html5-img
1 / 21

Windows Server 2003 使用者及電腦帳號管理

Windows Server 2003 使用者及電腦帳號管理. 林寶森 jeffl@ms11.hinet.net. Local User Accounts. Enable users to log on and access resources on a specific computer Reside in SAM. Domain User Accounts. Enable users to log on to the domain to gain access to network resources Reside in Active Directory.

tait
Download Presentation

Windows Server 2003 使用者及電腦帳號管理

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2003使用者及電腦帳號管理 林寶森 jeffl@ms11.hinet.net

  2. Local User Accounts • Enable users to log on and access resources on a specific computer • Reside in SAM Domain User Accounts • Enable users to log on to the domain to gain access to network resources • Reside in Active Directory Introduction to User Accounts Built-in User Accounts • Enable users to perform administrative tasks or gain temporary access to network resources • Reside in SAM (local built-in user accounts) • Reside in Active Directory (domain built-in user accounts) Administrator and Guest

  3. New User User name: Full name: Description: Password: Confirm: ********** Jonathan Young ********** JYoung User must change password at next logon User cannot change password Password never expires Account is disabled Close Create Creating Local User Accounts

  4. New Object - (User) Create in: samerica1.nwtraders.msft/Ohio First name: Last name: Full name: User logon name: @ samerica1.nwtraders.msft User logon name (pre-Windows 2000): SAMER\ <Back Next> Cancel Creating Domain User Accounts New Object - User Create in: nwtraders.msft/Users Password: ******** Confirm Password: ******** User must change password at next logon User cannot change password Password never expires Account is disabled < Back Next > Cancel

  5. suzanf@contoso.msft Prefix Suffix @ contoso suzanf domain user name + Introduction to User Logon Names • User Principal Name • The suffix defaults to thename of the root domain, but it can be changed and others added • User Logon Name (Pre-Windows 2000) • A user selects the domain when logging on • User Logon Name Uniqueness Rules • Full name must be unique within the container • User principal name is unique within the forest • User logon name (pre-Windows 2000) is unique within the domain

  6. Active Directory Domains and Trusts Properties Active Directory Domains and Trusts UPN Suffixes Action View The names of the current domain and the root domain are the default user principal name (UPN) suffixes. Adding alternative domain names provides additional logon security and simplifies user logon names. Name Type Tree contoso.msft nwtraders.msft domain.DNS domain.DNS Active Directory Domains and Trusts contoso.msft nwtraders.msft If you want alternative UPN suffixes to appear during user creation, add them to the following list. Connect to Domain Controller… Operations Master… Alternative UPN suffixes: View contoso.msft Add Refresh Export List… Remove Add New Suffixes Properties Help Opens property sheet for the current selection. OK Cancel Apply Creating a User Principal Name Suffix

  7. Names Associated with Domain User Accounts

  8. Student 01 Properties Remote control Terminal Services Profile Member Of Dial-in Environment Sessions General Address Account Profile Organization Telephones User01 Setting Personal Properties • Add Personal Information About Users As Stored in Active Directory • Use Personal Properties to Search Active Directory Active Directory

  9. When to Reset User Passwords • Reset a password when a user forgets his or her password • After resetting a password, a user can no longer access some types of information, including: • E-mail that is encrypted with the user’s public key • Internet passwords that are saved on the computer • Files that the user has encrypted

  10. What Is a User Account Template? • A user account template is a user account that contains the properties that apply to users with common requirements • User account templates make creating user accounts with standardized configurations more efficient User AccountTemplate

  11. Active Directory Users and Computers Console Window Help Action View Tree Users 28 objects Name Type Description Active Directory Users and Compu _Sales Template User nwtraders.msft Copy… Administrator ount f Builtin Add members to a group… Casablanca Cert Publishers certifi Enable Account Computers DHCP Administrators o hav Reset Password… Denver OU DHCP Users o hav Move… Domain Controllers DnsAdmins strato Open home page ForeignSecurityPrincipals DnsUpdateProxy who Send mail Copy Object - User Portland Domain Admins admi Seattle All Tasks Domain Computers ions StudentOU Domain Controllers ontro Delete Tunis Create in: nwtraders.msft/Users Domain Guests uest Users Rename Domain Users aser Vancouver OU Refresh Enterprise Admins admi Group 01 First name: sales Initials: Properties user1 Help Last name: Creates a new user, copying information from the selected user. Full name: sales user1 User logon name: salesuser1 @nwtraders.msft User logon name (pre-Windows 2000): salesuser1 NWTRADERS\ Next > Cancel < Back Creating User Account Templates • Set Up a User Account as a Template Account • Create a User Account by Coping the Template Account

  12. Guidelines for Creating User Account Templates • Create a separate classification for each department • Create a separate group for short-term and temporary employees • Set user account expiration dates for short-term and temporary employees • Disable the account template • Identify the account template

  13. Display Display Regional Settings Regional Settings Modify Save Mouse Mouse Sounds Sounds Customizing User Settings with User Profiles • Default User Profile • Serves as the bases for alluser profiles • Local User Profile • Created the First Time a User Logs on to a Computer • Stored on a Computer's Local Hard Disk User Profile Profile Windows 2000 Professional • Roaming User Profile • Created by the System Administrator • Stored on a server • Mandatory User Profile • Created by the System Administrator • Stored on a server Profile Server Windows XP Professional Windows Server 2003

  14. Rename the Administrator Account Create a User Account with Administrative Rights Create a User Account for Non-Administrative Tasks Enable the Guest Account Only in Low Security Networks Create Random Initial Passwords Require New Users to Change Their Passwords Set Account Expiration Dates for Temporary Employees Best Practices

  15. What Is a Computer Account? • Identifies a computer in a domain • Provides a means for authenticating and auditing computer access to the network and to domain resources • Is required for every computer running: • Windows Server 2003 • Windows XP Professional • Windows 2000 • Windows NT

  16. Computers that join a domain are created in the Computers container Computer accounts can be moved to or created in other organizational units Where Computer Accounts Are Created in a Domain

  17. Creating Computer Accounts

  18. When to Reset Computer Accounts Reset computer accounts when: • Computers fail to authenticate to the domain • Passwords need to be synchronized

  19. Csvde and Ldifde Tools Windows Script Host Active Directory Users and Computers Directory Service Tools • Dsadd • Dsmod • Dsrm Tools for Creating and Managing Accounts

  20. Search entire Active Directory, a specific domain, or an OU Find Users, Contacts, and Groups File Edit View Help Users,Contacts,andGroups Entire Directory Find: In: Browse... Entire Directory Users,Contacts,andGroups Advanced contoso Accounting Find Now Field Stop Select attributes for searching Set condition Specify value of the attribute Clear All Add Remove <Add criteria from above to this list> Administer user accounts in the results box Name Type Description Joe Pak Don Hall Anne Paper User User User 31 item(s) found Locating Accounts

  21. What Is a Saved Query?

More Related