Download presentation
Presentation is loading. Please wait.
Published byFelicity Philippa Rich Modified over 9 years ago
1
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Goals Plan strategies to create user accounts Create local user accounts Create domain user accounts Set user account profiles Introduce user profiles Configure roaming user profiles Create home folders Maintain user accounts
2
5.2 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Planning Strategies for Creating User Accounts User account Provides a form of identification for a user Used to build the user ticket User ticket Also called TGT (Ticket Granting Ticket) Contains a list of associated Security IDs and all groups to which a user belongs Used to prove account validity and construct a session ticket for use by the resource server Ways to create user accounts Manually using the Active Directory Users and Computers console Writing scripts using VBScript or Jscript Writing scripts using Active Directory Services Interfaces (ADSI), a fully programmable automation object available for administrators (Skill 1)
3
5.3 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Planning Strategies for Creating User Accounts (2) Naming conventions Unique user names Easy-to-remember logon names Be able to differentiate between employees with similar or the same names Password requirements Hard to guess Mix of letters and numerals Account properties Log On To option specifies the computers to which a user can log on Logon Hours option specifies the hours of the day and days of the week a user can log on Account expires option specifies when an account will be invalid (Skill 1)
4
5.4 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure (Skill 1) Figure 5-1 Specifying user account properties
5
5.5 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Creating a Local User Account Local user accounts allow users to log on to a specific computer and access only its resources The local user account is stored only in the computer’s local security database When a user logs on to a computer, the computer uses its local security database to authenticate the local user account (Skill 2)
6
5.6 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Creating a Local User Account (2) If you create a local user account on a computer that requires access to domain resources, the user cannot access resources in the domain You cannot create local user accounts on a domain controller You use the Local Users and Groups snap-in within the Computer Management console to create, delete, or disable local user accounts (Skill 2)
7
5.7 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure (Skill 2) Figure 5-2 Local security database
8
5.8 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure (Skill 2) Figure 5-3 Creating a local user account
9
5.9 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Creating a Domain User Account A domain user account allows a user to log on to a domain and access network resources The domain controller replicates the new user account information to all domain controllers in the domain You use the Active Directory Users and Computers console to create domain user accounts (Skill 3)
10
5.10 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Creating a Domain User Account (2) Logon process A user provides a logon name and password (or alternately, inserts a smartcard and provides a PIN) The Windows 2000 Server builds a session ticket and generates an access token, which is available during the session Domain names AD domain names are usually the full DNS name Each domain also has a pre-Windows 2000 domain name to allow logon to a Windows 2000 domain from computers running pre- Windows 2000 operating systems Built-in accounts Built-in Administrator user account Built-in Guest account (Skill 3)
11
5.11 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure (Skill 3) Figure 5-4 Domain user account
12
5.12 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure (Skill 3) Figure 5-5 Creating a domain user account
13
5.13 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-6 Specifying password for a new domain user account (Skill 3)
14
5.14 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-7 Summary screen for a new domain user account (Skill 3)
15
5.15 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-8 The new user in the Active Directory Users and Computers console (Skill 3)
16
5.16 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Setting User Account Properties Every user account has a set of default properties You can also define detailed personal properties Defined for a domain user account Useful when searching for users Logon settings control the logon hours for a user Dial-in settings include whether to allow remote dial-in for the user (Skill 4)
17
5.17 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Setting User Account Properties (2) You can also specify Terminal Services settings for a user account Provide the ability to connect to a server from a remote location Allow the user to run a session as if sitting at the machine Create a template account containing the common information shared between user accounts (Skill 4)
18
5.18 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-9 Specifying user account properties (Skill 4)
19
5.19 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-10 Specifying logon hours for a user account (Skill 4)
20
5.20 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Introducing User Profiles A user profile is a collection of data Includes user’s personal data, desktop settings, printer connections, and network connections Enables multiple users to work from the same computer Enables a single user to work from multiple computers on a network Three types of user profiles Local user profile Roaming user profile Mandatory user profile (Skill 5)
21
5.21 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Introducing User Profiles (2) Local user profile Limited to the computer to which the user logs on Is stored on the system’s local hard disk Roaming user profile Allows a user to work on multiple computers on a network Updates any changes users make to their user profiles on the server Mandatory user profile Specifies particular settings for individuals or a group Does not permanently save the desktop settings made by a user Only system administrators can change mandatory profiles (Skill 5)
22
5.22 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-11 A sample user profile folder (Skill 5)
23
5.23 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-12 Contents of the Documents and Settings folder (Skill 5)
24
5.24 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Creating a Roaming User Profile Standard roaming user profiles are used for specific groups of users Benefits Provide a standard desktop environment with access to the same network resources Provide a standard work environment consisting of only those applications and connections used by the group Streamline troubleshooting To create a standard roaming user profile Create a shared folder on the server Create a user profile template with the appropriate configuration Copy the roaming user profile template to the shared folder on the server to allow users access to the profile (Skill 6)
25
5.25 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-13 Adding a user to a group (Skill 6)
26
5.26 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-14 Accessing the list of user profiles (Skill 6)
27
5.27 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-15 Copying the user profile template to the shared folder (Skill 6)
28
5.28 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-16 Permitting a user to use the profile (Skill 6)
29
5.29 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-17 Specifying the path to the roaming user profile (Skill 6)
30
5.30 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Creating a Home Folder on a Server Home folders Provide a default location for each user to store data Similar in concept to the My Documents folder on a user’s desktop Benefits Not computer dependent Easily accessible from any computer on the network Accessible from any client computer using any Microsoft operating system Backed up as per the server’s backup schedule (Skill 7)
31
5.31 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-18 Specifying the path of the home folder (Skill 7)
32
5.32 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-19 Home folder for a user (Skill 7)
33
5.33 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Maintaining User Accounts Network administrator maintenance tasks Rename an account to maintain the rights, permissions, and group memberships of a particular user account and transfer the account to a different user Disable an account for security reasons when a user does not need the account for a certain period Enable a disabled account Delete a user account when it is no longer needed Reset passwords when a user’s password expires before the user changes it Lock out user accounts when users violate a security policy (Skill 8)
34
5.34 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-20 Options in the Action menu (Skill 8)
35
5.35 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-21 Active Directory message box (Skill 8)
36
5.36 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-22 The disabled user account (Skill 8)
37
5.37 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Figure 5-23 Resetting user password (Skill 8)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.