Creating and Managing User Accounts

Overview Introduction to User Accounts Guidelines for New User Accounts Creating Local User Accounts Creating and Configuring Domain User Accounts Setting Properties for Domain User Accounts Customizing User Settings with User Profiles Best Practices

Introduction to User Accounts Local User Accounts Enable users to log on and access resources on a specific computer Reside in SAM Domain User Accounts Enable users to log on to the domain to gain access to network resources Reside in Active Directory Built-in User Accounts Enable users to perform administrative tasks or gain temporary access to network resources Reside in SAM (local built-in user accounts) Reside in Active Directory (domain built-in user accounts) Administrator and Guest

Guidelines for New User Accounts Naming Conventions Password Guidelines Account Options

Naming Conventions User Logon Names and Full Names Must Be Unique Can contain up to 20 characters uppercase or lowercase characters, except for the following" / \ [ ] : ; | = , + * ? < > Can include a combination of special alphanumeric characters A Naming Convention Should: Accommodates duplicate employee names Identifies temporary employees

Password Guidelines Assign a Password for the Administrator Account Determine Who Has Control over Passwords Educate Users on How to Use Passwords Avoid obvious associations, such as a family name Use long passwords Use a combination of uppercase and lowercase characters

Account Options Set Logon Hours to Match Users’ Work Hours Specify the Computers from Which a User Can Log On Domain users can log on at any computer in the domain, by default Domain users can be restricted to specific computers to increase security Specify When a User Account Expires

Creating Local User Accounts Local User Accounts Are: New User User name: JYoung Full name: Description: Jonathan Young Password: ********** Confirm: User must change password at next logon User cannot change password Password never expires Account is disabled Close Create Created on Computers Running Windows 2008 Professional Created on Stand- alone or Member Servers Running Windows 2008 Server or Windows 2008 Advanced Server Reside in SAM

Creating and Configuring Domain User Accounts Installing Windows 2008 Administration Tools Creating a Domain User Account Setting Password Requirements Managing User Data by Creating Home Folders

Installing Windows 2008 Administration Tools Setup options Select the action you want the Setup Wizard to perform. Uninstall the Administrative Tools Click an option and then click Next. Install all of the Administrative Tools Description Install / Reinstall all components of the Windows 2000 Administration Tools. Windows 2000 Administration Tools Setup Wizard < Back Active Directory Domains and Trusts Active Directory Sites and Services Active Directory Users and Computers Component Services Component Management Configure your Sever Data Sources (ODBC) DHCP Distributed File System DNS Domain Controller Security Policy Domain Security Policy Event Viewer Internet Services Manager Licensing Local Security Policy Performance Routing and Remote Access Server Extensions Administrator Services Telnet Server Administration The tools appear on the Administrative Tools menu After you install Administration Tools, use the runas command to run the tools

Creating a Domain User Account Console Active Directory Users and Computers Window Help Action View Tree Name Type Description Users 20 objects Active Directory Users and Comp nwtraders.msft Builtin Computers Domain Controllers ForeignSecurityPrincipals LostAndFound System Users Administrator Cert Publishers DNSAdmins DNSUpdateProxy Domain Admins Domain Computers Domain Guests User Security Group - Global Security Group - Domain Local Built-in account Enterprise certi DNS clients who Designated adm All workstations All domain cont All domain gues DNS Administra Find… New All Tasks View New Window from Here Refresh Export List… Properties Help Computer Contact Group Printer Shared Folder User Create in: nwtraders.msft/Users First name: Last name: Full name: Judy Lew Judy A. Lew Initials: A User logon name: judy1 @nwtraders.msft User logon name (pre-Windows 2000): NWTRADERS\ < Back Next > Cancel New Object - User Delegate Control…

Setting Password Requirements New Object - User Create in: nwtraders.msft/Users Password: ******** Confirm Password: ******** User must change password at next logon User cannot change password Password never expires Account is disabled < Back Next > Cancel

