1 / 45

WORKING WITH USER ACCOUNTS

Chapter 6. WORKING WITH USER ACCOUNTS. UNDERSTANDING USER ACCOUNTS. Local user accounts stored in the Security Accounts Manager (SAM) database on that system Can be used only on that system Domain user accounts Stored in Active Directory on domain controllers

dawn
Télécharger la présentation

WORKING WITH USER ACCOUNTS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 WORKING WITH USER ACCOUNTS

  2. Chapter 6: WORKING WITH USER ACCOUNTS UNDERSTANDING USER ACCOUNTS • Local user accounts • stored in the Security Accounts Manager (SAM) database on that system • Can be used only on that system • Domain user accounts • Stored in Active Directory on domain controllers • Can be used on any system in Active Directory

  3. Chapter 6: WORKING WITH USER ACCOUNTS WORKGROUPS • No centralized database of user accounts • User account must exist in the SAM of each system the user accesses • Impractical in environments with more than 10 users

  4. Chapter 6: WORKING WITH USER ACCOUNTS DOMAINS • Centralized database of user accounts • User accounts exist in the Active Directory Hierarchy on the Domain controller

  5. Chapter 6: WORKING WITH USER ACCOUNTS PLANNING USER ACCOUNTS • Account naming • Choosing passwords • Designing an Active Directory hierarchy

  6. Chapter 6: WORKING WITH USER ACCOUNTS ACCOUNT NAMING • Account names can be between 1 and 20 characters (letters and/or numbers). • Account names are not case sensitive. • The following characters cannot be used in the account name: • " / \ [ ] : ; | , + = * ? < > @ • Choose an account naming scheme that is logical and stick to it

  7. Chapter 6: WORKING WITH USER ACCOUNTS CHOOSING PASSWORDS • Choose a password policy that matches the security needs of your organization

  8. Chapter 6: WORKING WITH USER ACCOUNTS DESIGNING AN ACTIVE DIRECTORY HIERARCHY • Create an organizational unit (OU) structure • Place users in appropriate OU • Provides for features such as group policy

  9. Chapter 6: WORKING WITH USER ACCOUNTS WORKING WITH LOCAL USER ACCOUNTS

  10. Chapter 6: WORKING WITH USER ACCOUNTS CREATING A LOCAL USER ACCOUNT

  11. Chapter 6: WORKING WITH USER ACCOUNTS MANAGING LOCAL USER ACCOUNTS

  12. Chapter 6: WORKING WITH USER ACCOUNTS WORKING WITH DOMAIN USER ACCOUNTS

  13. Chapter 6: WORKING WITH USER ACCOUNTS CREATING A DOMAIN USER ACCOUNT

  14. Chapter 6: WORKING WITH USER ACCOUNTS MANAGING DOMAIN USER ACCOUNTS • From the Action menu, you can: • Reset a user account password. • Rename, disable, and delete an account. • Modify group membership. • Send e-mail and open a user’s homepage.

  15. Chapter 6: WORKING WITH USER ACCOUNTS THE GENERAL TAB

  16. Chapter 6: WORKING WITH USER ACCOUNTS THE ADDRESS TAB

  17. Chapter 6: WORKING WITH USER ACCOUNTS THE TELEPHONES TAB

  18. Chapter 6: WORKING WITH USER ACCOUNTS THE ORGANIZATION TAB

  19. Chapter 6: WORKING WITH USER ACCOUNTS THE ACCOUNT TAB

  20. Chapter 6: WORKING WITH USER ACCOUNTS THE PROFILE TAB

  21. Chapter 6: WORKING WITH USER ACCOUNTS THE MEMBER OF TAB

  22. Chapter 6: WORKING WITH USER ACCOUNTS THE TERMINAL SERVICES PROFILE TAB

  23. Chapter 6: WORKING WITH USER ACCOUNTS THE ENVIRONMENT TAB

  24. Chapter 6: WORKING WITH USER ACCOUNTS THE REMOTE CONTROL TAB

  25. Chapter 6: WORKING WITH USER ACCOUNTS THE SESSIONS TAB

  26. Chapter 6: WORKING WITH USER ACCOUNTS THE DIAL-IN TAB

  27. Chapter 6: WORKING WITH USER ACCOUNTS THE COM+ TAB

  28. Chapter 6: WORKING WITH USER ACCOUNTS MANAGING MULTIPLE USERS

  29. Chapter 6: WORKING WITH USER ACCOUNTS MOVING USER OBJECTS

  30. Chapter 6: WORKING WITH USER ACCOUNTS CREATING MULTIPLE USER OBJECTS • Using object templates • Using Csvde.exe • Using Dsadd.exe

