Chapter 6
Download
1 / 48

WORKING WITH USER ACCOUNTS Chapter 6 - PowerPoint PPT Presentation


  • 321 Views
  • Uploaded on

Chapter 6 WORKING WITH USER ACCOUNTS CHAPTER OVERVIEW Understand the differences between local user and domain user accounts. Plan, create, and manage local and domain user accounts. Create and manage user accounts by using templates, importation, and command-line tools.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'WORKING WITH USER ACCOUNTS Chapter 6' - bernad


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 6 l.jpg

Chapter 6

WORKING WITH USER ACCOUNTS


Chapter overview l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

CHAPTER OVERVIEW

  • Understand the differences between local user and domain user accounts.

  • Plan, create, and manage local and domain user accounts.

  • Create and manage user accounts by using templates, importation, and command-line tools.

  • Manage user profiles.

  • Understand the purpose and function of profiles.

  • Troubleshoot user authentication issues.


Understanding user accounts l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

UNDERSTANDING USER ACCOUNTS

  • Stored in the Security Accounts Manager (SAM) database on that system

  • Can be used only on that system

  • Domain user accounts

    • Stored in Active Directory on domain controllers

    • Can be used on any system in Active Directory


Workgroups l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

WORKGROUPS

  • No centralized database of user accounts

  • User account must exist in the SAM of each system the user accesses

  • Impractical in environments with more than 10 users



Planning user accounts l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

PLANNING USER ACCOUNTS

  • Account naming

  • Choosing passwords

  • Designing an Active Directory hierarchy


Account naming l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

ACCOUNT NAMING

  • Account names can be between 1 and 20 characters (letters and/or numbers).

  • Account names are not case sensitive.

  • The following characters cannot be used in the account name:

    • " / \ [ ] : ; | , + = * ? < > @



Designing an active directory hierarchy l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

DESIGNING AN ACTIVE DIRECTORY HIERARCHY

  • Create an organizational unit (OU) structure

  • Place users in appropriate OU

  • Provides for features such as group policy


Working with local user accounts l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

WORKING WITH LOCAL USER ACCOUNTS


Creating a local user account l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

CREATING A LOCAL USER ACCOUNT


Managing local user accounts l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

MANAGING LOCAL USER ACCOUNTS


Working with domain user accounts l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

WORKING WITH DOMAIN USER ACCOUNTS


Creating a domain user account l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

CREATING A DOMAIN USER ACCOUNT


Managing domain user accounts l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

MANAGING DOMAIN USER ACCOUNTS

  • From the Action menu, you can:

    • Reset a user account password.

    • Rename, disable, and delete an account.

    • Modify group membership.

    • Send e-mail and open a user’s homepage.









The terminal services profile tab l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

THE TERMINAL SERVICES PROFILE TAB







Managing multiple users l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

MANAGING MULTIPLE USERS



Creating multiple user objects l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

CREATING MULTIPLE USER OBJECTS

  • Using object templates

  • Using Csvde.exe

  • Using Dsadd.exe


Using object templates l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USING OBJECT TEMPLATES

  • Can be an existing user account or an account created specifically for copying.

  • Not all properties are copied.

  • Object templates should be disabled to prevent use of the account.


Importing user objects using csv directory exchange l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

IMPORTING USER OBJECTS USING CSV DIRECTORY EXCHANGE

  • Useful for creating large numbers of users at a time.

  • Step 1: Create a comma-separated value (CSV) text file of user information.

  • Step 2: Use Csvde.exe to import the user information from the CSV file into Active Directory.


Creating user objects with dsadd exe l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

CREATING USER OBJECTS WITH DSADD.EXE

  • Command-line utility

  • Can be used in batch files or scripts

  • Can be used to add other objects as well as users


Modifying user objects with dsmod exe l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

MODIFYING USER OBJECTS WITH DSMOD.EXE

  • Command-line utility

  • Can be used in batch files or scripts

  • Can be used only to modify existing objects


Managing user profiles l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

MANAGING USER PROFILES

  • Allows each user to have a customized working environment

  • Preserves application settings, shortcuts, and preferences

  • Ensures that users do not affect each other’s work environment


User profile contents l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USER PROFILE CONTENTS

  • User-stored documents and files

  • Application configurations and settings

  • Desktop and environment settings

  • Control Panel settings and configurations


User profile directory structure l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USER PROFILE DIRECTORY STRUCTURE


Using local profiles l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USING LOCAL PROFILES

  • Stored on the local system

  • Available only when the user logs on to that system

  • Can be modified by the user as needed


Using roaming profiles l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USING ROAMING PROFILES

  • Allows a user to have the same working environment from any client computer she logs on to.

  • Central storage provides for easier backup.


Using mandatory profiles l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USING MANDATORY PROFILES

  • Can be either local or roaming.

  • User can make changes, but changes are not saved when user logs off.

  • Renaming Ntuser.dat to Ntuser.man designates profile as mandatory.


Monitoring and troubleshooting user authentication l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

MONITORING AND TROUBLESHOOTING USER AUTHENTICATION

  • Using password policies

  • Using account lockout policies


Using password policies l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USING PASSWORD POLICIES

  • Provides a mechanism to control password use in the organization.

  • Should strike a balance between usability and security.

  • Creating a password policy that is too demanding increases password-related support calls.


Using account lockout policies l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

USING ACCOUNT LOCKOUT POLICIES

  • Account Lockout Threshold

  • Account Lockout Duration

  • Reset Account Lockout Counter After


Active directory clients l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

ACTIVE DIRECTORY CLIENTS

  • Windows 2000, Windows XP, and Windows Server 2003 include full Active Directory client capabilities.

  • Windows 95, Windows 98, Windows Me, and Windows NT 4 require additional client software to gain full Active Directory functionality.


Auditing authentication l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

AUDITING AUTHENTICATION

  • Allows you to track failed and successful logon attempts

  • Can form part of a security policy

  • Creates minimal system overhead in all but largest environments


Summary l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

SUMMARY

  • Local user accounts are stored on the local system and can provide users with access only to local resources. Domain user accounts are stored on Active Directory domain controllers and can provide users with access to resources all over the network.

  • User objects include the properties related to the individuals they represent.

  • A user object template is an object that is copied to produce new users. If the template is not a “real” user, it should be disabled. Only a subset of user properties is copied from templates.

  • Windows Server 2003 includes command-line tools that you can use to create and manage Active Directory objects, including Csvde.exe, Dsadd.exe, and Dsmod.exe.


Summary continued l.jpg

Chapter 6: WORKING WITH USER ACCOUNTS

SUMMARY (continued)

  • A user profile is a collection of folders and data that make up the desktop environment for a specific user.

  • Windows Server 2003 generates an individual user profile for each person who logs on to the system. Local user profiles are stored on the local drive, whereas a roaming user profile is stored on a network server.

  • A mandatory user profile is one that never changes, providing the same desktop configuration each time the user logs on.

  • Auditing for authentication allows you to track logon activity for the network.


ad