Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1

Overview Introducing User Accounts Planning and Creating New Users Identifying User Properties Creating Local Groups Adding a User & Group in Linux Fall Nassau Community College ITE153 – Operating Systems

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Windows 7 Professional Administering User Accounts and Groups 3

Introducing User Accounts The logon process can be customized Why do this? Automation, restricted access, limited views, etc. Some choices: local security policy, registry settings, Group Policy in domains Built-in User Accounts: Administrator Guest Fall 2011 Nassau Community College ITE153 – Operating Systems 4

Introducing User Accounts - Administrator The Administrator account is disabled by default, but you can enable it When it is enabled, the Administrator account has full control of the computer, and it can assign user rights and access control permissions to users as necessary This account must be used only for tasks that require administrative credentials. Use a strong password! See Local Users and Groups best practices under LinksLocal Users and Groups best practices Fall 2011 Nassau Community College ITE153 – Operating Systems 5

Introducing User Accounts - Administrator The Administrator account is a member of the Administrators group on the computer. The Administrator account can never be deleted or removed from the Administrators group, but it can be renamed or disabled. Because the Administrator account is known to exist on many versions of Windows, renaming or disabling this account will make it more difficult for malicious users to try and gain access to it Fall 2011 Nassau Community College ITE153 – Operating Systems 6

Introducing User Accounts - Administrator Kinds of tasks performed: Creating and modifying user accounts and groups Managing security policies Assigning rights and permissions to user accounts Installing printers Installing hardware devices and drivers Changing system data and other system settings Fall 2011 Nassau Community College ITE153 – Operating Systems 7

Introducing User Accounts - Guest The Guest account is used by people who do not have an actual account on the computer A user whose account is disabled, but not deleted, can also use the Guest account The Guest account does not require a password The Guest account is disabled by default, but you can enable it, although not recommended You can set rights and permissions for the Guest account just like any user account By default, the Guest account is a member of the default Guests group, which allows a user to log on to a computer. Fall 2011 Nassau Community College ITE153 – Operating Systems 8

Introducing User Accounts - Domain We are only concerned with local accounts and groups Prerequisite for creating a domain user is a domain At least one computer on the network must be running a Windows Server product and be configured as a domain controller Active Directory is the main control mechanism Fall 2011 Nassau Community College ITE153 – Operating Systems 9

Introducing User Account - MMC Snap-in: mmc compmgmt.msc Fall 2011 Nassau Community College ITE153 – Operating Systems 10 Administrator and Guest Accounts Home directory

Lab A: Introducing User Accounts Fall Nassau Community College ITE153 – Operating Systems

Planning User Accounts - Names A naming convention establishes how users will be identified on the network. A consistent naming convention makes it easy for you and your users to remember user names and locate them in lists. User names must be unique. Domain user accounts must be unique to the domain. Local user accounts must be unique to the local computer. User names can contain up to 20 uppercase or lowercase characters except for the following: " / \ [ ] : ; | =, + * ?. Accommodate employees with duplicate names Fall 2011 Nassau Community College ITE153 – Operating Systems 12

Planning User Accounts - Passwords The next element in planning new user accounts is identifying the password requirements. Every user account should require a password. Some guidelines: Always assign the Administrator account a password to prevent unauthorized users from using the account Determine who controls the password: Assign users unique passwords and then prevent users from changing them (administrator control) Assign users an initial password and then require users to change them the first time they log on; only individual users will know their passwords. (user control) Determine whether an account needs to expire (temps, etc). Fall 2011 Nassau Community College ITE153 – Operating Systems 13

Creating a New User To create a local user account: Open Computer Management. In the console tree, click Users. On the Action menu, click New User. Type the appropriate information in the dialog box. Select or clear the check boxes for: User must change password at next logon User cannot change password Password never expires Account is disabled Click Create, and then click Close. Fall 2011 Nassau Community College ITE153 – Operating Systems 14

Creating a New User Open Computer Manager ( compmgmt.msc ) console Fall 2011 Nassau Community College ITE153 – Operating Systems 15 Right click User and click the New User

Lab B: Creating a New User Fall Nassau Community College ITE153 – Operating Systems

User Account Utility Fall 2011 Nassau Community College ITE153 – Operating Systems 17

User Account Utility Fall 2011 Nassau Community College ITE153 – Operating Systems 18

Identifying User Properties Every local user account you create has a set of default properties that can be modified in the Properties dialog box for that user. The properties dialog box contains three tabs: General – change full name or description of a user and configure password usage and account lockout Member Of – add or remove user account from a group Profile – set the path for the user profile, logon script, and home folder Fall 2011 Nassau Community College ITE153 – Operating Systems 19

Identifying User Properties Fall 2011 Nassau Community College ITE153 – Operating Systems 20

