« Printing Digital Images | Main | Changing the RDP Port »

May 13, 2008

XP Administrator Account

Normally, the idea of two people sharing a computer is not something with which I'm very comfortable. I kinda feel like, if it's my computer, then I ought to be able to see everything on it. And when I install software on a computer, I only ought to have to install it once. So, if you have multiple users, you end up wondering if all the users can see the new software, and if you can see each others files or not, and all of this nonsense, which just seems like so much garbage to worry about when there's no real need for it.

But now that Jennifer has a computer, I'm starting to change my way of thinking. For the first time in my life, I want to set up a computer so that two different people can use it, and have a somewhat different experience.

For starters, when she launches a browser, I want her to have a different home page than I have. And I want her to have a different filter on her Google search results as well. And, although I don't mind if she wants to run software on the PC, probably only I should be doing any full-on software installs/upgrades.

So I'm going to try to get two user accounts set up on this computer where I am the administrator and she has only user priveleges.

I know very little about Windows XP security. I mean, I've always sort of managed to fumble my way through, but I've never really understood XP security any more than I've understood women.

When I attempted to connect to my new computer over a RDP session, it wouldn't work. So I went to the "remote" computer, righ clicked on "My Computer", selected "Properties" and "Remote" and then clicked "Select Remote Users", I noticed that it says: "The users listed below can connect to this computer, and any members of the Administrators group can connect even if they are not listed." Then it says "Admin" already has access. (My account really isn't named "Admin", I'm just calling it that so I don't get hacked.) And I'm thinking...who the h3ll is "Admin"? This isn't a user that I see when I sign on.

So, I began to believe that there is a full-on built-in administrator account, but you can't see it when you sign in. At least, that's what I began to suspect, as crazy as it seems. So, tonight it bothered me enough that I decided to figure out what was going on and I found this:

The built-in Administrator account is hidden from Welcome Screen when a user account with Administrator privileges exists and enabled. In Windows XP Home Edition, you can login as built-in Administrator in Safe Mode only. For XP Professional, press CTRL + ALT + DEL twice at the Welcome Screen and input your Administrator password in the classic logon window that appears.

Since I already had the Microsoft Tweak UI Powertoy installed, I just did the following:

Open TweakUI and click "Logon" option in the left pane. Put a checkmark against the option "Show Administrator on Welcome Screen". Click OK to close TweakUI.

I go around to each one of my computers, in turn and repeat the Tweak UI change to show the Administrator account and I see that, without exception, each computer now shows me the true "Administrator" account. I'm not really sure what I've accomplished in doing this, but I have to start somewhere to unravel the mystery of XP security. I feel like I have the short end of the wedge in now.

But then, I signed off and switched over and signed on as "Administrator" and....wow. I mean...what can I say? I have a new desktop...the XP idiot version of the Start Menu...then it asks me if I want to take a tour of Windows XP an then right away, AVG boots up from scratch and asks me if I want to check for updates like it's doing some initial run and I'm thinking....this is exactly what I wanted to avoid.

What I really want to do is clone her setup and make my account exactly like hers. That's what I really want to do.

What's really confusing to me is that on my new web server, there seem to be two different names for the same account. For instance, my account seems to be alternately referred to as "Robert" and "XP". Why is this? I have no idea.

OK. Now, I've dug around some and this is what I've come up with. In XP, when you create a new account, the account can be a "Computer Administrator" or a "Limited" account. You must give the account a name - let's assume you call the account "Bubba". At the time that the account is created, an "Object" with an "Object Type" of "User" is created with a "Name(RDN)" of "Bubba" in the "Location" of your Computer Name. The reason for all the quotes is that, apparently, all of this means something to XP. (It means nothing to me.)

But here's the tricky part. Now, let's say that you want to rename the user account. You can. But the Object that was created is never renamed. So, you'll still see the old object name occasionally, like when the computer shows you what accounts already have access to use RDP, you'll see the old Object name. Perfect.

So, what it looks like to me is that XP Pro does sort of a half-@ssed job of renaming user accounts and, in order to never see the old user name again, I'm going to have to delete my account and re-add it. Great. Good job, Microsoft. Argh!

