11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 5: Account Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.
5.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.
Module 2: Managing User and Computer Accounts
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Working with Workgroups and Domains
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
MCSE GUIDE TO MICROSOFT WINDOWS 7 Chapter 6 User Management.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 User Account Administration Introduction to User Accounts Planning New User Accounts Creating User Accounts Creating User Profiles Creating Home Directories.
Guide to Operating System Security Chapter 4 Account-based Security.
6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Chapter 7: WORKING WITH GROUPS
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
Security Planning and Administrative Delegation Lesson 6.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Module 7 Active Directory and Account Management.
Module 2: Managing User and Computer Accounts. Overview Creating User Accounts Creating Computer Accounts Modifying User and Computer Account Properties.
70-270: MCSE Guide to Microsoft Windows XP Professional 1 Windows XP Professional User Accounts Designed for use as a network client for: Windows NT Windows.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
NetTech Solutions Supporting Local Users and Groups Lesson Three.
NetTech Solutions Security and Security Permissions Lesson Nine.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
Hands-On Microsoft Windows Server Implementing User Profiles A local user profile is automatically created at the local computer when you log on.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Active Directory Administration
Chapter 8: Managing Accounts and Client Connectivity
Presentation transcript:

11 WORKING WITH USER ACCOUNTS Chapter 6

Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain user accounts. Plan, create, and manage local and domain user accounts. Create and manage user accounts by using templates, importation, and command-line tools. Manage user profiles. Understand the purpose and function of profiles. Troubleshoot user authentication issues. Understand the differences between local user and domain user accounts. Plan, create, and manage local and domain user accounts. Create and manage user accounts by using templates, importation, and command-line tools. Manage user profiles. Understand the purpose and function of profiles. Troubleshoot user authentication issues.

Chapter 6: WORKING WITH USER ACCOUNTS3 UNDERSTANDING USER ACCOUNTS Local user accounts stored in the Security Accounts Manager (SAM) database on that system Can be used only on that system Domain user accounts Stored in Active Directory on domain controllers Can be used on any system in Active Directory Local user accounts stored in the Security Accounts Manager (SAM) database on that system Can be used only on that system Domain user accounts Stored in Active Directory on domain controllers Can be used on any system in Active Directory

Chapter 6: WORKING WITH USER ACCOUNTS4 WORKGROUPS No centralized database of user accounts User account must exist in the SAM of each system the user accesses Impractical in environments with more than 10 users No centralized database of user accounts User account must exist in the SAM of each system the user accesses Impractical in environments with more than 10 users

Chapter 6: WORKING WITH USER ACCOUNTS5 DOMAINS

Chapter 6: WORKING WITH USER ACCOUNTS6 PLANNING USER ACCOUNTS OVERVIEW Account naming Choosing passwords Designing an Active Directory hierarchy Account naming Choosing passwords Designing an Active Directory hierarchy

Chapter 6: WORKING WITH USER ACCOUNTS7 ACCOUNT NAMING Account names can be up to 256 characters Account names authentication credential can be between 1 and 20 characters (letters and/or numbers). For names longer than 20 characters the first 20 must be unique. Account names are not case sensitive. The following characters cannot be used in the account name: " / \ [ ] : ; |, + = * Account names can be up to 256 characters Account names authentication credential can be between 1 and 20 characters (letters and/or numbers). For names longer than 20 characters the first 20 must be unique. Account names are not case sensitive. The following characters cannot be used in the account name: " / \ [ ] : ; |, + = *

Chapter 6: WORKING WITH USER ACCOUNTS8 STRONG PASSWORDS Cannot be easily guessed or broken by a password cracking program. Use password policy: Enforce strong password (PASSFILT.DLL) Must be six characters long At least three (3) of the following four (4) classes: Upper case Lower case Westernized Arabic numeral (0 – 9) Special characters Cannot contain user name or any part of full name Example: Up2Lower5 Cannot be easily guessed or broken by a password cracking program. Use password policy: Enforce strong password (PASSFILT.DLL) Must be six characters long At least three (3) of the following four (4) classes: Upper case Lower case Westernized Arabic numeral (0 – 9) Special characters Cannot contain user name or any part of full name Example: Up2Lower5

Chapter 6: WORKING WITH USER ACCOUNTS9 ACCOUNT PASSWORD POLICY

Chapter 6: WORKING WITH USER ACCOUNTS10 DESIGNING AN ACTIVE DIRECTORY HIERARCHY Create an organizational unit (OU) structure Place users in appropriate OU Provides for features such as group policy Create an organizational unit (OU) structure Place users in appropriate OU Provides for features such as group policy