Identifying User Properties Fall 2011 Nassau Community College ITE153 – Operating Systems 21 ItemDetails Full nameProvides a space for you to type the user's complete name. DescriptionProvides a space for you to type any text that describes the user account or the user. User must change password at next logon check box Specifies whether the user must change the password at the next logon. User cannot change password check box Specifies whether the user cannot change the assigned password. This option is usually selected only for accounts that are used by more than one person, such as the Guest account. This setting has no effect on members of the Administrators group. Password never expires check box Specifies whether the password will never expire, and overrides the Maximum Password Age setting in the Password policy in Group Policy. Account is disabled check box Specifies whether the selected account is disabled. Account is locked out check box Indicates whether the account is locked out, which means that the user is not able to log on. If the check box is unavailable and cleared, the account is not currently locked out. If this check box is available and selected, the account is currently locked out. You can clear the check box to unlock the account.

Identifying User Properties Fall 2011 Nassau Community College ITE153 – Operating Systems 22 ItemDetails Member ofLists the groups that the user account is a member of. AddClick to select the group that you want to add this user account to. RemoveRemoves the user from the selected group.

Identifying User Properties Fall 2011 Nassau Community College ITE153 – Operating Systems 23 ItemDetails Profile path Provides a space for you to type a user profile path to the user account. Logon script Provides a space for you to type the name of a logon script. If the logon script is located in a subdirectory of the default logon script path, precede the file name with that relative path. Local pathSpecifies a local path as the home folder. Type a local path, for example, c:\users\erricom. ConnectSpecifies a shared network directory as the home folder for this user. Select a drive letter in the menu. ToProvides a space for you to type the network path for this user's home folder. For example, you might specify drive J, and then type \\airedale\users\dorenap.

Lab C: Identifying User Properties Fall Nassau Community College ITE153 – Operating Systems

Creating Local Groups To create a local group: Open Computer Management. In the console tree, click Groups On the Action menu, click New Group In Group name, type a name for the new group In Description, type a description of the new group To add one or more members to the new group, click Add Fall 2011 Nassau Community College ITE153 – Operating Systems 25

Creating Local Groups In the Select Users, Computers, or Groups dialog box, do the following: To add a user or group account to this group, under Enter the object names to select, type the name of the user account or group account that you want to add, and then click OK. To add a computer account to this group, click Object Types, select the Computers check box, and then click OK. Under Enter the object names to select, type the name of the computer account that you want to add, and then click OK. In the New Group dialog box, click Create, and then click Close. Fall 2011 Nassau Community College ITE153 – Operating Systems 26

Creating Local Groups Open Computer Manager ( compmgmt.msc ) console Fall 2011 Nassau Community College ITE153 – Operating Systems 27 Right click Groups and click the New Group

Creating Local Groups Open Computer Manager ( compmgmt.msc ) console Fall 2011 Nassau Community College ITE153 – Operating Systems 28 Right click Groups and click the New Group

Lab D: Creating Local Groups Fall Nassau Community College ITE153 – Operating Systems

Implementing Built-in Groups Open Local Security Policy( secpol.msc ) console Fall 2011 Nassau Community College ITE153 – Operating Systems 30

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 UNIX User Account and Groups 31

Adding A User In Ubuntu Fall 2011 Nassau Community College ITE153 – Operating Systems 32

Using the Command Line To create a new user account under any Linux distribution use command called useradd. The system administrator is responsible for creating account. Login as root user (or use sudo command) useradd [options] {username} e.g., useradd errico passwd malatesta Fall 2011 Nassau Community College ITE153 – Operating Systems 33

Using the Command Line useradd [-c comment] [-d home_dir] [-e expire_date] [-f inactive_days] [-g initial_group] [-G group[,...]] [-m [-k skeleton_dir]] [-o] [-p passwd] [-s shell] [-u uid] login usermod [-c comment] [-d home_dir [-m]] [- e expire_date] [-f inactive_days] [-g initial_group] [-G group [,...]] [-l login_name] [-p passwd] [-s shell] [-u uid [-o]] [-L|-U] login userdel [-r] login This is similar for groups: groupadd, groupmod, groupdel Fall 2011 Nassau Community College ITE153 – Operating Systems 34

Important URLS Local Users and Groups - use Local Users and Groups to create and manage users and groups that are stored locally on a computerLocal Users and Groups Local Users and Groupssimilar to link above but for Windows 7, Windows Server 2008, Windows Server 2008 R2Local Users and Groups Local Users and Groups best practices - excellent tipsLocal Users and Groups best practices Microsoft Security TechCenter - links to technical bulletins, advisories, updates, tools, and prescriptive guidance. This is a very good site to visit frequently.Microsoft Security TechCenter Fall 2011 Nassau Community College ITE153 – Operating Systems 35

Homework Review the Slides Review Lesson 8 In The Text Fall 2011 Nassau Community College ITE153 – Operating Systems 36