Download presentation
Presentation is loading. Please wait.
1
11 MANAGING USERS AND GROUPS Chapter 13
2
Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user account policy Manage and troubleshoot cached credentials Configure and manage user accounts Manage user account properties Manage user and group rights Configure user account policy Manage and troubleshoot cached credentials
3
Chapter 13: MANAGING USERS AND GROUPS3 USER ACCOUNTS Identify users to the system and to each other Used to grant access to resources Collect information about users Identify users to the system and to each other Used to grant access to resources Collect information about users
4
Chapter 13: MANAGING USERS AND GROUPS4 GROUPS Collections of user accounts Simplify access to resources Can be used for security and messaging (Active Directory) Collections of user accounts Simplify access to resources Can be used for security and messaging (Active Directory)
5
Chapter 13: MANAGING USERS AND GROUPS5 BUILT-IN USER ACCOUNTS Configured during setup Used for administration or guest access Can be renamed but not deleted Configured during setup Used for administration or guest access Can be renamed but not deleted
6
Chapter 13: MANAGING USERS AND GROUPS6 BUILT-IN GROUPS Created during setup Designed for specific use or administrative roles User accounts can be added as members Built-in user accounts cannot be removed Created during setup Designed for specific use or administrative roles User accounts can be added as members Built-in user accounts cannot be removed
7
Chapter 13: MANAGING USERS AND GROUPS7 IMPLICIT GROUPS Membership can change dynamically Do not appear in user administration tools Used to grant permissions based on circumstances Membership can change dynamically Do not appear in user administration tools Used to grant permissions based on circumstances
8
Chapter 13: MANAGING USERS AND GROUPS8 SERVICE ACCOUNTS Grant services access to system resources Include built-in and user-defined accounts Require special accommodations Grant services access to system resources Include built-in and user-defined accounts Require special accommodations
9
Chapter 13: MANAGING USERS AND GROUPS9 DOMAIN ACCOUNTS AND GROUPS Include built-in and user-defined accounts and groups Provide logon and resource access to local system Can be placed into local groups Include built-in and user-defined accounts and groups Provide logon and resource access to local system Can be placed into local groups
10
Chapter 13: MANAGING USERS AND GROUPS10 LOCAL USERS AND GROUPS
11
Chapter 13: MANAGING USERS AND GROUPS11 CONTROL PANEL USER ACCOUNTS
12
Chapter 13: MANAGING USERS AND GROUPS12 ACTIVE DIRECTORY USERS AND COMPUTERS
13
Chapter 13: MANAGING USERS AND GROUPS13 MANAGING USERS WITH NET.EXE
14
Chapter 13: MANAGING USERS AND GROUPS14 PLANNING USERS AND GROUPS
15
Chapter 13: MANAGING USERS AND GROUPS15 USER ACCOUNT NAMING CONVENTIONS
16
Chapter 13: MANAGING USERS AND GROUPS16 PASSWORD COMPLEXITY Create passphrases Use uppercase, lowercase, and nonalphanumeric characters Consider enforcing complexity with Group Policy Create passphrases Use uppercase, lowercase, and nonalphanumeric characters Consider enforcing complexity with Group Policy
17
Chapter 13: MANAGING USERS AND GROUPS17 CHANGING HOW USERS LOG ON OR LOG OFF
18
Chapter 13: MANAGING USERS AND GROUPS18 MANAGING USERS WITH LOCAL USERS AND GROUPS
19
Chapter 13: MANAGING USERS AND GROUPS19 MANAGING GROUPS WITH LOCAL USERS AND GROUPS
20
Chapter 13: MANAGING USERS AND GROUPS20 MANAGING GROUPS WITH NET.EXE
21
Chapter 13: MANAGING USERS AND GROUPS21 MANAGING USERS WITH USER ACCOUNTS
22
Chapter 13: MANAGING USERS AND GROUPS22 USER MANAGEMENT BEST PRACTICES Give administrators a limited account for nonadministrative use Limit the number of users in the Administrators group Rename or disable the Administrator account Rename and leave the Guest account disabled Observe the principle of least privilege Give administrators a limited account for nonadministrative use Limit the number of users in the Administrators group Rename or disable the Administrator account Rename and leave the Guest account disabled Observe the principle of least privilege
23
Chapter 13: MANAGING USERS AND GROUPS23 MANAGING USER RIGHTS ASSIGNMENTS
24
Chapter 13: MANAGING USERS AND GROUPS24 MANAGING PASSWORD POLICY
25
Chapter 13: MANAGING USERS AND GROUPS25 MANAGING ACCOUNT LOCKOUT POLICY
26
Chapter 13: MANAGING USERS AND GROUPS26 CACHED CREDENTIALS Cache users’ logon information for offline authentication User must log on to the domain at least once Can be disabled to force logons to use domain Cache users’ logon information for offline authentication User must log on to the domain at least once Can be disabled to force logons to use domain
27
Chapter 13: MANAGING USERS AND GROUPS27 MANAGING CACHED CREDENTIALS
28
Chapter 13: MANAGING USERS AND GROUPS28 TROUBLESHOOTING CACHED CREDENTIALS Cached credentials are out of date User does not have credentials cached Cached credentials are disabled on a notebook computer Cached credentials are out of date User does not have credentials cached Cached credentials are disabled on a notebook computer
29
Chapter 13: MANAGING USERS AND GROUPS29 SUMMARY User accounts help manage resource access. User groups simplify administration. Naming conventions uniquely identify users. Complex passwords strengthen security. Cached credentials allow access when the domain is unavailable. User accounts help manage resource access. User groups simplify administration. Naming conventions uniquely identify users. Complex passwords strengthen security. Cached credentials allow access when the domain is unavailable.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.