Windows XP Users, Groups, Profiles and Policies - PowerPoint PPT Presentation

windows xp users groups profiles and policies n.
Skip this Video
Loading SlideShow in 5 Seconds..
Windows XP Users, Groups, Profiles and Policies PowerPoint Presentation
Download Presentation
Windows XP Users, Groups, Profiles and Policies

play fullscreen
1 / 104
Windows XP Users, Groups, Profiles and Policies
Download Presentation
Download Presentation

Windows XP Users, Groups, Profiles and Policies

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Windows XP Users, Groups, Profiles and Policies 70-270: MCSE Guide to Microsoft Windows XP Professional

  2. Windows XP Professional User Accounts • Designed for use as a network client for: • Windows NT • Windows 2000 • Windows Server 2003 • Member of a workgroup • Standalone operating system when more than one user is using the computer • Home or business environment

  3. Types of Windows XP Professional User Accounts • Local user account • Exists on a single computer • Can provide access to resources if the user is a member in a workgroup • No domain access • Domain user account • Created on a domain controller using "Active Directory" and exists throughout the domain • Available on any domain member computer

  4. User Account Details • Uniquely identified to the system by user account name and password • Provides secure access to authorized users • Preferences are environmental settings that are stored in a profile • Desktop, Favorites, My Documents, Start Menu, Internet files and Cookies, etc.

  5. Accounts Interaction with an XP Professional System (Page 1) • Standalone system, automatic logon— • All users access local resources through a "common user account" that automatically logins in when computer starts • Standalone system— • Each user logs into system with access to "their own" local resources

  6. Accounts Interaction with an XP Professional System (Page 2) • Workgroup member— • Users login to an account both local and shared resources • Domain network client— • Users login to system with a unique domain user account to gain access to local and domain resources

  7. Supporting More Than One User • Multiple-user systems—support more than one user on the same machine, either on a single computer or in a domain • Implemented through: • Groups • Resources • Policies • Profiles

  8. Groups • Named collections of user accounts • One user account may be a member of more than one group • Members of group receive access rights and restrictions for that group • Local groups are created using Windows XP professional and provide privileges at the machine level

  9. Resources • Useful objects including printers, shared directories, software applications, etc. • Limited to a single user, group or all users on a machine or within a network

  10. Policies • A set of configuration options for a user, computer or group: • Define password restrictions, i.e. • Is the user required to change their password at prescribed intervals? • Account lockouts, i.e. • What happens if a user enters an incorrect login several times in sequence? • User rights • Event auditing

  11. Profiles • User environmental settings including Desktop, Favorites, My Documents, Start Menu, etc. • A local profile exists on local computer • A domain profile follows a user no matter which computer he/she logons to in the domain

  12. Types of Logon • Two types: • Windows Welcome Logon Method • Classic Logon Method • Changing between the login types is found in "User Accounts" applet in Control Panel • Logon authentication has two purposes: • Maintain security • Track computer usage

  13. Windows Welcome Logon Method (Page 1) • Completely new logon method designed for use on standalone or workgroup member systems • Not available when the Windows XP client is a member of a domain • Displayed as a list of user accounts each with its own icon which the user clicks • For accounts with password, user is prompted for it before access is granted View Windows Welcome Logon Screen

  14. Windows Welcome Logon Method (Page 1) Last slide viewed

  15. Windows Welcome Logon Method (Page 2) • To turn the Welcome screen on or off: • Open User Accounts in Control Panel • Click Change the way users log on or off command • Do one of the following: • Specify that users log onto computer using the Welcome screen, select the Use the Welcome screen check box • Specify that users log onto computer using "Windows Classic Logon" dialog, clear the Use the Welcome screen check box View Windows Welcome Logon Screen View Classic Logon Dialog

  16. Windows Welcome Logon Method (Page 3) • Fast User Switching: • Allows switching from one user to another without logging off (not in a domain and only for Welcome Screen logon) • Also updated in "User Accounts" from Change the way users log on or off • From "Start" menu, select the Log Off… command; then in the "Logoff Windows" dialog click the <Switch User> button • When switching back, environment and all programs that were active are restored

  17. Activity • Turn on Fast User Switching in the "User Accounts" applet • Activate the Guest account and then practice switching between it and your user account

  18. Classic Logon Method • Press the <Ctrl>+<Alt>+<Delete> key combination to access the "WinLogon" security dialog box • Required for domain member systems • Selected automatically when a Windows XP system becomes part of a domain • No user switching available • Must log off computer to make it available to the next user View Classic Logon Dialog

  19. Classic Logon Method Last slide viewed

  20. Activity • In the "User Accounts" applet change between the "Windows Welcome" and "Classic" logon methods • Try logging on using each

