CIS 106a: Introduction to Operating System Concepts

Chapter 4: Supporting Windows 2000/XP Users and Their Data



This chapter is about user accounts in Windows 2000 and Windows XP. Objectives important to this chapter are:

  1. Creating user accounts
  2. Supporting users and their data
  3. More about hard drives and backups

This chapter is about Windows users in a business environment, not users at home. Users cannot log in to a Windows environment (a workstation or a network) if they do not have an account.

  • local user account - an account on a particular workstation; permissions granted to it apply only to that workstation
  • global user account, domain user account - an account created by an administrator that can be used from any computer in a domain (unless it is restricted to login only from particular computers); permissions will apply to this account regardless of the computer used to log in

When a workstation is installed, Windows automatically puts in two accounts:

  • administrator - this account has rights to the entire computer, by default; it should be renamed, and a password should be set
  • guest - this account should be disabled if you care about security at all; it typically has no permissions to anything important, but hackers love to abuse it

Several groups (lists that users can be placed on, and rights and permissions assigned to) exist by default:

  • Administrator: used to perform all administrative tasks; it is better to add and remove users from this group as needed than to give them the password for the administrator account
  • Backup Operator: used to backup and restore files; another role-based group
  • Power User: used to perform some administrative tasks; this group exists to grant some users permissions that you do not grant to every user in your network
  • Limited User: provides limited read and write access; this is the opposite of a power user; this group is for users who should be restricted in their access, but must use the network for some purposes, and may be allowed to install software; like other users, they can change their passwords
  • Guest: provides limited access to files and resources; this group is the least trusted; members of this group can save files and run software; these users are not allowed to change their password (think of them as very temporary users)

When a user logs on for the first time, a user profile is created on the workstation they used. This saves information about them and what they do. For instance, if the user runs Internet Explorer and sets some favorites, they are stored in their user profile. Other user of the same workstation will not see those favorites in Internet Explorer.

You can view user profiles on a PC by going to My Computer, Properties, Advanced, User Profiles.

When you create a user account, there are some rules that should be remembered:

  • User account names can consist of up to 15 characters
  • Passwords can be up to 127 characters (no one would remember one so long)
  • User accounts can be set up with or without passwords: without is a very bad idea
  • Passwords can be controlled by the administrator - this means that the administrator can reset a password, make it required or not, set the time until expiration, or set it to never expire. The one thing an administrator can't do is read what anyone's current password is.

When a user gets a new computer, their files and profile should be copied to the new machine:

  • Users can do this themselves with the Files and Settings Transfer Wizard. It is the fastwiz.exe program, found on the XP install disk.
  • Administrators can do this with the User State Migration Tool (USMT). The administrator runs scanstate from a command line to scan copy the user's files to a network location. The administrator then runs loadstate to put the files on the new computer.

There are several ways for a user to open a command prompt window. The text recommend clicking Start, Run, entering cmd, and pressing enter. When in that command prompt window, you can enter any DOS command you are familiar with. For the sake of those who have never used DOS, follow this link to Computer Hope's web page about DOS commands. Students should review basic commands such as: dir, del, copy, cd, md, rd, attrib, xcopy, chkdsk, and format

On a command line, commands and filenames are composed of letters, numbers, and specific symbols. Some symbols cannot be used in filenames because they have a special purpose. For example:

  • * - an asterisk stands for any number of characters. DOS users used to type del *.* to delete all files in the current directory.
  • ? - a question mark stands for a single character. DOS users might type dir ?.exe to get a directory listing of all files whose names start with a single character and end with .exe

Task Scheduler is a Windows utility to schedule a program, a script, or a batch file to run at a particular time on regular basis, such as daily, weekly, monthly, or at log on. It is notorious for being a bit touchy, so be careful how you decide to use it.

Group Policy is a rule or set of rules that are applied to groups of network users or computers. In Active Directory networks, group policies can be set up for different groups to provide access to resources or to prevent access to them.

The Start Menu can be controlled from the properties of the Start button. You may never have right-clicked the Start button. Go ahead... try it. (It is easier to access these properties this way when the task bar is full of icons and task labels.)

The text suggests that you can control what programs appear to users by right-clicking the Start button and selecting Open All Users. I think you should select Explore All Users, instead. If you do, you will get a much clearer idea that you are looking at the Start Menu property of the All Users profile. (This profile applies to all users of the computer you are working on.)

XP provides two utilities for remote communication and assistance:

  • Remote Desktop - this provides the ability to remotely connect to another computer over the Internet (or over your own network) and operate that computer as though you were actually there
  • Remote Assistance - this allows you to ask someone to look at your computer remotely, usually as a means of correcting a problem. The PC making the request must have Remote Assistance enabled, and the remote user should have an account on the requesting PC that is the same as on the one he is using. (If both users are signed in to the same domain, the account issue is not an issue.) Firewalls can prevent this service from working over the Internet.