Chapter 6: WORKING WITH USER ACCOUNTS11 WORKING WITH LOCAL USER ACCOUNTS

Chapter 6: WORKING WITH USER ACCOUNTS12 CREATING A LOCAL USER ACCOUNT

Chapter 6: WORKING WITH USER ACCOUNTS13 MANAGING LOCAL USER ACCOUNTS

Chapter 6: WORKING WITH USER ACCOUNTS14 WORKING WITH DOMAIN USER ACCOUNTS

Chapter 6: WORKING WITH USER ACCOUNTS15 CREATING A DOMAIN USER ACCOUNT

Chapter 6: WORKING WITH USER ACCOUNTS16 MANAGING DOMAIN USER ACCOUNTS From the Action menu, you can: Reset a user account password. Rename, disable, and delete an account. Modify group membership. Send and open a user’s homepage. From the Action menu, you can: Reset a user account password. Rename, disable, and delete an account. Modify group membership. Send and open a user’s homepage.

Chapter 6: WORKING WITH USER ACCOUNTS17 THE GENERAL TAB

Chapter 6: WORKING WITH USER ACCOUNTS18 THE ADDRESS TAB

Chapter 6: WORKING WITH USER ACCOUNTS19 THE TELEPHONES TAB

Chapter 6: WORKING WITH USER ACCOUNTS20 THE ORGANIZATION TAB

Chapter 6: WORKING WITH USER ACCOUNTS21 THE ACCOUNT TAB

Chapter 6: WORKING WITH USER ACCOUNTS22 THE PROFILE TAB

Chapter 6: WORKING WITH USER ACCOUNTS23 THE MEMBER OF TAB

Chapter 6: WORKING WITH USER ACCOUNTS24 THE TERMINAL SERVICES PROFILE TAB

Chapter 6: WORKING WITH USER ACCOUNTS25 THE ENVIRONMENT TAB

Chapter 6: WORKING WITH USER ACCOUNTS26 THE REMOTE CONTROL TAB

Chapter 6: WORKING WITH USER ACCOUNTS27 THE SESSIONS TAB

Chapter 6: WORKING WITH USER ACCOUNTS28 THE DIAL-IN TAB

Chapter 6: WORKING WITH USER ACCOUNTS29 THE COM+ TAB

Chapter 6: WORKING WITH USER ACCOUNTS30 MANAGING MULTIPLE USERS

Chapter 6: WORKING WITH USER ACCOUNTS31 MOVING USER OBJECTS

Chapter 6: WORKING WITH USER ACCOUNTS32 CREATING MULTIPLE USER OBJECTS Using object templates Using Csvde.exe Using Dsadd.exe Using object templates Using Csvde.exe Using Dsadd.exe

Chapter 6: WORKING WITH USER ACCOUNTS33 USING OBJECT TEMPLATES Can be an existing user account or an account created specifically for copying. Not all properties are copied. A new SID is generated for the new object Generic user object templates should be assigned a password and disabled to prevent use of the account. Can be an existing user account or an account created specifically for copying. Not all properties are copied. A new SID is generated for the new object Generic user object templates should be assigned a password and disabled to prevent use of the account.

Chapter 6: WORKING WITH USER ACCOUNTS34 IMPORTING USER OBJECTS USING CSV DIRECTORY EXCHANGE Useful for creating large numbers of users at a time. Step 1: Create a comma-separated value (CSV) text file of user information. Step 2: Use Csvde.exe to import the user information from the CSV file into Active Directory. Useful for creating large numbers of users at a time. Step 1: Create a comma-separated value (CSV) text file of user information. Step 2: Use Csvde.exe to import the user information from the CSV file into Active Directory.

Chapter 6: WORKING WITH USER ACCOUNTS35 CREATING USER OBJECTS WITH DSADD.EXE Command-line utility Can be used in batch files or scripts Can be used to add other objects as well as users Command-line utility Can be used in batch files or scripts Can be used to add other objects as well as users

Chapter 6: WORKING WITH USER ACCOUNTS36 MODIFYING USER OBJECTS WITH DSMOD.EXE Command-line utility Can be used in batch files or scripts Can be used only to modify existing objects Command-line utility Can be used in batch files or scripts Can be used only to modify existing objects

Chapter 6: WORKING WITH USER ACCOUNTS37 MANAGING USER PROFILES Allows each user to have a customized working environment Preserves application settings, shortcuts, and preferences Ensures that users do not affect each other’s work environment Allows each user to have a customized working environment Preserves application settings, shortcuts, and preferences Ensures that users do not affect each other’s work environment

Chapter 6: WORKING WITH USER ACCOUNTS38 USER PROFILE CONTENTS User-stored documents and files Application configurations and settings Desktop and environment settings Control Panel settings and configurations User-stored documents and files Application configurations and settings Desktop and environment settings Control Panel settings and configurations

