It's one of the known nuisances introduced by Windows XP that all long time NT and 2K users (at the time) reported as being a senseless change.
Since the dawn of time any NT 3/4 and 2K users have logged in with the name "Administrator".
The "intended use" on a NT system of the user "Administrator" has always been that of being used ONLY in exceptional occasions and have a more "normal" account for everyday use (not unlike "root" is on a Linux system).
So, the "canonical" way has always been that of having at least two accounts one called "Administrator" with administrator powers
and another one (with whatever powers/privileges one sees fit).
This is because the "intended" target was "enterprise".The fact that a number of users - normally NOT "enterprise" ones, liked to have one account only (the "Administrator" one) is marginal as it is outside the WHOLE concept of security and permissions.
But, unless you knew that an "Administrator" account existed, you were NOT prompted to login with one, as the login in NT and 2K shows only "last user logged", most people in an enterprise setup only knew it existed because they saw the "IT guy" accessing it.
XP, as I like to say, is 2K with added a toyish look but it was intended to be the one-size-fits-all for everyone, form the large company to the home user.
Among the "toyish look" added is the new login screen that actually lists all the users on the machine (together with a senseless icon).
So, instead of plainly documenting (in a proper way) WHY there should be only one (the "Administrator") account with Administrator powers and another one with lesser powers to be used everyday, the good MS guys made the choice of:
- make the Administrator account "hidden" in XP Pro <-so that the user in an "enterprise" doesn't even know that it exists, and the IT guy makes for the user "another" account
- make the Administrator account "hidden" in XP Home AND make it only accessible in Safe mode <- the actual reason for this is still to be AFAICR guessed properly
The actual issue being that the "classes" or "groups" of users in XP are still the same as the good ol' NT ones, as said aimed EXCLUSIVELY to the "enterprise" world.
Raise your hand you that have been elected
"backup operator" or "replicator" in your house
and thus have an acoount with those provileges.
Raise your hand you that have thought that "Power user" was too high a rank for your knowledge
of the OS (BTW that is the "right" setting for "everyday use" of an "advanced" user)http://www.microsoft...s.mspx?mfr=true
Besides some being, like "backup operator" and "replicator" absolutely senseless, the "default" groups have not sufficient "granularity" of the "privileges" by default accompanying these groups http://www.microsoft...s.mspx?mfr=true
and creating a new group and checking all the "right" permissions is on of the biggest PITA ever invented by MS.
Obviously the "other" account was made with "very limited" privileges in the actual "enterprises" and as "full privileges" (i.e. same powers of the "Administrator") one on all the rest
of the PC's (thus COMPLETELY vanifying the whole idea of "limited privileges" security in the large majority of installs).
Even in most enterprises, once the IT guy has been called n
times to solve an issue or install a program by an user that had been given the plain "user" privileges, he/she got fed up and decided that it is much easier to give full power to the user and when and if the install gets screwed, re-deploy the OS form a backup or outright install it from scratch (who in IT ever cared about user's data outside the strictly complying to company policies ones?)
Since it was a complete fail, when Vista
came out, MS, again INSTEAD of properly documenting the reasons why, tried to enforce the idea with the UAC.
And obviously, again everyone found a way to diasable UAC and going on as before.
Edited by jaclaz, 04 October 2012 - 12:23 PM.