OK. Let's leave that for now. First, I want to create a new user account for me on Jennifer's computer, but I want it to be an exact copy of her account. At least that gives me a decent starting point, instead of being prompted to "Take a Tour of Windows XP."

So this web page seems to describe a process for copying user profiles in XP Pro, so I followed their directions:

To copy a user profile in XP do the following:

Open System applet in Control Panel (or right-click My Computer and choose Properties).
Click the Advanced tab.
In the User Profiles section click Settings.
Highlight the user profile you want to copy. Press Copy To.

Now, this was interesting, because this is stuff I've never played with, for whatever reason. There are a lot of caveats on the page, about what profiles you can copy and where you can copy them, etc., but this is the general gist of it. So, I did this --- I copied a Profile, but it didn't create a new user account. I want to create a new user account. I want to rename the stupid Object. It shouldn't be this hard.

OK. After poking around some more, it looks like this is half of the solution. According to this site, you have to create a new account and then copy your profile from the old account to the new one.

However, I tried this and it did something funky to me. Something I haven't seen since I was working out in Tennessee. What it did was to create a new profile/folder for me under documents and settings named "Robert.Dell1700mhz", as in "user.computername". When, what I wanted it to do was to use the profile/folder that I had created when I copied the profile. Argh!

OK. I didn't follow the directions closely enough. I started over and followed these directions by the letter and it worked fine. I swear to God that Microsoft sucks, and it certainly shouldn't be this hard to copy a user, but this does work if you're patient and diligent.

Update: After much tinkering and swearing, I've come to the following conclusion. If you need to copy a User, you can't. There's just no point in even trying. It's too hard, and Microsoft is too fucked up to realize this. Just create a new user and copy over whatever you need using Windows Explorer. Just muddle through it the best you can, because there is no slick way to do it.

Observation Number 1: You can never really "rename" a user. You can change the name that you see in some places in XP, but behind the scenes, XP never forgets what the object's name was when it was created. It never forgets and it never forgives. XP carries the old object name around forever like herpes. The only way to truly make the old user "object" go away is to delete the user and start over.

Observation Number 2: You should never use Microsoft's little God-forsaken tool to copy user profiles. They have a clever little utility to copy user profiles - to access it, you right-click on My Computer and select Advanced and then under User Profiles click Settings. It's hidden for a reason. Because it doesn't work. Or, at the very best, it does very little of what you'd like it to do and a great deal that you don't want it to do. What you'd like it to do that it doesn't do:
a) It doesn't copy forward all of your customized little settings - like the fact that you use Windows classic taskbar and folder views and your desktop wallpaper and that you don't want automatic Word selection turned on in MS Word and that you never never never want to see that fucking dog or that paperclip again. My vision of hell is me working on a computer for the rest of my life with that dog and that paperclip popping up six times a minute with a Billy Mays commercial blaring in the background and some psychotic bitch ringing my doorbell as fast as humanly possible.
b) It does copy the files from one user to another, but it doesn't do it very well. By this, I mean that it's exceedingly slow and agonizingly temperamental. I got multiple errors while it attempted to copy profiles.
c) When it did finally successfully copy the profile, it kept vestigial remnants of the original user name that I've been trying all night to delete. Like, somehow, XP knows that the "My Documents" folder was originally created for a user named "Jennifer Kiser". I believe this has something to do with Active Directory Structure, but I don't know and I don't care. Just want this old user ID to die and I can't kill it. Argh!
d) When I delete a user on this computer, it asks me if I want to keep the user's files and I say "No". So, you'd think that the profile is deleted. It isn't. When I go into their horrible little Profile tool, I see it is still listed there as "Account Unknown". Nice job, Microsoft. Well played. I have to delete it manually, but you have to reboot before you're allowed to do even this.

So, at the end of the day, what has this miserable little User Profile utility actually done for us? Not much. It's created as many problems as it's solved. Each application you go into will act like it's never been run before, whether it's MS Word or Firefox or even Windows Explorer. True, your files are there, but any Computer Administrator can see at a glance that the files were copied from another user.

My suggestion is just to create a new user. Copy over the files you want using Windows Explorer. And then delete the old user.

Posted by Rob Kiser on May 13, 2008 at 9:13 PM


Post a comment

Remember Me?

(you may use HTML tags for style)