  31. Chapter 6: WORKING WITH USER ACCOUNTS USING OBJECT TEMPLATES • Can be an existing user account or an account created specifically for copying. • Not all properties are copied. • Object templates should be disabled to prevent use of the account. • New users are created by copying the user template object

  32. Chapter 6: WORKING WITH USER ACCOUNTS IMPORTING USER OBJECTS USING CSV DIRECTORY EXCHANGE • Useful for creating large numbers of users at a time. • Step 1: Create a comma-separated value (CSV) text file of user information. • Step 2: Use Csvde.exe to import the user information from the CSV file into Active Directory.

  33. Chapter 6: WORKING WITH USER ACCOUNTS CREATING USER OBJECTS WITH DSADD.EXE • Command-line utility • Can be used in batch files or scripts • Can be used to add other objects as well as users

  34. Chapter 6: WORKING WITH USER ACCOUNTS MODIFYING USER OBJECTS WITH DSMOD.EXE • Command-line utility • Can be used in batch files or scripts • Can be used only to modify existing objects

  35. Chapter 6: WORKING WITH USER ACCOUNTS MANAGING USER PROFILES • Allows each user to have a customized working environment • Preserves application settings, shortcuts, and preferences • Ensures that users do not affect each other’s work environment

  36. Chapter 6: WORKING WITH USER ACCOUNTS USER PROFILE CONTENTS • User-stored documents and files • Application configurations and settings • Desktop and environment settings • Control Panel settings and configurations

  37. Chapter 6: WORKING WITH USER ACCOUNTS USER PROFILE DIRECTORY STRUCTURE

  38. Chapter 6: WORKING WITH USER ACCOUNTS USING LOCAL PROFILES • Stored on the local system • Available only when the user logs on to that system • Can be modified by the user as needed

  39. Chapter 6: WORKING WITH USER ACCOUNTS USING ROAMING PROFILES • Allows a user to have the same working environment from any client computer she logs on to. • Central storage provides for easier backup.

  40. Chapter 6: WORKING WITH USER ACCOUNTS USING MANDATORY PROFILES • Can be either local or roaming. • User can make changes, but changes are not saved when user logs off. • Renaming Ntuser.dat to Ntuser.man designates profile as mandatory.

  41. Chapter 6: WORKING WITH USER ACCOUNTS MONITORING AND TROUBLESHOOTING USER AUTHENTICATION • Using password policies • Using account lockout policies

  42. Chapter 6: WORKING WITH USER ACCOUNTS USING PASSWORD POLICIES • Provides a mechanism to control password use in the organization. • Should strike a balance between usability and security. • Creating a password policy that is too demanding increases password-related support calls.

  43. Chapter 6: WORKING WITH USER ACCOUNTS USING ACCOUNT LOCKOUT POLICIES • Account Lockout Threshold • Account Lockout Duration • Reset Account Lockout Counter After

  44. Chapter 6: WORKING WITH USER ACCOUNTS ACTIVE DIRECTORY CLIENTS • Windows 2000, Windows XP, and Windows Server 2003 include full Active Directory client capabilities. • Windows 95, Windows 98, Windows Me, and Windows NT 4 require additional client software to gain full Active Directory functionality.

  45. Chapter 6: WORKING WITH USER ACCOUNTS AUDITING AUTHENTICATION • Allows you to track failed and successful logon attempts • Can form part of a security policy • Creates minimal system overhead in all but largest environments • Events are created in the Security log • The security log can be viewed with Event Viewer

More Related