User Accounts and Fast User Switching
. In Windows XP, new client services not only blend the ease of use of familiar Windows 9X profiles with the robustness of Windows NT (and Windows 2000) user management, but significantly improve on the combination. While the majority of these advancements will be appreciated most by home users, enterprise customers that share assets-for instance, with shift workers and telecommuters or with users who access e-mail from multiple machines while roaming-will also see improvements.
Many computers are shared between multiple users, particularly in the home environment where studies have shown that 80% of computers are used routinely by multiple people. In previous versions of Windows NT, user account management-which could be strictly enforced across the enterprise by administrators-was a somewhat tricky process that was beyond the abilities of most non-computing professionals. Simple-to-use Windows 9X profiles, however, were not enabled by default and were largely ignored: The cost of actually using the profiles, which required that users log off before allowing other users to access the system, meant that the vast majority of machines made do with a single shared profile, with all of the corresponding security, configuration, and data-loss risks.
In Windows XP, user profiles are always enabled and even non-enterprise users are encouraged to create accounts during the Setup process. These accounts are based on Windows NT profiles and allow Windows XP to provide strong isolation and protection of users’ data and settings. If multiple user accounts are configured on a machine, then users are presented with a Welcome screen that appears featuring separate-and customizable-graphics for each user. Users of Windows XP machines that are members of an NT-style domain do not see this screen, since presenting a list of machine users could be considered a security violation. A new control panel applet replaces the familiar Windows NT User Manager and Windows 2000 Computers and Users snap-in, providing a simple interface that allows almost anyone to set up a new user and give them appropriate rights and privileges.
Fast User Switching
Windows XP introduces fast user switching. Undoubtedly, fast user switching is the single most important feature that makes sharing Windows-based computers workable. Using fast user switching, it is not necessary for a user to log off the computer before allowing a second user to access their own account. Instead, the first user’s account is “disconnected,” which leaves all the programs running; the second user can then log on, and then the users can switch quickly between logged-on accounts. Many accounts can be open simultaneously on one computer, though only one account at a time will be able to interact with the keyboard, screen, and input devices.
In the home environment, for instance, fast user switching allows a parent working on a personal finance program to yield the computer to a child to work on homework by browsing the Internet, without requiring the parent to shut down and restart the finance program and without exposing the child to the parent’s financial information. In the business environment, fast user switching can allow multiple users in a common environment, such as a research lab, to share a single machine.
Fast user switching is just one of two mechanisms that allow multiple users to work with a single system. Remote desktop, another built-in Windows XP feature, allows users to interact with machines remotely across a network and to access data and applications on those remote machines. While fast user switching is aimed principally at the home market, remote desktop enables business users to access their corporate desktops from remote computers-and vice versa, enabling them to operate home machines while at work.
Both fast user switching and remote desktop use Windows XP’s updated terminal services technology. Improvements have been made to both the server and client components of terminal services. Windows XP now features support for both local and remote sound, 24-bit video, performance optimizations, and the mapping of the local drives and printers.
Fortunately, most applications don’t have to be rewritten to work with terminal services and, thus, fast user switching and remote desktop. Rather, they need to respect basic user settings management guidelines. These guidelines are not new: Most are covered in the Windows 2000 Certified for Windows Application Specification, which has been available on Microsoft’s Web site for some time. The Data and Settings Management section of this specification includes several topics that are particularly important when supporting multiple users on a single machine:
· Default to the My Documents folder for storage of user-created data;
· Classify and store application data correctly;
· Degrade gracefully on “Access denied” messages. r> Mostly, this means isolating data and settings for each user. And an important step in this direction is to ensure that you are using the HKEY_CURRENT_USER registry key rather than HKEY_LOCAL_MACHINE for storing settings in the system registry. You should also be careful to install programs correctly and to classify and store data correctly. You can use the ShGetFolderPath API to obtain the path of a specific named folder-such as “My Documents” or even “Program Files”-as well as the appropriate directories for storing Roaming, Non-Roaming, and Shared application data. The following are some general guidelines for locating data:
· ProfilesusernameApplication Dataappname
- Roaming, auto-created user files (e-mail DB, custom dictionaries