Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz 23-01-12.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Administering Active Directory
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Understanding Workgroups and Active Directory Lesson 3.
Working with Workgroups and Domains
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2008
1 User Account Administration Introduction to User Accounts Planning New User Accounts Creating User Accounts Creating User Profiles Creating Home Directories.
Guide to Operating System Security Chapter 4 Account-based Security.
6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.
User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.
IOS110 Introduction to Operating Systems using Windows Session 7 1.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Designing Active Directory for Security
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Securing AD DS Module A 3: Securing AD DS
Security Planning and Administrative Delegation Lesson 6.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
70-270: MCSE Guide to Microsoft Windows XP Professional 1 Windows XP Professional User Accounts Designed for use as a network client for: Windows NT Windows.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
NetTech Solutions Supporting Local Users and Groups Lesson Three.
NetTech Solutions Security and Security Permissions Lesson Nine.
Module 10: Implementing Administrative Templates and Audit Policy.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
6/19/2016 أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 4.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Configuring Windows Firewall with Advanced Security
Active Directory Administration
Creating and Managing User Accounts
Greta Mameniskyte IV course 3rd group
Chapter 8: Managing Accounts and Client Connectivity
Presentation transcript:

Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz

Windows Server 2003 Overview 2 Account Management Process by which administrator configures the network to allow users Access to what they need No access to things they don’t need Each user account is represented on the network as an object (their username) that has membership in one or more groups

Windows Server 2003 Overview 3 Planning Plan, plan, plan Don’t just start adding users and other objects Set up organizational units and groups before adding other objects

Windows Server 2003 Overview 4 Objects Every element on the network from people to machines represented in the AD by an object Represent one specific element with its own properties and configuration elements Active Directory Users and Computers Administrative Tools tool that allows administrator to manage users, groups, and other elements of the AD

Windows Server 2003 Overview 5 Organizational Units Way to logically organize resources within the domain Identify any groups or resources in organization that need to be kept separate from other areas “Container”: Any object in the directory into which other objects can be placed. Can delegate separate administrative control Example Departments

Windows Server 2003 Overview 6 Rights & Permissions Rights Allow you to do a task Permissions (Perms) Concern type of access to a particular resource Example User has right to log on to the network and must also have perm to use a particular resource

Windows Server 2003 Overview 7 Groups Plan your groups User accounts are created to identify individuals on the network Groups Objects that enable a number of users to be administered as a “single account” Groups are created for the purpose of assigning permissions Users can be assigned perms directly buy not recommended Create groups instead, even if group only has 1 member!

Windows Server 2003 Overview 8 Types of Groups NT 4 Global groups Local groups Windows Server 2003 Domain local groups Global groups Universal groups Local groups Windows Server 2003 has a number of built-in groups of each type

Windows Server 2003 Overview 9 Group Types con’t. Universal Groups Users from any domain can be members Can be given permissions to resources in any domain Generally used only in large multidomain networks No built-in universal groups Local Groups Used to assign permissions only to resources that are on the machine the groups was created on Available when AD not installed

Windows Server 2003 Overview 10 Domain Local Group Scope Members include: Allows user accounts from any domain to be members Global and universal groups from any domain Domain local groups from same domain Can only access resources within domain they are created in Generally used to identify resources that have a similar function on the network Groups with domain local scope should be used to define and manage resources within a single domain

Windows Server 2003 Overview 11 Global and Universal Group Scope Global Group Members include: User accounts from same domain Global groups from the same domain One user may be a member of several global groups Can access resources in any domain Generally used to organize users with similar roles in the organization Universal Group Members include: User from any domain can be members Global groups from any domain Universal groups from any domain

Windows Server 2003 Overview 12 Domain Local Group Scope Scenario Example: To give 5 users access to a particular printer (resource); create a domain local group and assign it permission to access the printer (resource). Put the 5 user accounts in a global group and add this group to the domain local group. In the future, if you want to give these 5 users access to a new printer (resource), assign the domain local group permission to access the new printer (resource). All members of the global group will automatically receive access to the new printer (resource).

Windows Server 2003 Overview 13 Microsoft “Way” Group Membership Create user and place into one or more global groups Global groups are then placed into domain local groups Domain local groups are given permissions to the resources

Windows Server 2003 Overview 14 AGLP and UGLR AGLP Accounts into Global groups, into Domain Local groups, which are given permissions to the resources UGLR Users into Global groups, into Domain Local groups, permissions assigned to Resources

Windows Server 2003 Overview 15 Creating a Group Built-in groups Default groups Create your own ADUC tool Select a container for the new group Create the group using the New Object-Group window Add users to the group now or later using right-click Properties, Members tab, and selecting users Can also add groups to other groups

Windows Server 2003 Overview 16 Reasons for Using Groups Easier to organize permissions by groups than on an individual basis AGLP “standard” known MCSE tests want the “right” way (the Microsoft way)

Windows Server 2003 Overview 17 Five Default Groups Not based on who the user is, but rather on how they are connected to a resource Cannot configure through AD but can be used when setting permissions Everyone: all users are members!!!!! Authenticated Users Creator Owner: user who created resource Network: users accessing shares Interactive: users logged on locally

Windows Server 2003 Overview 18 Distribution and Security Groups Distribution groups Used only with applications such as Exchange to send to collections of users Security groups Used to assign access to network resources Rights: Tasks users can perform in a domain; some automatic such as Backup Operators Permissions: Determine who can access a resource and the level of access Assign permission to the resource using security groups rather than individual users

Windows Server 2003 Overview 19 User Accounts Matching users with resources they need Users represent a “role” in the company, not “individuals” Individual users “should not” have any permissions to resources Never give explicit user permissions to resources Difficult to manage for administrator Groups have the permissions

Windows Server 2003 Overview 20 Default Account: Administrator Most powerful account on the domain Full control Cannot delete or removed Can be renamed Can be disabled Access to all resources and configuration information Need strong password Automatically a member of Administrators, Domain Admins, etc.

