Chapter4 Part2. User Account Management Once Active Directory is installed and configured, you enable users to access network servers and resources through.

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

Chapter Five Users, Groups, Profiles, and Policies.
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Windows Server 2003 使用者群組管理 林寶森
MOAC : Installing and Configuring Windows Server 2012
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Administering Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Chapter 4 Introduction to Active Directory and Account Management
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
Understanding Active Directory
Ch 9 Managing Active Directory User Accounts. Objectives Create Organizational Unit Creating User Accounts in Active Directory Disabling, Enabling, and.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Hands-On Microsoft Windows Server 2008
Chapter 7 WORKING WITH GROUPS.
Chapter 7 Managing OUs and Active Directory Accounts
Hands-On Microsoft Windows Server 2008
Guide to MCSE , Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Chapter 4 Introduction to Active Directory and Account Management
Windows Server 2008 Chapter 4 Last Update
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Chapter 7: WORKING WITH GROUPS
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
Designing Active Directory for Security
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 4 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Module 7 Active Directory and Account Management.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Session 7 Windows Platform Eng. Dina Alkhoudari. Learning Objectives Active Directory review Managing users and groups Single Master Operations Delegation.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Chapter 10: Rights, User, and Group Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
Module 3 Creating Groups and Organizational Units.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
Module 3: Managing Groups. Overview Creating Groups Managing Group Membership Strategies for Using Groups Using Default Groups.
6/19/2016 أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 4.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Ch 10 Security Group Management 1. Objectives 1.Understand Local security groups 2. Understand Domain local groups 3.Understand Global groups 4.Understand.
ACTIVE DIRECTORY ADMINISTRATION
Active Directory Administration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Windows Server 2003 使用者群組管理
Implementing and Managing Group and Computer Accounts
Chapter 9: Managing Groups, Folders, Files, and Object Security
Unit 6 NT1330 Client-Server Networking II Date: 7/19/2016
Presentation transcript:

Chapter4 Part2

User Account Management Once Active Directory is installed and configured, you enable users to access network servers and resources through user accounts. Several accounts might be set up by default, depending on which Windows components you install But including two primary accounts: Administrator and Guest. 2

3 User Account Management Accounts can be set up in two general environments: Accounts that are set up through a stand-alone server that does not have Active Directory installed Accounts that are set up in a domain when Active Directory is installed When accounts are created in the domain through Active Directory, then those accounts can be used to access any resource within domain.

4 Creating Accounts When Active Directory Is Not Installed 1 of 3

5 Creating Accounts When Active Directory Is Not Installed 2of 3

6 Creating Accounts When Active Directory Is Not Installed 3 of 3

Creating Accounts When Active Directory is Installed 7

Disabling, Enabling, and Renaming Accounts Your organization may disable accounts when someone leaves, and then later renaming and enabling the account for that person’s replacement. Renaming account is easier than deleting the account and creating a new one. 8

Moving Account When an employee moves from one department to another, for example from the Payroll Department to the budget office, you might need to move that person’s account from one container to another— between Ous. You can either reset user password and delete user account. 9

10 Security Group Management One of the best ways to manage accounts is by grouping accounts that have similar characteristics. Scope of influence (or scope) The reach of a group for gaining access to resources in Active Directory All of these groups can be used for security or distribution groups Security groups Used to enable access to resources on a stand-alone server or in Active Directory Distribution groups Used for or telephone lists, to provide quick, huge distribution of information

Security Group Management Types of Security Groups: 1.Local—Used on stand-alone servers that are not part of a domain; scope of this type of group is the local server on which it is defined 2.Domain local—Used when there is a single domain or to manage resources in a particular domain so that global and universal groups can access those resources 3.Global—Used to manage group accounts from the same domain so that those accounts can access resources in the same and in other domains 4.Universal—Used to provide access to resources in any domain within a forest 11

12 Implementing Local Groups Local security group Used to manage resources on a stand-alone computer that is not part of a domain and on member servers in a domain (not DCs) Stand-alone Computer :are computers that are not part of any domain Member Servers: Servers on a network managed by Domain Controllers that do not have Active Directory installed. Each group would be given different security access based on the resources at the server

13 Implementing Domain Local Groups Domain local security group Used when Active Directory is deployed Used to manage resources in a domain and to give global groups from the same and other domains access to those resources Domain local group can contain user accounts, global groups, and universal groups. The scope of a domain local group is the domain in which the group exists The typical purpose of a domain local group is to provide access to resources You grant access to servers, folders, shared folders, and printers to a domain local group

Domain Local Security Group You can convert a domain local group to a universal group if the following conditions are applied: 1.The domain local group does not contain any other domain local groups. 2.The domain must be in the Windows Server 2003 or Windows Server 2008 domain functional level. 14

Designing Domain Local Groups you should plan to put domain local groups in access control lists only, and the resources of domain local groups should be mainly global groups. Access control list (ACL) is a list of security privileges that have been set up for a particular object, such as a shared folder or shared printer. Usually domain local group does not contain accounts, because account management is more efficient when you handle it through global groups. 15

16

17 Implementing Global Groups Global security group Intended to contain user accounts and other global groups from the domain in which it was created Can also be set up as a member of a domain local group in the same or another domain Global group members can access resources in other domains. Global group can contain user accounts and other global groups from the domain in which it was created. A global group can be converted to a universal group As long as it is not nested in another global group or in a universal group

18 Implementing Global Groups (continued)

19 Implementing Global Groups (continued) Faculty Staff 1.The president in college domain, needs access to resources in all three domains 2.To do so create domain local group (LocalExec) and make the three groups (College – Student – Research) member of this group. 3.Create a GlobalExec global group in college domain that has the presidentt user accounts as members

20 Implementing Universal Groups Universal group membership can include user accounts from any domain, global groups from any domain, and other universal groups from any domain Universal groups are offered to provide an easy means to access any resource in any domain. Universal groups are offered to provide an easy means to access any resource in a tree or among trees in a forest

21 Guidelines to help simplify how you plan to use groups 1.Use global groups to hold accounts as member and keep the nesting of global groups to a minimum to avoid confusion. 4.Use domain local groups to provide access to resources in a specific domain. 4.Avoid placing accounts in domain local groups but do make domain local groups members of access control lists for specific resources in the domain,such as shared folders and printers.

5.Use universal groups to provide extensive access to resources,particularly when Active Directory contains trees and forests, or to simplify access when there are multiple domains. 6.Make universal groups members of access control lists for objects in any domain, tree, or forest. 7.Manage user account access by placing accounts in global groups and joining global groups to domain local or universal groups, depending on which is most appropriate to the scope required for access. 22 Guidelines to help simplify how you plan to use groups

23 Implementing Universal Groups (continued) 1.We want to give president account in the college domain access to all three domains. 2.An alternative is to create one universal group that has access to all resources in the three domains—create one global group containing the president and make that global group a member of the universal group.

24 Properties of Groups All of the groups that you can create in Windows Server 2008 have a set of properties that can be configured. Properties of groups are configured using the following tabs: General—Used to enter a description of the group, change the scope and type of group, and provide addresses for a distribution group Members—Used to add members to a group, such as adding user accounts to a global group, and enables members to be removed Member Of—Used to make the group a member of another group, or to remove the group’s membership Managed By—Used to establish an account or group that will manage the group, if the manager is other than the server administrator; also, the location, telephone number, and fax number of the manager can be provided