Managing the settings of a user account is not that difficult to do and pretty much everyone with a little knowledge can do the basics. Things like changing or creating the user password, choosing your picture or a different user name and setting the parental control restrictions can be done with relative ease and are enough to satisfy the average user’s needs. But more experienced users or administrators often require a bit more than what the standard user account screen can cope with. More control over what a user has access to and what usage rights they have been granted can help in fine tuning the security settings for the system and all the users that have accounts on it.
A number of the more advanced settings can be controlled using the local or group system policies and the Group Policy Editor is a common way to set a number of more advanced settings. Unfortunately, the Group Policy editor is only available on the more professional versions of Windows such as XP Pro and Windows 7 Pro or Ultimate. The Home oriented versions are lacking this feature.
If as an administrator you want to have a bit more control over user accounts, whether you have a Group Policy Editor capable system or not, a little utility called Accounts Tuner could be of some value to you. This interesting little tool allows the easy viewing and editing of a number of security and user profile settings for local users or even remote server accounts that would often require you to dig deep into the system to get hold of.
The program is a tiny 300K download and is completely free for personal or commercial use. During install it will check for and download the required VB6 runtimes which should already be present on your system anyway. Although Accounts Tuner will run without administrator rights, you won’t be able to change any of the settings, so right click and ‘Run as Administrator’ to enable full access to them.
The program is pretty easy to work out with all the settings nicely laid out. The radio buttons at the top are to select the local computer or a server if there is one on the local network. The window is basically split into two halves with the currently selected user account options and information on the left and some generic settings that affect all accounts on the system to the right. Each section has a ‘Set‘ button which will apply the relevant settings.
Selecting a user is done with the ‘Username’ dropdown list and then the information and settings will display for that account. The information shown is; the last date the user logged on as well as the actual amount of days the password has been present on the account. ‘Logon count‘ is the amount of times the account has been logged in to, and ‘Bad Password Count’ records how many times a wrong password has been entered.
The account can simply be disabled for a period of time until you decide to enable it again, you can also force unlock an account if it has been temporarily locked due to a number of failed login attempts. You can also set an account to always require a password so the user cannot simply go to their account screen and turn off the password, and also set it so the user can or cannot change their own password. The ‘Password Never Expires’ option works in conjunction with the ‘Max Password Age’ option in the server parameters section. If it is unticked the password will need changing every set amount of days.
The server parameters will affect ALL accounts so be careful with what options you want to edit. The min and max password age boxes are the time in days when a user can or needs to change their password. If for example Min is set to 5, the user cannot change to a new password until the current one is five days old. The Max default is 42 which means if the user password is set to expire, it will expire and a new one will be needed after 42 days. For good security, the ‘Min Password Length’ is useful to stop users entering passwords you would consider too small and insecure. They will have to use one with more characters than you enter in this field.
The lockout options allow you to set the number of incorrect passwords entered before a user gets locked out of the system, the length of time they are locked out for, and the minimal time between failed login attempts that don’t get counted towards a lockout.
The last two options are ‘Password History Length’ which remembers the previous set amount of passwords and does not allow the user to use one of those as a new password. ‘Password expiry Warning’ will give the user a warning xx amount of days before the password is due to expire.
If you don’t have the Group Policy Editor available on your version of Windows or would just like these settings in a nice easy to use interface, Accounts Tuner is definitely worth a look.
Accounts Tuner is compatible with just about everything ranging from NT 4.0 SP6 right up to Windows 7 and 2008 Server R2 with support for 32bit and 64bit.