1 / 52
Télécharger la présentation

Windows XP User Accounts and Policies Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 13 Users, Groups Profiles and Policies

  2. Learning Objectives • Understand Windows XP Professional user accounts • Understand the different types of logins • Understand how to long on to Windows XP • Understand naming conventions • Create and manage local user accounts

  3. Learning Objectives • Planning groups and system groups • Creating User Profiles • Working with group policies

  4. Many computers have more them one person using them • User accounts can be established containing detailed information about the user • Windows XP uses named user accounts protected with passwords.

  5. Local User Accounts and Groups • Windows XP Professional can be stand alone OS or a client on a server OS such as Windows Server 2003 • Windows XP Professional can create configure and manage only local user accounts.

  6. Local User Accounts and Groups • Local user accounts exist only on a single computer • They cannot be used in any manor with domains resources or to gain domain access. • Windows XP Professional also supports local user groups.

  7. Local User Accounts and Groups • A Windows XP Professional local user account provides details about • Security • Preferences stored as a profile

  8. Domain User Accounts • Must be created in a domain • Can be used by any computer connected to the domain • Used to gain access to domain resources • Grand access to local resources

  9. Domain User Accounts • Windows XP Professional can grant access to local resources to domain users and groups

  10. Account Interaction with Windows XP Professional • Windows XP Professional’s setup determines how each user interacts with the system • The interaction can be setup in the following ways

  11. Account Interaction with Windows XP Professional • Standalone system automatic login – all users access resources through a common automatic login • Standalone system – Each user logs into the system with a unique user account and password • Workgroup member – each user logs in with a local user account • Domain network client – each user logs into the system with a unique domain user account

  12. Multiple User Systems • Windows XP Professional is one of the Windows products that supports multiple users • There are four parts to the implementation of the multiple user system in Windows XP Professional

  13. Multiple User Systems • Groups - a named collection of users • Groups can be local or global • Local –exist on the computer they were created on • Global – exist through a domain

  14. Multiple User Systems • Resources – any useful service or object examples include • Printers • Shared directories • Software applications. • Windows XP Professional has extensive control over resources

  15. Multiple User Systems • Policies – a set of configurations that defines Windows XP security • Policies are used to define • Password restrictions • Account lockouts • User rights • Event auditing

  16. Multiple User Systems • Profiles – a stored snapshot of a users desktop settings

  17. Types of Logins • Login authentication – the requirement of a user to provide a name and password to gain access to a computer • Used to • Maintain security • Track computer usage by user account

  18. Types of Logins • Windows supports two types of logon is methods • Windows Welcome Login • Classic Login

  19. Types of Logons (Windows Welcome Logon) • The user accounts are listed with icons • Clicking on the icon either allows access or requests a password • Allows for fast switching by users. • Do not have to logout to login as a new user. • Accomplished by clicking on Log Off icon on the start menu • If programs are running you will be warned before you are allowed to switch

  20. Types of Logons (Classic) • Uses Crtl+Alt+Delete to access the Windows security dialog box • You enter your username and password • If you are part of a domain the classic mode is used

  21. Default User Accounts • When Windows XP Professional is installed two default user accounts are created • Administrator • Guest

  22. Default User Accounts (administrator) • This is the most powerful account available. • This account has unlimited access and unrestrictive privileges • It cannot be removed from the system • It cannot be locked out • It cannot be disabled

  23. Default User Accounts (administrator) • Can have a blank password • Can be renamed • Cannot be removed from the administrative local group

  24. Default User Accounts (guest) • An account with the least privileges • It cannot be deleted • It can be locked out • It can be disabled • It can have a blank password (not recommended) • Can be renamed (recommended) • Can be removed from the Guest local group

  25. Naming Conventions • Predetermined process for creating names on network or standalone system • Determined by the organization • Must provide an intuitive and useful way to name parts of the system • Accounts • Directories • printers

  26. Naming Conventions • Naming conventions need to address the following four elements • Must be consistent across all objects • Must be easy to use and understand • New names cam be easily constructed from existing names • Object names should identify the object type

  27. Planning Groups • Group design should be done before and groups are created. • Windows XP provides a set of default groups.

