1 / 42

SUPPORTING LOCAL USERS AND GROUPS

Chapter 3. SUPPORTING LOCAL USERS AND GROUPS. SUPPORTING LOCAL USERS AND GROUPS. Explain the difference between local and domain accounts Create and modify a user account in Microsoft Windows XP Professional Edition Explain the use of and configure groups Configure Fast User Switching

Download Presentation

SUPPORTING LOCAL USERS AND GROUPS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 3 SUPPORTING LOCAL USERS AND GROUPS

  2. Chapter 3: Supporting Local Users and Groups SUPPORTING LOCAL USERS AND GROUPS • Explain the difference between local and domain accounts • Create and modify a user account in Microsoft Windows XP Professional Edition • Explain the use of and configure groups • Configure Fast User Switching • Troubleshoot common password and logon problems

  3. Chapter 3: Supporting Local Users and Groups SUPPORTING LOCAL USERS AND GROUPS (CONTINUED) • Explain how Local Security Policy affects a computer running Windows XP • Use the Local Security Policy tool to change security settings • Identify the important security settings that are available through Local Security Policy

  4. Chapter 3: Supporting Local Users and Groups LOCAL ACCOUNTS • Local accounts are used for the following activities: • To gain initial access to the computer • To control access to local computer resources • To control access to network resources • Specific to one PC only • Used in a workgroup setting

  5. Chapter 3: Supporting Local Users and Groups LOCAL ACCOUNTSright click my computer and choose manage

  6. Chapter 3: Supporting Local Users and Groups USER ACCOUNTS • Account management is a comprehensive topic that includes: • Auditing of account activity • Creation of user and group accounts, and management of account properties • Password and account lockout policy configuration • User rights assignments

  7. Chapter 3: Supporting Local Users and Groups DEFAULT USER ACCOUNTS – can not be deleted • Administrator – Most important user • Guest – limited privileges, used for guests • HelpAssistant – builtin for remote assistance • SUPPORT_susux – used by Microsoft when providing remote support through Help and Support Service.

  8. Chapter 3: Supporting Local Users and Groups CREATING USER ACCOUNTS

  9. Chapter 3: Supporting Local Users and Groups USER ACCOUNT PROPERTIES, GENERAL TAB

  10. Chapter 3: Supporting Local Users and Groups USER ACCOUNT PROPERTIES, PROFILE TAB

  11. Chapter 3: Supporting Local Users and Groups USER ACCOUNT ACTION MENU

  12. Chapter 3: Supporting Local Users and Groups GROUP ACCOUNTS • Group accounts are used to simplify the assignment of security features by associating user accounts that have common needs. • For example the administrators group will store all users who have administrative rights on the local machine.

  13. Chapter 3: Supporting Local Users and Groups DEFAULT GROUP ACCOUNTS • There are several default, built-in groups in Windows XP Professional Edition. The most common of these are: • Administrators group • Backup Operators group • Guest group • Power Users group • Users group

  14. Chapter 3: Supporting Local Users and Groups CREATING GROUP ACCOUNTS

  15. Chapter 3: Supporting Local Users and Groups SECURITY IDENTIFIERS (SIDS) • User accounts and groups are considered security principals. Meaning that you can grant them access on a computer. Every security principal has a unique Security Identifier (SID) assigned to it at the time of creation. • Basically a number associated with a user or a group used for tracking security settings. It is easier for the OS to track a number rather than a Name.

  16. Chapter 3: Supporting Local Users and Groups LIMITATIONS OF WINDOWS XP HOME EDITION • Cannot create local groups • Local Users And Groups tool is not available—must use User Accounts tool • Supports only two types of accounts: • Computer Administrator • Limited • Does not have an account named Administrator • Cannot join a domain

  17. Chapter 3: Supporting Local Users and Groups USER PROFILES • User profiles store user-specific configuration settings, such as customized desktops and personalized application settings

  18. Chapter 3: Supporting Local Users and Groups Types of profiles Windows XP supports • Local – available only on the PC it was created on. XP pro and Home support this • Roaming – stored in a shared folder on a network server and are accessible from any location in a network. Only XP Pro. • Mandatory – roaming profiles that users cannot make permanent changes to. Mandatory profiles are used to enforce configuration settings. Only XP Pro.

  19. Chapter 3: Supporting Local Users and Groups DOCUMENTS AND SETTINGS FOLDER – Storage Location for Local Profiles • Windows stores local user profiles in the Documents And Settings folder. This folder stores several files and folders containing configuration information and data for each user profile.

