Post on 23-Dec-2015
Creating and Managing User Accounts
Overview
Introduction to User Accounts
Guidelines for New User Accounts
Creating Local User Accounts
Creating and Configuring Domain User Accounts
Setting Properties for Domain User Accounts
Customizing User Settings with User Profiles
Best Practices
Introduction to User Accounts
Domain User AccountsDomain User AccountsDomain User AccountsDomain User Accounts Enable users to log on to the domain to gain access to
network resources Reside in Active Directory
Enable users to log on to the domain to gain access to network resources
Reside in Active Directory
Local User AccountsLocal User AccountsLocal User AccountsLocal User Accounts Enable users to log on and access resources on a
specific computer Reside in SAM
Enable users to log on and access resources on a specific computer
Reside in SAM
Built-in User AccountsBuilt-in User AccountsBuilt-in User AccountsBuilt-in User Accounts
Enable users to perform administrative tasks or gain temporary access to network resources
Reside in SAM (local built-in user accounts) Reside in Active Directory (domain built-in user
accounts)
Enable users to perform administrative tasks or gain temporary access to network resources
Reside in SAM (local built-in user accounts) Reside in Active Directory (domain built-in user
accounts)
Administrator and Guest
Administrator and Guest
Guidelines for New User Accounts
Naming Conventions
Password Guidelines
Account Options
Naming Conventions
User Logon Names and Full Names Must Be Unique
User Logon Names:
Can contain up to 20 characters
Can include a combination of special alphanumeric characters
A Naming Convention Should:
Accommodates duplicate employee names
Identifies temporary employees
Password Guidelines
Assign a Password for the Administrator Account
Determine Who Has Control over Passwords
Educate Users on How to Use Passwords
Avoid obvious associations, such as a family name
Use long passwords
Use a combination of uppercase and lowercase characters
Account Options
Set Logon Hours to Match Users’ Work Hours
Specify the Computers from Which a User Can Log On
Domain users can log on at any computer in the domain, by default
Domain users can be restricted to specific computers to increase security
Specify When a User Account Expires
Creating Local User Accounts
Created on Computers Running Windows 2000 Professional
Created on Stand-alone or Member Servers Running Windows 2000 Server or Windows 2000 Advanced Server
Reside in SAM
New User
User name: JYoung
Full name:
Description:
Jonathan Young
Password: **********
Confirm: **********
User must change password at next logon
User cannot change passwordUser cannot change passwordPassword never expiresPassword never expires
Account is disabled
CloseCreate
Local User Accounts Are:
Creating and Configuring Domain User Accounts
Installing Windows 2000 Administration Tools
Creating a Domain User Account
Setting Password Requirements
Managing User Data by Creating Home Folders
Setup optionsSelect the action you want the Setup Wizard to perform.
Uninstall the Administrative Tools
Click an option and then click Next.
Install all of the Administrative Tools
DescriptionInstall / Reinstall all components of the Windows 2000Administration Tools.
Windows 2000 Administration Tools Setup Wizard
< Back
Active Directory Domains and TrustsActive Directory Sites and ServicesActive Directory Users and ComputersComponent ServicesComponent ManagementConfigure your SeverData Sources (ODBC)DHCPDistributed File SystemDNSDomain Controller Security PolicyDomain Security PolicyEvent ViewerInternet Services ManagerLicensingLocal Security PolicyPerformanceRouting and Remote AccessServer Extensions AdministratorServicesTelnet Server Administration
Installing Windows 2000 Administration Tools
The tools appear on the Administrative Tools menu
After you install Administration Tools, use the runas command to run the tools
The tools appear on the Administrative Tools menu
After you install Administration Tools, use the runas command to run the tools
Creating a Domain User AccountConsole
Active Directory Users and ComputersWindow Help
Action View
TreeName Type DescriptionUsers 20 objects
Active Directory Users and Compnwtraders.msft
BuiltinComputersDomain ControllersForeignSecurityPrincipalsLostAndFoundSystemUsers
AdministratorCert PublishersDNSAdminsDNSUpdateProxyDomain AdminsDomain ComputersDomain ControllersDomain Guests
UserSecurity Group - GlobalSecurity Group - Domain LocalSecurity Group - GlobalSecurity Group - GlobalSecurity Group - GlobalSecurity Group - GlobalSecurity Group - Global
Built-in accountEnterprise certi
DNS clients whoDesignated admAll workstationsAll domain contAll domain gues
DNS Administra
Find…NewAll TasksViewNew Window from HereRefreshExport List…
Properties
Help
ComputerContactGroupPrinter
Shared FolderUser
Create in: nwtraders.msft/Users
First name:
Last name:
Full name:
Judy
Lew
Judy A. Lew
Initials: A
User logon name:judy1 @nwtraders.msft
User logon name (pre-Windows 2000):NWTRADERS\ judy1
< Back< Back Next > Cancel
Delegate Control…
New Object - User
Setting Password Requirements
New Object - User
Create in: nwtraders.msft/Users
Password:
Confirm Password:
< Back Next > Cancel
User must change password at next logon
User cannot change password
Password never expires
Account is disabled
********
********
Managing User Data by Creating Home Folders
Consider the Following WhenYou Create a Home Folder:
Backup and restore capability Sufficient space on the server Sufficient space on users’
computers Network performance
To Create a Home Folder:
1. Create a shared folder on a server
2. Assign the appropriate permission
3. Provide a path for the user account
\Home
User1
User2
User3
Setting Properties for Domain User Accounts
Setting Personal Properties
Setting Account Properties
Specifying Logon Options
Copying Domain User Accounts
Creating User Account Templates
Setting Personal Properties
Active Directory Add Personal Information About Users
As Stored in Active Directory
Use Personal Properties to Search Active Directory
Student 01 Properties
Remote control
User01
Terminal Services ProfileMember Of Dial-in Environment Sessions
General Address Account Profile Telephones Organization
Setting Account Properties
User02 UserUser03 UserUser04 UserUser05 UserUser06 User
User01 User
Use 01 Properties
Remote control Terminal Services ProfileMember Of Dial-in Environment Sessions
General Address Account Profile Telephones Organization
@nwtraders.msftUser01
User logon name:
User logon name (pre-Windows 2000):
NWTRADERS\
Account is locked outAccount is locked out
Logon Hours…
Student01
Log On To…
Account options:
User must change password at next logonUser cannot change passwordPassword never expiresStore password using reversible encryption
Account expires:
Never
End of: Wednesday, November 24, 1999
OK Cancel ApplyApply
Copy…
Add members to a group……
Reset Password…
Disable Account
Move…
Open home page
Send mail
Send mail
Delete
Rename
Refresh
Properties
Help
Specifying Logon OptionsLogon Hours for User01
OK
Cancel12 12 12 2 4 6 8 10 2 4 6 8 10. . . . . . . . . . . .
