In days of old, only the administrators of large corporate networks dealt with computer security. These days, with the proliferation of computer viruses, constant connections to the Internet, home networks, and sophisticated hacking techniques used by an ever-growing cadre of snoops and pranksters, everyone should be vigilant. In this section you’ll find valuable information about the ways you can protect your files, your privacy on the Internet, and so on. If other people use your computer, you can protect your files from prying eyes by restricting user rights, by creating a password that protects the computer from unauthorized access, or by locking your computer.
Windows Vista provides many powerful built-in security features, but you have to do your part too, so in this section you’ll find a useful list of things you can do to improve your own security, including checking in periodically with the Windows Security Center to verify that your firewall, virus protection, and software updates are working hard to protect your computer. If several people use your computer (especially if any are children), you can use parental controls to restrict access to games, TV, movies, and Internet sites that contain material you consider inappropriate, and you can apply similar restrictions to movies and DVDs in Windows Media Center.
Windows Vista provides several tools to help you effectively maintain security on your computer system. One of the principal ways to maintain security is to assign specific rights to each user of the computer. Those rights can range from simply being allowed to use the computer all the way up to having permission to make changes to the entire system. You specify user rights by assigning individual users to an appropriate group.
What you’re allowed to do on your computer depends on the user group—Administrator, Standard, or Guest—of which you’re a member. You can see which group you’ve been assigned to by choosing Control Panel from the Start menu and clicking the User Accounts category.
Administrator Group: Users have full control of the computer and can make any changes to the system, including adding or removing software, changing user accounts, and even modifying the Windows Vista configuration. You should log on as an Administrator only when you’re certain you know what you’re doing, only when you’re making extensive changes to your computer, or when you’re using certain administrative tools that will run only when you’re logged on as an Administrator. As an Administrator, when you choose a command that does something Windows Vista considers a security-sensitive action, you’ll be asked to confirm that you want to continue with that action. This confirmation prevents viruses, hackers, and other malicious entities from doing something bad to your computer. The confirmation process, called the User Account Control (UAC), occurs only when the UAC is enabled. Although it’s enabled by default, it is possible to turn it off, which is not a good idea! For information about the UAC, see "Authorizing Administrative Actions".
Standard Group: Users can do most things that don’t affect the overall setup of the computer, including running programs, using and creating files, and installing some programs. When a security-related task needs to be executed and the User Account Control is enabled, Windows Vista asks the user to confirm administrative approval by providing the password for an Administrator account; or, if a program won’t run unless the user is logged on as an Administrator, the Standard user can often choose to run the program as an Administrator by providing an Administrator’s user name and password. Of course, in the latter case, if you haven’t been given the password for an administrative account, you won’t be able to execute any of those tasks. If the User Account Control has been disabled—which, as we said previously, is a bad idea—a Standard user won’t be able to do anything that requires Administrative approval and will need to switch users and log on as an Administrator. Therefore, with the User Account Control enabled, there’s no reason for anyone to always be logged on as an Administrator, which makes the computer vulnerable to malicious or accidental actions that can disrupt or even disable all or part of the computer’s functioning.
Guest Group: Users are people who don’t have user accounts on the computer. By logging on as a member of the Guest group, a user can work on the computer without being able to modify the computer or any files. If you’re a Guest user, you’re limited in what you can do. You can run existing programs but can’t install new programs or make changes to Windows Vista. You can open files that are shared on the computer and possibly shared over the network, depending on the sharing settings, but you can’t save changes to those files. You can save or delete only the files you’ve created yourself. By default, the Guest account is inactive and must be activated before it can be used. There’s only one Guest account on the computer, and there’s no password for this account.