Section 4.1: Types of User Accounts

User accounts are required for accessing local and network resources. Microsoft Windows XP Provides three different types of user accounts: local user accounts, which allows a user to log on to a specific computer to gain access to resources on that computer; domain user accounts, which allows a user to log on to the domain to gain access to network resources; and built-in user accounts, which allows a user to perform administrative tasks or to gain access to local or network resources.

Local User Accounts	Enable users to log on and gain access to resources on a specific computer Reside in Security Accounts Manager Must be created on each computer in a workgroup
Domain User Accounts	Enable users to log on to the domain to gain access to network resources Reside in Active Directory
Built-in User Accounts Administrator and Guest	Enable users to perform administrative tasks or gain temporary access to network resources Reside in SAM (local built-in user accounts) Reside in Active Directory (domain built-in user accounts)

4.1.1: Local User Accounts

A Local user account allows a user to log on at a local computer and gain access to resources only on the computer where you create the local user account. When you create a local user account, Windows XP Professional creates the account only in that computer's security database, which is called the local security database. After the local user account exists, the computer uses its local security database to authenticate the local user account, which allows the user to log on to that computer.

Active Directory

You create a domain user account in the Active Directory database on a domain controller. The domain controller replicates the new user account information to all domain controllers in the domain. After Windows XP Professional replicates the new user account information, any of the domain controllers in the domain tree can authenticate the user during the logon process.

4.1.2: Domain User Accounts

A Domain user account allows a user to log on to the domain and gain access to resources on the network. The user provides his or her password and user name during the logon process. By using this information, Windows XP Professional authenticates the user and then builds an access token that contains information about the user and security settings. The access token identifies the user to computers running Windows XP Professional on which the user tries to gain access to resources and is provided for the duration of the logon session.

4.1.3: Built-In User Accounts

Built-in user accounts are automatically created by Windows XP Professional. Two commonly used built-in user accounts are the Administrator user account and the Guest user account. Built-in user accounts can be renamed but cannot be deleted.

4.1.3.1: Administrator

The built-in Administrator user account is used for computer management. If your computer is part of a domain, the built-in Administrator user account is used to manage the domain configuration. Tasks done using the Administrator user account include creating and modifying user accounts and groups, managing security policies, creating printers, and assigning permissions and rights to user accounts to gain access to resources.

As a security precaution, you should create a user account that you use to perform nonadministrative tasks. You should log on by using the Administrator user account only when you perform administrative tasks.

4.1.3.2: Guest

The built-in Guest user account is used to give occasional users the ability to log on and gain access to local and network resources. By default the built-in guest user account is disabled in Windows XP Professional.