1 / 22

Microsoft Server 2008 R2

Microsoft Server 2008 R2. Account Management. OVERVIEW. Understand the differences between local user and domain user accounts. Plan, create, and manage local and domain user accounts. Create and manage user accounts by using Active Directory and creating templates

calix
Download Presentation

Microsoft Server 2008 R2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Server 2008 R2 Account Management

  2. OVERVIEW • Understand the differences between local user and domain user accounts. • Plan, create, and manage local and domain user accounts. • Create and manage user accounts by using Active Directory and creating templates • Domain based security groups

  3. UNDERSTANDING USER ACCOUNTS • Local User Accounts • Stored in the Security Accounts Manager (SAM) database on that system • Can be used only on that system • Domain User Accounts • Stored on domain controllers and stored in the Active Directory Database (NTDS.DIT) • Can be used on any system in the Active Directory Domain

  4. PLANNING USER ACCOUNTS • Account naming conventions • Be consistent • Securing accounts and choosing passwords • “moving target” in industry today • You can help defend your domain from attackers by requiring strong passwords and implementing an account lockout policy. • Strong passwords reduce the risk of intelligent password guessing and dictionary attacks on passwords. • An account lockout policy decreases the possibility of an attacker compromising your domain through repeated logon attempts. • An account lockout policy determines how many failed logon attempts a user account can have before it is disabled. • 15+ character “passphrase” is popular • Januaryisreallycold (19 characters) • Populate common attributes consistently

  5. Domain User Accounts Account Naming Guidelines A user account name: • Cannot be identical to any other user account name or group name on the computer being administered • Can contain up to 20 characters • Can contain uppercase or lowercase characters • Cannot contain any of the following characters: • " / \ [ ] : ; | = , + * ? < > @ • Cannot consist solely of periods (.) or spaces • Are NOTcase sensitive

  6. Domain User Accounts Account Naming Guidelines • Account names should be consistent • Not only users, but for all domain objects • Organizations will typically have an account naming policy • [First name].[last name]: • Luka.Abrus • [First initial][last name]: • Labrus@corp.contoso.com • [employeeID][first initial][lastinitial]: • 0123LA@corp.contoso.com

  7. Domain User Accounts Creating Domain User Accounts • Command line • Net user… • Dsadd user… • PowerShell • Server Manager • Active Directory Administrative Center • Active Directory Users and Computers • Script and import

  8. Domain User Accounts • Command line • GUI

  9. WORKING WITH DOMAIN USER ACCOUNTS

  10. CREATING A DOMAIN USER ACCOUNT

  11. Creating Domain Users • What happens when the user is created? • User is stored in the database • User is automatically assigned a security identifier (SID) • Ie. S-1-5-21-D1-D2-D3-RID • S-1-5=Standard prefix (5 means it was created by NT • RID is unique to each account

  12. THE GENERAL TAB

  13. THE ACCOUNT TAB

  14. THE PROFILE TAB

  15. THE MEMBER OF TAB

  16. MANAGING MULTIPLE USERS

  17. MANAGING DOMAIN USER ACCOUNTS • From the Action menu, you can: • Reset a user account password • Different from Changing a password. • Control-Alt-DeleteChange a Password • Rename, disable, and delete an account. • Modify group membership. • Send e-mail and open a user’s homepage.

  18. USING OBJECT TEMPLATES • Can be an existing user account or an account created specifically for copying. • Not all properties are copied. • Object templates should be disabled to prevent use of the account. • In it’s simplest definition, templates are user accounts that you copy.

  19. Domain Groups • Local groups govern only the local system • Domain groups can govern any domain based system • Domain joined workstation • Domain joined server • Domain Controller • Both local systems and domains have built-in groups • Domain GroupDomain Admins • Local GroupAdministrators

  20. Domain Groups • Domain groups can be nested in other groups • Domain groups can be: • Domain Local—used only in domain it was created in • Global—can be used in any domain within a forest • Universal—is replicated to all other domains within a forest

  21. Domain Groups • Domain—same options apply as creating users

  22. SUMMARY • Local user accounts are stored on the local system and can provide users with access only to local resources. • Domain user accounts are stored on Active Directory domain controllers and can provide users with access to resources all over the network. • User objects include the properties related to the individuals they represent. • A user object template is an object that is copied to produce new users. If the template is not a “real” user, it should be disabled. • Only a subset of user properties is copied from templates.

More Related