  20. Chapter 3: Supporting Local Users and Groups LOCAL USER PROFILES • A local user profile is available only from the system on which it was created • A unique local user profile is created and stored on each computer a user logs on to

  21. Chapter 3: Supporting Local Users and Groups HANDLING MULTIPLE PROFILES FOR THE SAME USER NAME • If a Windows XP Professional Edition computer is a member of a Windows domain, two users with the same user account name can log on to the same system. • If there were 2 Matts that logged onto a local machine 2 separate folders would be created. 1. C:\documents and settings\matt2. C:\documents and settings\matt.<computer_name> where <computer_name> is the name of the local PC

  22. Chapter 3: Supporting Local Users and Groups ROAMING USER PROFILES – stored on a network server - this helps avoid the following 2 problems • Users will have a different profile on each machine they log on to • Without regular backup, if the local machine crashes, the profile could be lost

  23. Chapter 3: Supporting Local Users and Groups ENABLING ROAMING PROFILES • Create and share a folder on the server that will hold the roaming profiles • Make sure that the users have access to the shared folder • Specify the location of the roaming profile folder

  24. Chapter 3: Supporting Local Users and Groups ADDITIONAL POINTS ON ROAMING PROFILES • Roaming profiles are generally used in a domain environment • In a domain account, a roaming profile is created and configured once on a domain controller

  25. Chapter 3: Supporting Local Users and Groups MANDATORY USER PROFILES • Mandatory user profiles are applied to roaming user profiles. When a profile is made mandatory, users are unable to save changes to desktop settings. • Used when you don’t want users to change settings, such as desktop backgrounds and icons.

  26. Chapter 3: Supporting Local Users and Groups FAST USER SWITCHING • Allows multiple local user accounts to log on to a computer simultaneously • Users can switch sessions without logging off or closing programs • Running programs still consume computer resources • This can really slow down the PC. I would not recommend using it.

  27. Chapter 3: Supporting Local Users and Groups TROUBLESHOOTING PASSWORD PROBLEMS • The user is mistyping the user name, password, or both • The user has the CAPS LOCK key engaged

  28. Chapter 3: Supporting Local Users and Groups SECURITY POLICY • Security policy is a combination of security settings that affect the security on a computer • Computers that are members of a workgroup are subject only to Local Security Policy • Computers that are members of a domain are subject to both Local Security Policy and Group Policy

  29. Chapter 3: Supporting Local Users and Groups ORDER OF POLICY APPLICATION • Local Computer Policy is applied to the computer • Group Policy settings are applied for the Active Directory site of which the computer is a member • Group Policy settings are applied for the Active Directory domain of which the computer is a member • Group Policy settings configured for the Active Directory OU of which the computer is a member are applied

  30. Chapter 3: Supporting Local Users and Groups RESULTANT SET OF POLICY • Policy settings are cumulative, so all settings contribute to effective policy. The effective policy is called the Resultant Set of Policy (RSoP).

  31. Chapter 3: Supporting Local Users and Groups ACCESSING LOCAL SECURITY POLICY

  32. Chapter 3: Supporting Local Users and Groups CONFIGURABLE SECURITY OPTIONS • There are quite a few configurable security options in Windows XP • Including: • Shutdown: Allow System To Be Shut Down Without Having To Log On • Microsoft Network Server: Amount Of Idle Time Required Before Suspending A Session • Network Security: Force Logoff When Logon Hours Expire • Other security options

  33. Chapter 3: Supporting Local Users and Groups PASSWORD POLICY • Enforce password history • Maximum password age • Minimum password age • Minimum password length • Passwords must meet complexity requirements • Store password using reversible encryption for all users in the domain

  34. Chapter 3: Supporting Local Users and Groups ACCOUNT LOCKOUT POLICY • Account Lockout Policy allows you to configure the computer to stop responding to logon requests from a user who has a valid logon name but who keeps entering the incorrect password. The policy settings are as follows: • Account Lockout Duration • Account Lockout Threshold • Reset Account Lockout After

  35. Chapter 3: Supporting Local Users and Groups AUDITING • Auditing consists of two major components: • Audit policy • Audit entries

  36. Chapter 3: Supporting Local Users and Groups CHOOSING EVENTS TO AUDIT • There are several types of events that can be audited based on the specific security needs of the given system. • Table 3-1 lists these Auditable events

  37. Chapter 3: Supporting Local Users and Groups POTENTIAL EVENTS TO AUDIT • Shutting down and restarting the computer • Users logging on at odd hours • Users logging on to computers they wouldn’t normally log on to • Users attempting to log on unsuccessfully • Changes to user and group accounts • Printer usage • Access to particular files and folders

  38. Chapter 3: Supporting Local Users and Groups CONFIGURING AUDIT POLICY • Configure the audit policy • Enable auditing on specific resources

  39. Chapter 3: Supporting Local Users and Groups VIEWING AUDIT ENTRIES IN THE SECURITY LOG

  40. Chapter 3: Supporting Local Users and Groups CHAPTER SUMMARY • Local user accounts are used to gain initial access to a computer and to control local resources. • Local groups are used to simplify the assignment of security features by associating user accounts that have common needs. • User profiles store user-specific configuration settings, such as customized desktops and personalized application settings.

  41. Chapter 3: Supporting Local Users and Groups CHAPTER SUMMARY (CONTINUED) • Windows stores local user profiles in the Documents And Settings folder. This folder stores several files and folders containing configuration information and data for each user profile. • Password problems are a common issue with users. Make sure that they are typing their logon information correctly and that the Caps Lock key is not engaged.

  42. Chapter 3: Supporting Local Users and Groups CHAPTER SUMMARY (CONTINUED) • Security policy is a combination of security settings that affect the security on a computer. Computers that are members of a workgroup are subject only to Local Security Policy. Computers that are members of a domain are subject to both Local Security Policy and Group Policy.

More Related