experience—so central, in fact, that you establish your user account when you first install Windows or set up your new PC.
Of course, user accounts aren’t generally as
restrictive at home as they are at work. It’s your PC, after all, and
most people rightly feel that they should be able to do anything they
want on their PC. So that first user account you create, during Windows
Setup, is automatically an administrator-class account, providing the
permissions and access control that one would expect.
These local user accounts, or what we used to
call workgroup accounts, work well enough for what they are. And they
allow for some niceties, even at home. You can create multiple accounts
on a single PC, giving users their own sign-in identity, along with its
associated custom settings (desktop wallpapers and so on) and Windows
and application configurations.
But local user accounts are starting to show the
strain of time, and as our PC usage changes, so do the needs we place
on them. For example, most people don’t bother to protect their own
user accounts with a password, which can have huge ramifications in the
event of a stolen PC. Local accounts are literally local to that one PC
and thus hard, if not impossible, to replicate across machines; if you
have more than one PC, as so many of us do now, making each one look
and work the same is tedious. Local accounts make home network sharing
difficult, too, which is why Microsoft created the homegroup sharing
technique for Windows 7.
What’s interesting is that Microsoft basically
solved these issues over a decade ago when they instituted the Active
Directory domain services scheme in Windows Server. This system, which
is used by corporations around the world, provides a more centralized
approach to user accounts (and other things). So instead of signing in
to a single PC and locking all of your personalized settings to that
one machine, you sign in, instead, to the domain. And if you need to
access a different machine, your customized experience can travel with
you, so to speak, from PC to PC. With this scheme, the settings you
typically think of being associated with an account are no longer
locked into a single PC.
Active Directory is powerful and interesting, but
it’s also far too complex for a home network and of course requires
expensive and complex servers in addition to the PCs that people
actually use each day. So this system isn’t well-suited for regular
users at home.
So for Windows 8, Microsoft has created a new
type of user account, based on your Microsoft account (previously
called Windows Live ID) that provides many of the niceties of Active
Directory but with none of the complexity. In fact, for most people,
signing in to a Windows 8 PC with a Microsoft account is just as easy
as doing so with a traditional local account. But there are numerous
advantages to doing so.
So let’s examine them as part of a wider discussion about the types of accounts you can use with Windows 8.
1. Understanding Account Types
Windows 8 lets you sign in using three different types of accounts: domain, local, and Microsoft.
Domain Accounts
Domain accounts are used by
corporations that utilize an Active Directory infrastructure running on
top of Windows Server. The account is centrally managed by your
employer, as are whatever permissions and capabilities you may be able
to enjoy.
You connect Windows 8 to a domain as you did with
previous Windows versions, using the advanced system control panel.
Once the domain is configured, you reboot the PC and then sign in with
your domain account’s username and password. In use, Windows 8 works
almost identically to a local user account, but you lose some of the
integration pieces that are special to Microsoft account sign-ins. As
we’ll see in just a bit, there is a simple way to mitigate that issue.
Local Accounts
In Windows XP, Vista, and 7, most home
users signed in to their PC using a local account, or an account that
is, literally, local to that one PC. Local accounts are typically one
of two account types, administrator or standard. An administrator
essentially has complete control of the system and can make any
configuration changes they want. A standard user can use most
application software and many Windows services, but is prevented from accessing features that could harm the system. For example, standard users cannot install most applications, change the system time, or access certain Control Panel applets.
You can bypass this limitation by entering
the credentials for an administrator account.
In previous Windows versions, most people simply
used an administrator-type account because standard user accounts were
so limiting and annoying. But with the move to multi-PC households and
the PC-to-PC sync capabilities one gets with using a Microsoft account
instead of a local account, our expectation is that the vast majority
of Windows 8 users will no longer use local accounts. It’s still
supported, of course, but it’s just depreciated.
Microsoft Accounts
Signing in to a Microsoft account is
now the default, and preferred, way of doing things. A Microsoft
account provides you with all of the benefits of a local
account—simplicity and the ability to have both administrators and less
privileged users—plus the benefits of the multi-PC settings replication
of a domain account, and, of course, integration with Microsoft’s
online services and third-party services like Facebook, Twitter, and
more.
But the Microsoft account is more than a nicety.
It’s required for many of the Metro-style apps that are built into
Windows 8, including the productivity apps—Mail, Calendar, People, and
Messaging—the digital media and Xbox apps—Xbox Music, Xbox Video, and
Xbox LIVE Games—and more. Windows 8 was designed to integrate deeply
with a Microsoft account, much like Windows Phone before it. And a
Microsoft account is super easy to use.
For these reasons, we believe that signing in
with a Microsoft account is the obvious choice for most Windows 8
users.
There’s just one problem. In some cases, you
can’t sign in to your PC with a Microsoft account the first time you
set up Windows 8. For example, if your PC is offline the first time you
use Windows 8, a Microsoft account won’t even be offered. But the more
obvious example, perhaps, is a work PC: There’s no way that corporate
will let you or other users bypass the built-in security features of
their carefully crafted policies and sign in with your personal
Microsoft account.
If only there was a way around this limitation.
