -Name Jeroen -Password $Password -Description "Personal account" -FullName "Jeroen Burgerhout"
Now, you're aware of how the three default local user accounts are created while Windows 10 is being installed. You also know how to create a local user account with the Computer Management console, how to create a local user account with PowerShell, and how to modify the properties of a user account with (for example) a different profile location or home folder.
Now, let's look at how we can manage and create local groups.