Logon Permitted
Logon Denied
All
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
DefaultDefault DefaultDefault
Logon Workstations
This feature requires the NetBIOS protocol. In Computer name, type the pre-Windows 2000 computer name.
This user can log on to:
All computers
The following computers
Computer name:
Brisbane
Perth
OK Cancel
Add
EditEdit
RemoveRemove
Copying Domain User Accounts
Copy an Existing Domain User Account to Simplify the Process of Creating a New Domain User Account.
DomainUser
Account(User1)
DomainUser
Account(User2)
CopyCopyCopyCopy
Domain User2Domain User2Domain User1Domain User1
Creating User Account Templates
ConsoleActive Directory Users and Computers
Window Help
Action View
TreeName Type DescriptionUsers 28 objects
Active Directory Users and Compunwtraders.msft
BuiltinCasablancaComputersDenver OUDomain ControllersForeignSecurityPrincipals
AdministratorCert PublishersDHCP AdministratorsDHCP UsersDnsAdminsDnsUpdateProxyDomain AdminsDomain Computers
ount fcertifio havo havstratowho
Users
PortlandSeattleStudentOUTunis
Vancouver OU
Domain ControllersDomain GuestsDomain UsersEnterprise AdminsGroup 01
_Sales Template User Copy…Add members to a group…Enable AccountReset Password…Move…Open home pageSend mail
All Tasks
DeleteRenameRefresh
Properties
HelpCreates a new user, copying information from the selected user.
admiionsontrouestaseradmi
Copy Object - User
Create in: nwtraders.msft/Users
First name:
Last name:
Full name:
sales
user1
sales user1
Initials:
User logon name:salesuser1 @nwtraders.msft
User logon name (pre-Windows 2000):NWTRADERS\ salesuser1
< Back< Back Next > Cancel
Set Up a User Account as a Template Account
Create a User Account by Coping the Template Account
Customizing User Settings with User Profiles
User Profile Types
Creating Roaming and Mandatory Roaming User Profiles
User Profile Types Default User Profile
Serves as the bases for alluser profiles
Local User Profile Created the First Time a
User Logs on to a Computer Stored on a Computer's Local
Hard Disk
Default User Profile Serves as the bases for all
user profiles Local User Profile
Created the First Time a User Logs on to a Computer
Stored on a Computer's Local Hard Disk
UserProfileUser
Profile
DisplayDisplay
RegionalSettingsRegionalSettings
MouseMouse
SoundsSounds
ModifyModify SaveSave
Roaming User Profile Created by the System
Administrator Stored on a server
Mandatory User Profile Created by the System
Administrator Stored on a server
Roaming User Profile Created by the System
Administrator Stored on a server
Mandatory User Profile Created by the System
Administrator Stored on a server
ProfileProfile Windows 2000Client
Windows 2000Client
Windows 2000Client
Windows 2000Client
Windows 2000Client
Windows 2000Client
ProfileServer
DisplayDisplay
RegionalSettingsRegionalSettings
MouseMouse
SoundsSounds
Creating Roaming and Mandatory Roaming User Profiles
Create a Roaming User Profile Create a Roaming User Profile Create a Roaming User Profile Create a Roaming User Profile
Create a Shared Folder on the ServerCreate a Shared Folder on the Server
Set Up a Configured Roaming User ProfileSet Up a Configured Roaming User Profile
Specify the Shared Folder in Path InformationSpecify the Shared Folder in Path Information
Create a Mandatory User ProfileCreate a Mandatory User ProfileCreate a Mandatory User ProfileCreate a Mandatory User Profile
Create a Shared Folder on the Server with aUser Profile Folder InsideCreate a Shared Folder on the Server with aUser Profile Folder Inside
Rename Ntuser.dat to Ntuser.manRename Ntuser.dat to Ntuser.man
Best Practices
Rename the Administrator AccountRename the Administrator Account
Create a User Account with Administrative RightsCreate a User Account with Administrative Rights
Create a User Account for Non-Administrative TasksCreate a User Account for Non-Administrative Tasks
Enable the Guest Account Only in Low Security NetworksEnable the Guest Account Only in Low Security Networks
Create Random Initial PasswordsCreate Random Initial Passwords
Require New Users to Change Their PasswordsRequire New Users to Change Their Passwords
Set Account Expiration Dates for Temporary EmployeesSet Account Expiration Dates for Temporary Employees
Review
Introduction to User Accounts
Guidelines for New User Accounts
Creating Local User Accounts
Creating and Configuring Domain User Accounts
Setting Properties for Domain User Accounts
Customizing User Settings with User Profiles
Best Practices