Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

Similar presentations


Presentation on theme: "11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties."— Presentation transcript:

1 11 MANAGING USERS AND GROUPS Chapter 13

2 Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties  Manage user and group rights  Configure user account policy  Manage and troubleshoot cached credentials  Configure and manage user accounts  Manage user account properties  Manage user and group rights  Configure user account policy  Manage and troubleshoot cached credentials

3 Chapter 13: MANAGING USERS AND GROUPS3 USER ACCOUNTS  Identify users to the system and to each other  Used to grant access to resources  Collect information about users  Identify users to the system and to each other  Used to grant access to resources  Collect information about users

4 Chapter 13: MANAGING USERS AND GROUPS4 GROUPS  Collections of user accounts  Simplify access to resources  Can be used for security and messaging (Active Directory)  Collections of user accounts  Simplify access to resources  Can be used for security and messaging (Active Directory)

5 Chapter 13: MANAGING USERS AND GROUPS5 BUILT-IN USER ACCOUNTS  Configured during setup  Used for administration or guest access  Can be renamed but not deleted  Configured during setup  Used for administration or guest access  Can be renamed but not deleted

6 Chapter 13: MANAGING USERS AND GROUPS6 BUILT-IN GROUPS  Created during setup  Designed for specific use or administrative roles  User accounts can be added as members  Built-in user accounts cannot be removed  Created during setup  Designed for specific use or administrative roles  User accounts can be added as members  Built-in user accounts cannot be removed

7 Chapter 13: MANAGING USERS AND GROUPS7 IMPLICIT GROUPS  Membership can change dynamically  Do not appear in user administration tools  Used to grant permissions based on circumstances  Membership can change dynamically  Do not appear in user administration tools  Used to grant permissions based on circumstances

8 Chapter 13: MANAGING USERS AND GROUPS8 SERVICE ACCOUNTS  Grant services access to system resources  Include built-in and user-defined accounts  Require special accommodations  Grant services access to system resources  Include built-in and user-defined accounts  Require special accommodations

9 Chapter 13: MANAGING USERS AND GROUPS9 DOMAIN ACCOUNTS AND GROUPS  Include built-in and user-defined accounts and groups  Provide logon and resource access to local system  Can be placed into local groups  Include built-in and user-defined accounts and groups  Provide logon and resource access to local system  Can be placed into local groups

10 Chapter 13: MANAGING USERS AND GROUPS10 LOCAL USERS AND GROUPS

11 Chapter 13: MANAGING USERS AND GROUPS11 CONTROL PANEL USER ACCOUNTS

12 Chapter 13: MANAGING USERS AND GROUPS12 ACTIVE DIRECTORY USERS AND COMPUTERS

13 Chapter 13: MANAGING USERS AND GROUPS13 MANAGING USERS WITH NET.EXE

14 Chapter 13: MANAGING USERS AND GROUPS14 PLANNING USERS AND GROUPS

15 Chapter 13: MANAGING USERS AND GROUPS15 USER ACCOUNT NAMING CONVENTIONS

16 Chapter 13: MANAGING USERS AND GROUPS16 PASSWORD COMPLEXITY  Create passphrases  Use uppercase, lowercase, and nonalphanumeric characters  Consider enforcing complexity with Group Policy  Create passphrases  Use uppercase, lowercase, and nonalphanumeric characters  Consider enforcing complexity with Group Policy

17 Chapter 13: MANAGING USERS AND GROUPS17 CHANGING HOW USERS LOG ON OR LOG OFF

18 Chapter 13: MANAGING USERS AND GROUPS18 MANAGING USERS WITH LOCAL USERS AND GROUPS

19 Chapter 13: MANAGING USERS AND GROUPS19 MANAGING GROUPS WITH LOCAL USERS AND GROUPS

20 Chapter 13: MANAGING USERS AND GROUPS20 MANAGING GROUPS WITH NET.EXE

21 Chapter 13: MANAGING USERS AND GROUPS21 MANAGING USERS WITH USER ACCOUNTS

22 Chapter 13: MANAGING USERS AND GROUPS22 USER MANAGEMENT BEST PRACTICES  Give administrators a limited account for nonadministrative use  Limit the number of users in the Administrators group  Rename or disable the Administrator account  Rename and leave the Guest account disabled  Observe the principle of least privilege  Give administrators a limited account for nonadministrative use  Limit the number of users in the Administrators group  Rename or disable the Administrator account  Rename and leave the Guest account disabled  Observe the principle of least privilege

23 Chapter 13: MANAGING USERS AND GROUPS23 MANAGING USER RIGHTS ASSIGNMENTS

24 Chapter 13: MANAGING USERS AND GROUPS24 MANAGING PASSWORD POLICY

25 Chapter 13: MANAGING USERS AND GROUPS25 MANAGING ACCOUNT LOCKOUT POLICY

26 Chapter 13: MANAGING USERS AND GROUPS26 CACHED CREDENTIALS  Cache users’ logon information for offline authentication  User must log on to the domain at least once  Can be disabled to force logons to use domain  Cache users’ logon information for offline authentication  User must log on to the domain at least once  Can be disabled to force logons to use domain

27 Chapter 13: MANAGING USERS AND GROUPS27 MANAGING CACHED CREDENTIALS

28 Chapter 13: MANAGING USERS AND GROUPS28 TROUBLESHOOTING CACHED CREDENTIALS  Cached credentials are out of date  User does not have credentials cached  Cached credentials are disabled on a notebook computer  Cached credentials are out of date  User does not have credentials cached  Cached credentials are disabled on a notebook computer

29 Chapter 13: MANAGING USERS AND GROUPS29 SUMMARY  User accounts help manage resource access.  User groups simplify administration.  Naming conventions uniquely identify users.  Complex passwords strengthen security.  Cached credentials allow access when the domain is unavailable.  User accounts help manage resource access.  User groups simplify administration.  Naming conventions uniquely identify users.  Complex passwords strengthen security.  Cached credentials allow access when the domain is unavailable.


Download ppt "11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties."

Similar presentations


Ads by Google