Windows 2000/XP User Switching Method

Users who use Windows 2000/XP know that it is best not to log in as a member of the Administrators group in their daily work. This is because the administrator has the power to kill the system files. If you are not careful, you will "kill innocent" and cause the system to "reject to play again." Usually you should log in to the system as a normal user (member of the Users group). Since the accounts of the Users group cannot modify the system registry settings, operating system files or program files, they have innate immunity to viruses and Trojans!

Obviously, using the Users group member login can make Windows 2000/XP not "easy to get hurt" like Windows 98, but users can't use applications that can only be executed by system administrators, such as system management tasks ( Disk defragmentation, etc.), use a virtual optical drive, and so on.

It seems that fish and bear's paw can't have both - but these Microsoft have already considered for us, it provides us with "user switching" function in Windows 2000/XP. This function is different from the user logout. For example, different user accounts are like actors on the stage. Logout is to replace the actors (user accounts), and all the props that are carried with this actor (the application opened by the user account) ) All are removed; and user switching is equivalent to just giving the actor a "face change" (temporary replacement of the user account identity), and will not remove the item costume (retain the session opened by the user account). Let's say that we don't practice it. We will use Windows XP as an example to see how to use the fast user switching function.

Using the "Logout" menu method

The most common way to switch users is to access the user switching function via the "Logout" menu. To do this, click Start→Logout. In the Uninstall Windows dialog box shown in Figure 1, click the Switch User button to keep the current session state. On the surface, this is no different from logging out users, but using the switch user method can keep the session opened by the original user account (for example, if you are in the process of downloading the software, the download task will continue after the user switch. If you use "Logout", then the software download task will be forced to close).

FIG. 1

fast user switching

Obviously, the above method is cumbersome: the administrator user needs to switch to the environment, and then log off back. In fact, many times there is no need to do it, we can use the fast user switching function to run the application as an administrator directly in the current user environment!

Suppose we are in the normal user environment and want to configure the trust domain of Norton Personal Security. However, because the current user's "face (ie, permissions)" is not large enough, the firewall configuration program refuses to execute. Let's come up with a fast user switcher: Open "Start → All Programs → Norton Internet Security", right click on the "Norton Internet Security" menu item, select the "Run Mode" menu item, the program will open " Run the Identity dialog box, click the "The following users" radio button, then select an administrator account in the "User Name" drop-down list box, and enter the corresponding account password in the "Password" text box. Finally click the "OK" button, as shown in Figure 2. Next, the system will run Norton Personal Security's configuration program as an administrator!

use the Runas command

familiar with Linux /UNIX su command to friends will not be unfamiliar, the user can use this command "face" freely between the super-user, the average user. Windows 2000/XP now has a similar command - the Runas command. Runas is a DOS command that runs only in the Windows 2000/XP DOS command window. It allows the user to run specified tools and programs with other privileges instead of the permissions provided by the currently logged in user account. The syntax is as follows:

Runas [{/profile| /noprofile}] [/env] [/netonly] [/showtrustlevels] [/trustlevel] /user:UserAccountName program

The role of each parameter is as follows:

/profile: load user profile Is the default parameter of the Runas command.

/no profile: Does not load the user profile, which can improve the loading speed of the application, but because some applications need to read the configuration file of a specific user, it is not recommended to use this parameter.

/env: Specifies the network environment currently in use, not the user's local environment.

/netonly: Indicates that the specified user information is only used for remote access.

/showtrustlevels: Lists the /trustlevel switch.

/trustlevel: Specifies the authorization level at which the application runs.

/user:UserAccountName: Specifies the name of the user account under which the program will run. For stand-alone users, the following format can be used:

/user:UserName@ComputerName

or /user:ComputerNameUserName

The UserName here should use a specific user account. Instead, ComputerName refers to the computer name.

For users of domains or workgroups, you can use the following format:

/user:UserNme@DomainName(WorkGroupName)

or /user:DomainName(WorkGroupName)UserName < Br>

The DomainName (WorkGroupName) here refers to the domain name of the domain where the computer is located (or the name of the working group).

program: Specify the program or command to run. You can use the Runas command to launch any application, MMC console project, or Control Panel project. It should be noted here that not all projects can be started with Runas, such as the "Printers" folder and desktop items.

Application Examples:

To give the Runas command "show" its extraordinary skill, here is an example. Suppose you want to run Group Policy as Administrator:

(1) Open the "Run" dialog box, type "cmd" and press Enter to open the DOS command window;

(2) in the command At the prompt, type "runas /profile /user:ourcomputeradministrator "mmc gpedit.msc"" and press Enter;

(3) Next, the system will prompt for the password of the administrator account. Note that this will not Show the entered account! As shown in Figure 3.

(4) If the account number and password are correct, the system will start the group policy management program as an administrator.

tips:

Obviously, if every time you start the Group Policy Management program must then enter a long list of commands, it will be very complicated indeed. Fortunately, Runas also provides the ability to create shortcuts. We just need to create a shortcut on the desktop to save the trouble of entering commands every time. Suppose we often run the "Computer Management" program as an administrator:

(1) Right-click on the blank space on the desktop and click "New → Shortcut" on the pop-up shortcut menu to open Create Shortcut wizard dialog.

(2) Enter "runas.exe /user:ourcomputeradministrator "mmc %windir%system32compmgmt.msc"" in the "Project Location" text box, and then specify the name of the shortcut according to the screen prompt, and then " Ok".

(3) In the future, just double-click the shortcut to pop up a DOS command window, prompt for the administrator password, enter the correct password and press Enter to start the “Computer Management” program.

Summary

The three user switching methods described above can be described as different. The logout menu method is the most cumbersome, but also the most thorough method; while using the "Run Identity" dialog box and the Runas command, although it is relatively simple to use, not all tasks can be completed, such as setting folder sharing.

Figure 4

Note also that: be sure to use the Fast User Switching feature, you must make sure that "Secondary Logon" service and "Fast User Switching Compatibility" service has been launched, here It is best to set it to start automatically with Windows. The way to open these two services is:

Double-click "Control Panel→Administrative Tools→Services" and find the "Fast User Switching Compatibility" service in the window. Then double-click to open the Service Properties dialog box, switch to the "General" tab, and select the "Automatic" option in the "Startup Type" drop-down list box (as shown in Figure 4), as shown. Then switch to the Dependencies tab and make sure that the dependent services displayed under it are all set to run automatically, as shown in Figure 5.

Set the "Secondary Logon" service in a similar way. Ok, now that everything is ready, you have nothing to steal!