The text turns to the topic of hard drive support. Over time, all hard drives need some maintenance. As I was preparing these notes, I noted that my hard drive was almost full. I followed several suggestions from the text:

  • Uninstall software: I uninstalled software that I had not used in years
  • Remove unnecessary data: I copied old data files to CDs and deleted the files from the hard drive
  • Disk Cleanup: I considered running Disk Cleanup, and decided not to do so. I prefer not to use compressed data on my hard drive.
  • Defragmentation: I have not defragmented my disk today, since I am working on it and do not want to wait for some hours before I can continue. Defragging a disk should be done on a regular basis to put the various pieces of files in contiguous clusters where it is possible to do so.

The text describes some problems that come from the way file systems work:

  • Files are usually large enough that they must be stored in many clusters. A sequence of clusters holding a file is called a chain.
  • The FAT table on a hard drive records filenames, and the number of the first cluster in the chain that holds the file.
  • The first cluster in a chain holds part of the file and a pointer to the next cluster in the same chain. Each subsequent cluster in the chain points to the next.
  • When clusters hold data, but no pointers point to them, they are called lost clusters. The data in these clusters can't be accessed by the file system.
  • When more than one chain points to a cluster, it is called a cross-linked cluster. In this case, it is not clear which file the data actually belongs to.
  • These problems may be addressed by the Chkdsk utility or by opening the properties of a disk, choosing Tools, and Check Now.

When a hard drive is getting full and you cannot remove data from it, you may want to consider data compression. You can compress a single file, a folder, or a volume.

If you are using NTFS, you can set a quota for each user, which limits the amount of data they are allowed to save on the drive.

Backups are recommended by all texts, but users rarely address the issue. A backup is a copy of a data or software file that you save in another place. The text offers tips for creating backup and recovery plans:

  • Decide on the backup media; e.g., tape, CD, DVD
  • Back up data after every four to ten hours of data entry
  • Always record your regular backups in a log
  • Perform backups using the Backup Utility Options for scheduled backups: Full, copy, incremental, differential, and daily
  • Restore and Manage Media tab of Backup Utility is used to recover files, folders, or an entire drive

Four backup strategies, or schedules, are often encountered. You should know them. First some terms:

  • Full - a backup of all files in the target; sets the archive bit of each file to OFF
  • Incremental - a backup of target files that are new or changed since the last backup; depends on the fact that programs that change files typically set the archive bit to ON when a change is made; sets archive bit to OFF for all files it copies
  • Differential - a backup of all files new or changed since the last Full backup; copies all files whose archive bit is set to ON; does not change the archive bit of files it copies
  • Copy - like a Full backup, but does not change the archive bit of files it copies. This is typically not part of a standard backup strategy, but an option to work around the system.

This needs more explanation. Assume we use a tape drive to make backups. In a Full backup strategy, the entire target is backed up to tape every time we make a backup tape. This strategy consumes the most time and the most tapes to carry out a backup. To restore, we simply restore the most recent tape(s). This is the least time consuming strategy for restoring, but the most time consuming for creating backups.

The second method, Incremental backup, means that we start with a Full backup of the target, and then each successive backup tape we create only backs up the elements that are new or changed since the last backup was created. This means that successive backups will not always be the same length. Therefore, this is the least time consuming backup, but the most time consuming restore. To restore, we must first restore the last Full backup made, and then restore EVERY tape made since then, to ensure getting all changes.

The third strategy, Differential backup, also starts with a Full backup tape. Then each successive tape made will contain all the files changed since the last Full backup was made. This means that we will have to restore only one or two tapes in a restore operation. If the last tape made was a Full tape, we restore only that one. If the last tape made was a Differential tape, we restore the last Full tape, then the last Differential tape.

In both Incremental and Differential backup strategies, you will typically use a rotation schedule. For example, you could have a one week cycle. Once a week, you make a Full backup, then every day after that you make the other kind you have chosen to use: Incremental or Differential.

To keep them straight in your mind, remember that:

  • a Full backup copies everything. Resets all archive bits.
  • an Incremental backup copies everything different from the last backup. Resets the archive bits of files it copies.
  • a Differential copies everything "different from Full". (Different from the last Full backup.) Does not reset any archive bits.
  • a Copy makes a Full backup, and does not reset any archive bits.

The time required to create backup tapes should be considered along with the time to restore a backup. When you consider the two concepts as two sides of the answer to a question (What method should I use?), the answer may be the most common choice: Differential. It is the best compromise in terms of backup time versus restore time. Note also, that all three standard methods require a full backup on a regular cycle. The recommendation is usually to run a Full backup tape weekly.

Whichever backup strategy you use, you should consider keeping one set of backups in secure location at your site (handy and protected) and another set in a secure location at a distant site. Consider the potential disasters that could occur at your location (fire, flood, tornado, hurricane, vandalism, etc.) and decide how to protect your backups and how far away the other sets should be.

Some troubleshooting suggestions are offered at the end of the chapter. Students should review them, and consider them in terms of other troubleshooting techniques they know.