Windows Server 2003 Overview 21 Default Account: Guest Guest For people who don’t have a user account in the domain No password required Default is disabled Provide anonymous access to certain resources on the network Low security option Might use for visitor access in a kiosk for read-only access

Windows Server 2003 Overview 22 Creating User Accounts Develop acceptable naming convention Auditors prefer user account names! Create a user account for every individual on the network Use ADUC Select container you wish to create the user in Default is the Users Folder or can place user in an organizational unit Right-click, New, User, enter information

Windows Server 2003 Overview 23 User Configuration DataDescription First NameUser’s first name Last NameUser’s last name NameFull name User Logon NameUnique name within AD Downlevel Logon NameUsername to log on to non-Windows PasswordAuthentication to log on Confirm PasswordRetype to ensure correct User Must Change Password at Next Logon User create own password User Cannot Change Password Prevent user from changing password Password Never ExpiresOverrides password expiration options

Windows Server 2003 Overview 24 Configuring User Accounts Additional options to add or restrict account on network ADUC, right-click, Properties Informational: address, telephone Organizational: manager, department Security Account tab: logon name, logon hours, workstation restrictions, account options, account expiration Profile tab: profile, logon script, home folder Member Of tab: group memberships Dial-in tab: remote access, callback, IP address information

Windows Server 2003 Overview 25 User Account Security Logon Script: Map drives for a user Attach printers Set system or user variables Profile: standardize desktop, restrict programs and options user can use Local Roaming Mandatory Home folders: users have own workspace on server to store files Logon Hours and Workstation Restrictions: specify times and machines Account options: set password options

Windows Server 2003 Overview 26 User Authentication and Authorization Create individual user account for each user Strong passwords Reduce risk of “intelligent” guessing and dictionary attacks Account lockout policy How many failed logon attempts before account disabled Decreases possibility of attacker compromising system through repeated logon attempts

Windows Server 2003 Overview 27 Windows 2003 Policies Account policy Password restrictions and unsuccessful login attempts User Rights policy Determines what users and groups can perform specific actions on the system Audit policy Determines the amount and type of security logging System policy Can be used to provide uniform environment in a domain Group policy Applies to all members of the group they are set for unless member has an individual policy If user in multiple groups, highest priority group’s policy applies

Windows Server 2003 Overview 28 Windows 2003 Account Policy Account Policy Determines how passwords are validated and enforced Determines how unsuccessful login attempts are handled Can be set for OUs, domains, domain controllers, and local computers Password policy Account lockout policy Kerberos policy

Windows Server 2003 Overview 29 Account Policy Options User must change password at next logon Ensures user only person to know their password User cannot change password Use to maintain control over an account Password never expires Need a strong password! Store passwords using reversible encryption Allows user to log onto Windows network from Apple computers Account is disabled Prevents user from logging on Smart Card is required for interactive logon Requires user to possess a smart card to logon; requires smart card reader attached to computer and valid PIN 4 others not discussed in this class

Windows Server 2003 Overview 30 Password Policy Enforce password history Number of passwords that must be used before an old password can be reused Maximum password age If 0, passwords never need to be changed Minimum password age If 0, passwords can be changed anytime Used to prevent “recycling” back to previous Minimum password length 0-14 characters, if 0 passwords are not required Passwords must meet complexity requirements Uppercase, lowercase, numeric, and special characters Store passwords using reversible encryptions for all users

Windows Server 2003 Overview 31 Account Lockout Policy Account Lockout Threshold Number of consecutive unsuccessful logon attempts before account is locked If 0 account is not locked Account Lockout Duration How long accounts remain locked “Not defined” user is never locked out 0 to 99,999 minutes, if 0 account lockout until administrator re- enables the account Reset Account Lockout After How long between bad logon attempts before account lockout threshold counter is reset “Not defined” user is never locked out 1-99,999 minutes

Windows Server 2003 Overview 32 Kerberos Policy Used for authentication from domain controllers Enforce user logon restrictions Maximum lifetime for service ticket Maximum lifetime for user ticket Maximum lifetime for user ticket renewal Maximum tolerance for computer clock synchronization

Windows Server 2003 Overview 33 Setting Account Policies Effective when user logs off and back on again In Administrative Tools, If domain, select Domain Security Policy If domain controller, select Domain Controller Security Policy If OU, select Active Directory Users and Computers If local computer, use Control Panel Administrative Tools applet and select Local Security Policy

Windows Server 2003 Overview 34 User Rights Policies Shutdown computer from remote location Access the computer via the network User the computer locally Backup or restore directories and files Change time Delete or add device drivers Change the security logging policy Shut down the system Take file ownership

Windows Server 2003 Overview 35 Audit Policies Event Viewer allows viewing of events specified by audit policy Auditing must be enabled in the Audit Policy window System Logs system errors, driver errors, etc Security Bad logon attempts Application Each message has an event ID number Logs have “maximum” size before overwrite Be selective in auditing, creates “overhead”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.