  28. Planning Groups

  29. Planning Groups • Administrators - members have full access to the computer • Backup Operators – members of this group can override security restrictions for the purpose of backing up and restoring files and folders on a system.

  30. Planning Groups • Guest – members of the group can save files but cannot save programs or alter the system • Network Configuration Operations – have some administrative privileges to manage configuration of network features.

  31. Planning Groups • Power Users – members can modify the computer, create user accounts, share resources and install programs. • Remote Desktop Users – Members can logon remotely • Replicator – members can replicate directories between local and domain systems.

  32. Planning Groups • Users – members can only save files. • Help Service Groups - a special group used by Help and Support Centers, default account is set to allow remote support by Microsoft.

  33. User Profiles • A collection of desktop and environmental configurations for a specific user or group of users. • Computer maintains profile for each user who has logged on except for guests

  34. User Profiles Include • Application data – a folder containing user specific data for applications such • Custom dictionaries for word processing • Junk sender lists for email clients • Cookies – a folder of cookies accepted by the user thought the browser. • Desktop – a folder containing all of the items displayed on the desktop.

  35. User Profiles Include • Favorites – a folder that contains the URL’s from Internet Explorer • Local Settings – a folder containing setting that do not roam. There are four sub-folders • Application data – contains machine specific application data. • History – contains user’s Internet Explorer browser history • Temp – folder that contains temporary files created by applications • Temporary Internet Files – folder contains the offline cache for Internet Explorer.

  36. User Profiles Include • My Documents – the default target folder for the My Documents short cut. • NetHood – a folder that contains the shortcuts appearing in My Network Places. • PrintHood - a folder that contains the shortcuts found in the printers and fax folder • My Recent Documents – a folder containing links to recently used documents.

  37. User Profiles Include • Sent To – a folder of user-specific used in the send to command found on the menu when right clicking of files or folders. • Start Menu – a folder containing the user specific start menu layout • Temples – a folder containing user specific temples

  38. User Profiles Include • Ntuser.dat – a file containing registry information specific to the user. • Ntuser.dat.log – a transaction log that the user profile can be recreated from in the event of a system failure. • Ntuers.ini – a file containing user related setting.

  39. Local Profiles • Set of specifications and preferences for an individual user • Created the first time the user logs on to the computer. • When a user makes changes to the profile only the local profile is affected.

  40. Roaming Profiles • Resides on the network server. • Made available to the any computer that the user logs on to. • Windows makes a local copy of the profile the first time the user logs on the computer. • If the user makes changes to the local copy, those changes are merged into the server copy.

  41. Group Policies • A centralize police combining several security and access controls. • Group policies can be defined for • Local groups • Domain groups • Organizational units • The local group policies are edited in the Local Security Policy tool.

  42. Password Policies • Defines restriction on passwords • Used to create stronger passwords.

  43. Password Policies (specific) • Enforce Password History – prevents the reuse of a password and determines how many time a person must wait before a password can be reused. • Maximum Password Age – defines when a password will expire. • Minimum Password Age – defines the minimum time between password changes.

  44. Password Policies (specific) • Minimum password length – sets the number of characters a password must be.

  45. Account Lockout Policies • Defines the conditions in which a user is locked out from the account

  46. Account Lockout Policies (specific) • Account lockout threshold – defines the number of attempts that can be made before lockout • Account lockout duration – how long the lockout will remain in effect ( a setting of 0 requires administrative reset) • Reset account lockout – defines the amount of time that must expire before lockout is rest.

  47. Audit Policy • Defines what is recorded in the Security log. • Is use to track resource usage. • The following audit policies can be set to record success or failure.

  48. Audit Policy (specific) • Audit account logon events – audits authentication of a user account on the system. • Audit account management – audits account changes to a user account or group • Audit directory service access – audits access to directory objects.

  49. Audit Policy (specific) • Audit logon events – audits user account logons, logoffs, and establishment of network connections • Audit object access – audits resource access • Audit police changes – audits changes to security policies • Audit privileges – audits the use of specific rights and privileges.

  50. Audit Policy (specific) • Audit process tracking – audits the activity of processes • Audit system events – audits system level activities.

More Related