  21. Logging On to Windows XP • When Windows XP Professional first is installed, two accounts are automatically created • Administrator • Guest

  22. Administrator (Page 1) • Most powerful user account possible • Unlimited access and unrestricted privileges to manage users, groups, O/S environment, printers, shares, storage devices, etc. • Must be protected from misuse • Complicated password should be used • Account should be renamed

  23. Administrator (Page 2) • The original Administrator account: • Cannot be deleted • Cannot be locked out (occurs when user attempts to logon unsuccessfully) • Can be disabled (only performed manually by another administrator account) • Can have a blank password (not recommended) • Can be renamed (recommended) • Cannot be removed from Administrators local group

  24. Guest (Page 1) • One of the least privileged user accounts • Limited access to resources and computer activities • Account should be renamed • Member of the "Everyone" group • Recommended to leave account disabled since by default all new objects and shares give full control for group "Everyone"

  25. Guest (Page 2) • The original Guest account: • Cannot be deleted • Can be locked out • Can be disabled (disabled by default) • Can have a blank password (blank by default) • Can be renamed (recommended) • Can be removed from the Guests local group

  26. Naming Conventions (Page 1) • A predetermined process should be used for creating names on either a network or a standalone system • A convention is an accepted practice within an organization or even industry-wide • Important since networks usually tend to grow very quickly

  27. Naming Conventions (Page 2) • Should incorporate a schemes for naming: • User accounts • Computers • Directories • Network shares • Printers • Servers

  28. Naming Conventions (Page 3) • Two common conventions: • User name employs first and last name, and a code indicating user's department • Group name represents the organization of the firm: department, location, project name, and/or combination of the above

  29. Naming Conventions (Page 4) • Needs to be: • Consistent • Easy to use and understand • Easy to create new names using the convention (variations are predetermined) • Clearly identify the object's type

  30. Managing Local User Accounts • Two types of local accounts: • Accounts created from scratch locally • Local representations of domain/network user accounts • User Accounts applet • Used to create local representation (only for a domain client) • In a standalone system, applet becomes a task wizard with easy-to-follow tasks

  31. User Accounts Applet in a Domain • Users tab • Lists active users • Add New User wizard to add users • Advanced tab • Access to • Password and passport management • Advanced user management • Secure logon settings

  32. User Accounts Applet in a Domain Last slide viewed

  33. User Accounts Applet in a Domain

  34. To find the user in the domain Add a User in a Domain User Accounts applet

  35. Add a User in a Domain User Accounts applet

  36. Properties in a Domain User Accounts applet

  37. User Accounts Applet for a Standalone Computer

  38. User Accounts Applet for a Standalone Computer

  39. Activity • Create a new user account named Jan Walters using the "User Accounts" applet • Limited privileges • No password

  40. Local Users and Groups Console • Found in "Computer Management" applet of Administrative Tools • Console tree nodes (in left frame) are Users and Groups • The list frame (on the right) shows the names of the user and/or group accounts • "Local Users and Groups" MMC snap-in also can be used to create and manage user accounts and groups

  41. Local Users and Groups (Computer Management Console)

  42. Local Users and Groups MMC Console

  43. Local Users and Groups MMC Console

  44. Users Node (Page 1) • Creating a new user account: • Select User node within the Local Users and Groups node • With no user selected, click Action New User… from the menu bar • Or right-click on any white space in list (right) frame and select New User… • Fill-in form and click the <Create> button

  45. Users Node (Page 2) • Select any user account and click Action from menu bar (or right-click any user account name) to: • Set (reset) password • Delete user account • Rename user account • View user account properties • Help

  46. Users Node (Page 3) • The Properties window for user accounts has three tabs: • General – update Fullname and Description, modify password properties, enable/disable the account, and manage locked out accounts • Member Of – list of group memberships with <Add…> and <Remove> buttons

  47. Users Node (Page 4) • The Properties (con.): • Profile – defines: • Alternate location for the user's profile • By default stored in "c:\Documents and Settings\username" • Name of an optional logon script that executes after successful login • Alternate home directory, either a local folder or mapped network drive • By default "c:\Documents and Settings\username\My Documents"

  48. Activity • Create an MMC console with the "Local Users and Groups" snap-in • Save it on the Desktop as filename "Local Users and Groups.msc"

  49. Activity 5-4 • Create a local account with the "Local Users and Groups" MMC console snap-in • Username – BobTemp • Full Name – Bob Smith • Description – A temporary account for Bob • Password – provide and confirm • User must change password at next logon – deselected

  50. Activity 5-5 • Add BobTemp account to the PowerUsers group from "User Accounts" • Found on the Members Of tab of Properties • Requires clicking the <Advanced> button, then the <Find Now> button