In keeping with Windows 8.1’s schizophrenic nature, there are two places to work with accounts: TileWorld and the Control Panel.
TileWorld. Open the Charms bar. Select Settings; select “Change PC settings”; select Accounts. You see the panel shown at top in Figure 24-1.
Desktop. Open the Control Panel (right-click the
button and choose Control Panel from the
shortcut menu). Click “User Accounts and Family Safety,” then
“User Accounts,” then “Manage another account.” You arrive at the
Control Panel pane shown at bottom in Figure 24-1.Or, another approach: At the Start screen, type accounts. Click Settings under the search bar; in the results, click “Make changes to accounts.”
In each case, you now have access to all the accounts you’ve created so far. Here, too, is where you can create new accounts, edit the ones you’ve already made, or delete them, as described in the following pages.
First, though, it’s important to understand the difference between the three account types you may see in the Control Panel: Administrator and Standard. Read on.
On your own personal PC, the word “Administrator” probably appears under your name in the panel shown in Figure 24-1 at bottom. As it turns out, that’s one of three—well, two and a half—kinds of accounts you can create on Windows 8.1.
Because you’re the person who installed Windows 8.1, the PC assumes that you’re one of its administrators—the technical wizards who will be in charge of it. You’re the teacher, the parent, the resident guru. You’re the one who will maintain this PC and who will be permitted to make system-wide changes to it.
You’ll find settings all over Windows (and all over this book) that only people with Administrator accounts can change. For example, only an administrator is allowed to do the following:
Create or delete accounts and passwords.
Make changes to certain Control Panel programs.
See and manipulate any file on the machine. Install new desktop programs (and certain hardware components).
Install new desktop programs (and certain hardware components).
There’s another kind of account, too, for people who don’t have to make those kinds of changes: the Standard account.
Now, for years, people doled out Administrator accounts pretty freely. You know: The parents got Administrator accounts, the kids got Standard ones.
The trouble is, an Administrator account itself is a kind of security hole. Anytime you’re logged in with this kind of account, any nasty software you may have caught from the Internet is also, in effect, logged in—and can make changes to important underlying settings on your PC, just the way a human administrator can.
Put another way: A virus you’ve downloaded while running a Standard account will have a much harder time infecting the rest of the machine than one you downloaded while using an Administrator account.
Today, therefore, Microsoft recommends that everyone use Standard accounts—even you, the wise master and owner of the computer!
So how are you supposed to make important Control Panel changes, install new programs, and so on?
That’s gotten a lot easier as of Windows 8. Using a Standard account no longer means you can’t make important changes. In fact, you can do just about everything on the PC that an Administrator account can—if you know the password of a true Administrator account.
Note
Every Windows 8.1 PC can (and must) keep at least one Administrator account on hand, even if that account is rarely used.
Whenever you try to make a big change, you’re asked to authenticate yourself. As described on Disabling Accounts, that means supplying an Administrator account’s password, even though you, the currently logged-in person, are a lowly Standard account holder.
If you have a Standard account because you’re a student, a child, or an employee, you’re supposed to call an administrator over to your PC to approve the change you’re making. (If you’re the PC’s owner, but you’re using a Standard account for security purposes, you know an administrator password, so it’s no big deal.)
Now, making broad changes to a PC when you’re an administrator still presents you with those “prove yourself worthy” authentication dialog boxes. The only difference is that you, the administrator, can click Continue (or tap Enter) to bypass them, rather than having to type in a password.
You’ll have to weigh this security/convenience tradeoff. But you’ve been warned: The least vulnerable PC is one on which everyone uses a Standard account.
In TileWorld (Figure 24-2), you might notice that there seem to be three account types: Administrator, Standard, and Child. Yet the Child type doesn’t seem to be available in the desktop Control Panel!
Mystery solved: What TileWorld calls a Child account is nothing more than a Standard account with Family Safety turned on, as described on Family Safety (Parental Controls).