Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Similar presentations


Presentation on theme: "Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups."— Presentation transcript:

1 Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups

2 Chapter 8 Learning Objectives n Work with users on setting up their accounts n Set up account-naming guidelines n Develop guidelines for user account policies and set up account policies n Explain how to manage Windows NT domains continued

3 Chapter 8 Learning Objectives n Explain how groups are used in Windows NT Server, and create and configure group policies n Create, copy, disable, delete, and rename user accounts n Set up account auditing

4 Chapter 8 Obtaining Input from Users n Advantages u Secure user interest in making installation work u Ensure set up of server meets user needs n Key issues u Naming conventions for user accounts u User account policies u Use of server for home directories u Use and composition of groups u Group policies u Hours for server to be available

5 Chapter 8 Setting Up Account-naming Conventions n Based on account user’s actual name u ex. “rknauerh” or “robk” u use enough of name to be unique F ex. include middle initials u works well for E-mail as well n Based on function within organization u ex. “shift1mgr” or “retail-clerk7” F good if people often change jobs F possible security hole

6 Chapter 8 User Account Policies n Network administrator establishes general password and logon security stipulations for user accounts

7 Chapter 8 Password Security n Only effective if used properly n Account policy options u Password expiration u Password length u Password history u Account lockout

8 Chapter 8 User Home Directories n Home directory: A dedicated location on a file server or a workstation for a specific account holder to store files User home directories in a small office

9 Chapter 8 User Home Directories User home directories in a large organization

10 Chapter 8 Domain Services Management n Preserves idea of work groupings without managing them individually u Allows network administrator to manage resources and users as one unit n Saves time as administrator sets up users, privileges, and groups n Provides a powerful management tool u One domain can be home to 26,000 users and 250 groups

11 Chapter 8 Ethernet An Example of Two Domains Primary domain controller (domain A) Backup domain controller (B) Primary domain controller (B) Backup domain controller (A) Ethernet

12 Chapter 8 Domain Trust Relationships n Trusted domain: The domain that is granted security access to resources n Trusting domain: The domain that grants the access to its resources n One-way trust: One domain is trusted, the other trusting; not reciprocal n Two-way trust: Both domains are trusted and trusting u Universal trust: Two-way trusts among more than two domains

13 Chapter 8 n Trusting domain u Access to business server prohibited n Trusted domain u Access to manufacturing servers allowed One-way Trust Manufacturing domain Business domain

14 Chapter 8 Two-way Trust Business office domain Production branch domain n Trusted and trusting domain

15 Chapter 8 Domain Management n Single-master domain model u Management control of several domains centralized in only one domain u Works well for small organizations n Multiple-master domain model u Management of many domains located in two or more domains u Works well for larger organizations

16 Chapter 8 Advantages of the Single-master Domain n Accounts and resources are centrally managed n Resources are available to all users n One consistent security policy applies across organization n Groups can be tailored across organizational unit boundaries n SAM data is easy to maintain and keep synchronized within the master domain

17 Chapter 8 Advantages of the Multiple-master Domain n Administration can be centralized or decentralized n Thousands of users can share resources throughout the world n Groups can be formed to span domains n Security policies can be standardized for thousands of users and resources

18 Chapter 8 Multiple-master Domain Model

19 Chapter 8 Using Groups n Management of domain resources u By individual user: Most labor-intensive method u By resource: Still labor-intensive u By group: Saves time by eliminating repetitive steps in managing user and resource access

20 Chapter 8 Group Management Concept n Users belong to one or more groups having same access needs n Types of groups in Windows NT Server u Local groups: Used to manage accounts and resources within a single domain or on a single server u Global groups: Used to enable resource sharing across domains

21 Chapter 8 Local Groups n Used to help manage rights and permissions on a server within a domain n User accounts can be members of local groups n Domain resources can be assigned to local groups n Global groups can belong to local groups n Local groups can be used to make domain resources available to trusted domains