Chapter 6: WORKING WITH USER ACCOUNTS39 USER PROFILE DIRECTORY STRUCTURE

Chapter 6: WORKING WITH USER ACCOUNTS40 USING LOCAL PROFILES Stored on the local system Available only when the user logs on to that system Can be modified by the user as needed Stored on the local system Available only when the user logs on to that system Can be modified by the user as needed

Chapter 6: WORKING WITH USER ACCOUNTS41 USING ROAMING PROFILES Allows a user to have the same working environment from any client computer she logs on to. Central storage provides for easier backup. Allows a user to have the same working environment from any client computer she logs on to. Central storage provides for easier backup.

Chapter 6: WORKING WITH USER ACCOUNTS42 USING MANDATORY PROFILES Can be either local or roaming. User can make changes, but changes are not saved when user logs off. Renaming Ntuser.dat to Ntuser.man designates profile as mandatory. Can be either local or roaming. User can make changes, but changes are not saved when user logs off. Renaming Ntuser.dat to Ntuser.man designates profile as mandatory.

Chapter 6: WORKING WITH USER ACCOUNTS43 MONITORING AND TROUBLESHOOTING USER AUTHENTICATION Using password policies Using account lockout policies Using password policies Using account lockout policies

Chapter 6: WORKING WITH USER ACCOUNTS44 USING PASSWORD POLICIES Provides a mechanism to control password use in the organization. Should strike a balance between usability and security. Creating a password policy that is too demanding increases password-related support calls. Provides a mechanism to control password use in the organization. Should strike a balance between usability and security. Creating a password policy that is too demanding increases password-related support calls.

Chapter 6: WORKING WITH USER ACCOUNTS45 USING ACCOUNT LOCKOUT POLICIES Account Lockout Threshold Account Lockout Duration Reset Account Lockout Counter After Account Lockout Threshold Account Lockout Duration Reset Account Lockout Counter After

Chapter 6: WORKING WITH USER ACCOUNTS46 ACTIVE DIRECTORY CLIENTS Windows 2000, Windows XP, and Windows Server 2003 include full Active Directory client capabilities. Windows 95, Windows 98, Windows Me, and Windows NT 4 require additional client software to gain full Active Directory functionality. Windows 2000, Windows XP, and Windows Server 2003 include full Active Directory client capabilities. Windows 95, Windows 98, Windows Me, and Windows NT 4 require additional client software to gain full Active Directory functionality.

Chapter 6: WORKING WITH USER ACCOUNTS47 AUDITING AUTHENTICATION Allows you to track failed and successful logon attempts Can form part of a security policy Creates minimal system overhead in all but largest environments Allows you to track failed and successful logon attempts Can form part of a security policy Creates minimal system overhead in all but largest environments

Chapter 6: WORKING WITH USER ACCOUNTS48 SUMMARY Local user accounts are stored on the local system and can provide users with access only to local resources. Domain user accounts are stored on Active Directory domain controllers and can provide users with access to resources all over the network. User objects include the properties related to the individuals they represent. A user object template is an object that is copied to produce new users. If the template is not a “real” user, it should be disabled. Only a subset of user properties is copied from templates. Windows Server 2003 includes command-line tools that you can use to create and manage Active Directory objects, including Csvde.exe, Dsadd.exe, and Dsmod.exe. Local user accounts are stored on the local system and can provide users with access only to local resources. Domain user accounts are stored on Active Directory domain controllers and can provide users with access to resources all over the network. User objects include the properties related to the individuals they represent. A user object template is an object that is copied to produce new users. If the template is not a “real” user, it should be disabled. Only a subset of user properties is copied from templates. Windows Server 2003 includes command-line tools that you can use to create and manage Active Directory objects, including Csvde.exe, Dsadd.exe, and Dsmod.exe.

Chapter 6: WORKING WITH USER ACCOUNTS49 SUMMARY (continued) A user profile is a collection of folders and data that make up the desktop environment for a specific user. Windows Server 2003 generates an individual user profile for each person who logs on to the system. Local user profiles are stored on the local drive, whereas a roaming user profile is stored on a network server. A mandatory user profile is one that never changes, providing the same desktop configuration each time the user logs on. Auditing for authentication allows you to track logon activity for the network. A user profile is a collection of folders and data that make up the desktop environment for a specific user. Windows Server 2003 generates an individual user profile for each person who logs on to the system. Local user profiles are stored on the local drive, whereas a roaming user profile is stored on a network server. A mandatory user profile is one that never changes, providing the same desktop configuration each time the user logs on. Auditing for authentication allows you to track logon activity for the network.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.