This information is provided as a basic introduction to Windows NT/2000 security and user rights. It is by no means complete on either of these issues. For more information see the Windows NT/2000 Resource Kit, or other Windows NT/2000 books.
Windows NT/2000 vs. Windows 9x.
One of the differences between NT/2000 and Windows 9x is its security model. This is the structure in which Windows determines what a user can and cannot do on the computer station. In Windows 9x the user name and password tells the stand-alone station who is currently using the computer. The Windows 9x user profile also houses information concerning desktop setting and user preferences as well as an identity and access permissions for the network. Network user rights are set up by the network administrator on the server. In this system the user has full control of the 9x station, but is subject to the network permissions set by the administrator.
NT/2000 Security, on the other hand, allows users to setup their information and network permissions via the NT/2000 workstation from which they are logging on. Also, user accounts can be restricted to specific areas and functions within the individual workstation. All actions that are performed on an NT/2000 station must be performed in the context of some user.
Services on NT/2000.
Services are special applications for NT/2000 that can remain active even when no user(s) is logged on. They can only be installed and disabled by an administrator. You can view the services currently installed on the NT/2000 Workstation via the services control panel.
The advantage to NT/2000 services is that they run as another user on the system when the system starts. This means that even though a person logs in, does some work and then logs out, the service never stops running. AutoMate's NT/2000 service version allows a user to set up a task (like backing up data), log out and still have the task complete itself at the desired time or on a trigger. This AutoMate™ task will still run because the AutoMate™ launcher is a user that is always logged in, therefore NT/2000 will allow this task to run.
AutoMate™ and NT/2000 security.
Because AutoMate™ is always running, it must be a registered user on the system just like all other services. Services log themselves in under a special account called "system". Normally "system" users have access rights to areas in Windows NT/2000 that normal user accounts do not. For that reason AutoMate's "system" rights are stripped away so that a general user can not ask AutoMate™ to do things he or she would not normally be able to do.
Because AutoMate™ has no rights, every task must have a user name and password so that NT/2000 will allow this task to continue. If you try to launch a task and there is no user defined, NT/2000 will ignore any and all requests made by that task. This is why there needs to be a login step in an AutoMate™ task.
There is a default user section under preferences that the admin for the machine can set up so that if no Login step is included in a task, the task will default to this user. See the readme_NT/2000.txt file for more info on this.
NT/2000 and User Interface
When NT/2000 is either:
Running a screen saver, or
Locked, or
Logged out,
NT/2000 will hide the user interface of processes that are running. This prevents all keystrokes from going to a window and also prevents mouse clicks. This is why AutoMate™ has included the "Create Desktop" and "Make Interactive" choices in the Login step. There is no need to create a desktop for a task that will be run when there is a user logged in and using the system.
Notes
When you create a desktop, even if it is for the user that is currently logged into the system, AutoMate™ will create another instance of that user. When doing this you should always use Logout as the last step so that there are not two users on the system.
If you do not use the "Create Desktop" and you include the Logout step, it will logout the current user from the system.
See Also:
NT/2000 Specific Security Notes
Setting Up A Default User Account