22 Chapter 8 Windows NT Predefined Local Groups

23 Chapter 8 Global Groups n Provide rights access across domains by linking rights from trusting domains to groups in trusted domains n Global groups can have domain user accounts as members but not local groups, to avoid circular group relationships n Global groups can be members of local groups n Global groups cannot have resources as members

24 Chapter 8 Windows NT Predefined Global Groups

25 Chapter 8 Adding Groups n New local and global groups can be added at any time Business group composition

26 Chapter 8 Managing Accounts n Creating accounts n Copying an account n Deleting an account n Disabling an account n Renaming an account

27 Chapter 8 Creating Accounts n Two accounts are created when Windows NT Server was installed u Administrator account: Provides complete access and control over the server u Guest account: Can be set up with controlled access for guest users

28 Chapter 8 Completing New Account Information

29 Chapter 8 Assigning Users to a Group n Accounts that have same security and access requirements can be assigned as members of a group

30 Chapter 8 Customizing User Access n User account environment can be customized through user profiles, logon scripts, and home directories u ex. make everyone run a virus checker u ex. user “fred” wants to always set up certain programs whenever/wherever he logs in

31 Chapter 8 Windows NT Logon Script Commands

32 Chapter 8 Configuring the Server Hours n Server administrator can set up user accounts so they cannot access server at designated times (e.g, during backups and other system work) Logon Hours dialog box

33 Chapter 8 Securing Account Access from Designated Workstations n Server administrator can limit where a user can log on to the domain n Ensures that certain accounts can only be accessed from designated workstations

34 Chapter 8 Account Expiration and Type n Expiration date is useful for an account that is needed for a specific time period (e.g., guests or temporary employees) n Can be designated global or local

35 Chapter 8 Copying an Account n Accounts can be modeled after a master account n Saves time when there are many accounts to create

36 Chapter 8 Deleting an Account n Completely erases account from security database n Before deleting an account, consider disabling it for a period of time in case there is a need to reactivate it for access at a later date

37 Chapter 8 Disabling an Account n Good security practice n A disabled account cannot be used to log on to the system but all other settings and configuration options remain intact

38 Chapter 8 Renaming an Account n To prevent intruders familiar with the default account names from gaining access to the system n To change an account name if an account is associated with a specific job is assigned to another individual n To comply with changes in organization’s naming convention n To reflect a user’s name change

39 Chapter 8 Account Auditing n Auditing: Tracking success or failure of events by recording selected types of events in an event log or a server or a workstation u use carefully; can overload system F disk space F CPU time available to programs

40 Chapter 8 Events that Can Be Audited n Logon and logoff activity n Access to files and objects n How often user rights are exercised n User and group management functions n Security policy changes n Restarting, shutting down, other activities n Starting processes or software applications

41 Chapter 8 Creating Groups n Organizational units, workgroups, or departments n Authorized users of network resources or applications n Events, projects, or special assignments n Geographical or location-based groups n Individual job descriptions or functions

42 Chapter 8 Setting Group Policies n Rights grant privileges to perform functions u Accessing server u Adding workstations to the domain u Changing system time u Backing up files

43 Chapter 8 Setting Group Policies n Standard rights: Apply to everyday users and groups (see next slide) n Advanced rights: For programmers and system developers who have technical access needs u Debugging programs u Gaining access to operating system internals u Controlling memory swapping

44 Chapter 8 Default NT Server User Rights continued

45 Chapter 8 Default NT Server User Rights continued

46 Chapter 8 Default NT Server User Rights

47 Chapter 8 Chapter Summary n Do some preliminary research before setting up accounts and groups. u User feedback helps to ensure accounts match user needs u Develop guidelines for account names u Develop account policies for setting up passwords and account lockout features continued

48 Chapter 8 Chapter Summary n Windows NT domains are a tool to help manage a server. u Local and global groups u Reduce time spent managing individual accounts continued

49 Chapter 8 Chapter Summary n Creating an account is multiple step process. u User and password information u Group assignments u Home directory assignments u Hours to access account u Security options

50


Download ppt "Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups."

Similar presentations


Ads by Google