Thursday, December 28, 2006
Chock One Up..
...for the Microsoft Vista Team. They have successfully botched user authentication controls yet again.
Generally speaking, if I am setting up systems running Windows, I do have the option of setting up users with less than administrative privileges on the system. This is a good thing because the Administrator group should only be used when making global system changes. Administrative privileges are not needed for day-in-day-out computing needs. However, my concern is in regards to Microsoft's labeling of the different user accounts.
In WinXP, if an administrator wishes to create new accounts, he/she goes into the Control Panel and uses the user account creation tool to create either a "Computer Administrator" account (not recommended) or a "Limited User" account (more recommended, but not totally). The problem with creating all accounts as "Computer Administrator" is that each administrator has full control over global system settings. The problem with the "Limited User" account is that the user is so restricted in access that it is often frustrating and pointless to even log in. Windows Vista is stuck with the same problem. It's a dichotomy of user account privileges. On the one hand, the user has basically full control over the system and on the other hand, the user has no control at all.
So, to counter that problem, there is a more granular way to create user accounts. In the Administrative Tools Control Panel applet, there is a way to create local users and groups. However, there is no such user or group as "Limited User." This leaves me scratching my head as to where "Limited User" fits into the ladder of the different user settings. I mean, it's really granular at this point. There is, of course, the Administrator group, which is pretty self-explanatory. Beyond that, it gets fuzzy. There are "Power Users," "Remote Desktop Users," "Operators," "Backup Operators," and of course, "Users." I think the "Limited User" setting points to this last group, the "Users" group, but I'm not sure. Each one of these different groups has different access privileges. Why then, can't they make this more apparent with the standard user interface for creating users? Most consumers (read Joe End-User) will not go through the Administrative Tools Control Panel applet to set up users when there is a "Users" applet available also. The problem is that the "Users" applet is too simple. With it, the user either creates God (Computer Administrator) or fleas (Limited User). There is no in-between. The Limited User often doesn't have enough access to even use the network card, thus making Internet capabilities a moot point. It's simply a case of oversimplifying something.
For all intensive purposes, there needs to be some kind of consolidation between the stupid Windows XP/Windows Vista user account tool and the tool in Administrative Tools. It's just too much of a problem. Microsoft also needs to change their attitudes about the way users are handled. It should not take an Administrator just to run a word processor or to browse the Internet.
So, there you have it. So let it be written, so let it be done.
Generally speaking, if I am setting up systems running Windows, I do have the option of setting up users with less than administrative privileges on the system. This is a good thing because the Administrator group should only be used when making global system changes. Administrative privileges are not needed for day-in-day-out computing needs. However, my concern is in regards to Microsoft's labeling of the different user accounts.
In WinXP, if an administrator wishes to create new accounts, he/she goes into the Control Panel and uses the user account creation tool to create either a "Computer Administrator" account (not recommended) or a "Limited User" account (more recommended, but not totally). The problem with creating all accounts as "Computer Administrator" is that each administrator has full control over global system settings. The problem with the "Limited User" account is that the user is so restricted in access that it is often frustrating and pointless to even log in. Windows Vista is stuck with the same problem. It's a dichotomy of user account privileges. On the one hand, the user has basically full control over the system and on the other hand, the user has no control at all.
So, to counter that problem, there is a more granular way to create user accounts. In the Administrative Tools Control Panel applet, there is a way to create local users and groups. However, there is no such user or group as "Limited User." This leaves me scratching my head as to where "Limited User" fits into the ladder of the different user settings. I mean, it's really granular at this point. There is, of course, the Administrator group, which is pretty self-explanatory. Beyond that, it gets fuzzy. There are "Power Users," "Remote Desktop Users," "Operators," "Backup Operators," and of course, "Users." I think the "Limited User" setting points to this last group, the "Users" group, but I'm not sure. Each one of these different groups has different access privileges. Why then, can't they make this more apparent with the standard user interface for creating users? Most consumers (read Joe End-User) will not go through the Administrative Tools Control Panel applet to set up users when there is a "Users" applet available also. The problem is that the "Users" applet is too simple. With it, the user either creates God (Computer Administrator) or fleas (Limited User). There is no in-between. The Limited User often doesn't have enough access to even use the network card, thus making Internet capabilities a moot point. It's simply a case of oversimplifying something.
For all intensive purposes, there needs to be some kind of consolidation between the stupid Windows XP/Windows Vista user account tool and the tool in Administrative Tools. It's just too much of a problem. Microsoft also needs to change their attitudes about the way users are handled. It should not take an Administrator just to run a word processor or to browse the Internet.
So, there you have it. So let it be written, so let it be done.
Comments:
Post a Comment