Managing User Data by Creating Home Folders Consider the Following When You Create a Home Folder: Backup and restore capability Sufficient space on the server Sufficient space on users’ computers Network performance To Create a Home Folder: Create a shared folder on a server Assign the appropriate permission Provide a path for the user account \Home User1 User2 User3

Setting Properties for Domain User Accounts Setting Personal Properties Setting Account Properties Specifying Logon Options Copying Domain User Accounts Creating User Account Templates

Setting Personal Properties Add Personal Information About Users As Stored in Active Directory Use Personal Properties to Search Active Directory Active Directory Student 01 Properties Remote control User01 Terminal Services Profile Member Of Dial-in Environment Sessions General Address Account Profile Telephones Organization

Setting Account Properties Use 01 Properties Remote control Terminal Services Profile User02 User User03 User User04 User User05 User User06 User User01 User Member Of Dial-in Environment Sessions General Address Account Profile Telephones Organization User logon name: Copy… Add members to a group…… Reset Password… Disable Account Move… Open home page Send mail Delete Rename Refresh Properties Help User01 @nwtraders.msft User logon name (pre-Windows 2000): NWTRADERS\ Student01 Logon Hours… Log On To… Account is locked out Account options: User must change password at next logon User cannot change password Password never expires Store password using reversible encryption Account expires: Never End of: Wednesday, November 24, 1999 OK Cancel Apply

Specifying Logon Options Logon Hours for User01 OK Cancel 12 2 4 6 8 10 . Logon Permitted Logon Denied All Sunday Monday Tuesday Wednesday Thursday Friday Saturday Default Logon Workstations This feature requires the NetBIOS protocol. In Computer name, type the pre-Windows 2000 computer name. This user can log on to: All computers The following computers Computer name: Brisbane Perth OK Cancel Add Edit Remove

Copying Domain User Accounts Copy an Existing Domain User Account to Simplify the Process of Creating a New Domain User Account. Domain User Account (User1) Account (User2) Copy Domain User2 Domain User1

Creating User Account Templates Console Active Directory Users and Computers Window Help Action View Tree Name Type Description Users 28 objects Active Directory Users and Compu nwtraders.msft Builtin Casablanca Computers Denver OU Domain Controllers ForeignSecurityPrincipals Administrator Cert Publishers DHCP Administrators DHCP Users DnsAdmins DnsUpdateProxy Domain Admins Domain Computers ount f certifi o hav strato who Users Portland Seattle StudentOU Tunis Vancouver OU Domain Guests Domain Users Enterprise Admins Group 01 _Sales Template User Copy… Add members to a group… Enable Account Reset Password… Move… Open home page Send mail All Tasks Delete Rename Refresh Properties Creates a new user, copying information from the selected user. admi ions ontro uest aser Copy Object - User Create in: nwtraders.msft/Users First name: Last name: Full name: sales user1 sales user1 Initials: User logon name: salesuser1 @nwtraders.msft User logon name (pre-Windows 2000): NWTRADERS\ < Back Next > Cancel Set Up a User Account as a Template Account Create a User Account by Coping the Template Account

Customizing User Settings with User Profiles User Profile Types

User Profile Types Default User Profile Local User Profile Display Default User Profile Serves as the bases for all user profiles Local User Profile Created the First Time a User Logs on to a Computer Stored on a Computer's Local Hard Disk Modify Save Regional Settings User Profile Mouse Sounds Profile Windows 2008 Client Roaming User Profile Created by the System Administrator Stored on a server Mandatory User Profile Display Regional Settings Mouse Sounds Windows 2008 Client Profile Server Windows 2008 Client

Best Practices Rename the Administrator Account Create a User Account with Administrative Rights Create a User Account for Non-Administrative Tasks Enable the Guest Account Only in Low Security Networks Create Random Initial Passwords Require New Users to Change Their Passwords Set Account Expiration Dates for Temporary Employees