1 / 48

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies. Objectives. Understand Windows XP Professional user accounts Understand the different types of logons Understand how to log on to Windows XP Understand naming conventions

dreama
Télécharger la présentation

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-270: MCSE Guide to Microsoft Windows XP ProfessionalChapter 5: Users, Groups, Profiles, and Policies

  2. Objectives • Understand Windows XP Professional user accounts • Understand the different types of logons • Understand how to log on to Windows XP • Understand naming conventions • Create and manage local user accounts • Planning groups and system groups 70-270: MCSE Guide to Microsoft Windows XP Professional

  3. Objectives (continue) • Work with Windows XP as a domain client • Create user profiles • Work with group policies • Troubleshoot cached credentials • Understand the Files and Settings Transfer Wizard and the User State Migration Tool (USMT) 70-270: MCSE Guide to Microsoft Windows XP Professional

  4. Windows XP Professional User Accounts • Designed for use as a network client for: • Windows NT • Windows 2000 • Windows Server 2003 • Member of a workgroup • Standalone operating system 70-270: MCSE Guide to Microsoft Windows XP Professional

  5. Types of Windows XP Professional User Accounts • Local user account • Exists on a single computer • No domain access • Domain user account • Exists throughout a domain • Can be used on any domain member computer 70-270: MCSE Guide to Microsoft Windows XP Professional

  6. How Accounts Interact with a Windows XP Professional System • Standalone system, automatic logon • Standalone system • Workgroup member • Domain network client 70-270: MCSE Guide to Microsoft Windows XP Professional

  7. Supporting More Than One User • Multiple-user systems • Implemented through: • Groups • Resources • Policies • Profiles 70-270: MCSE Guide to Microsoft Windows XP Professional

  8. Types of Logon • Logon authentication has two purposes: • Maintain security • Track computer usage 70-270: MCSE Guide to Microsoft Windows XP Professional

  9. Windows Welcome Logon Method • Completely new logon method • Designed for use on standalone or workgroup member systems • List of user accounts with icons • Fast User Switching, • Switch users without logoff 70-270: MCSE Guide to Microsoft Windows XP Professional

  10. Classic Logon Method • Press Ctrl+Alt+Delete to access WinLogon security dialog box • Required for domain member systems 70-270: MCSE Guide to Microsoft Windows XP Professional

  11. Logging On to Windows XP • XP automatically creates accounts • Administrator • Guest 70-270: MCSE Guide to Microsoft Windows XP Professional

  12. Administrator • Most powerful user account possible • Unlimited access and unrestricted privileges • Must be protected from misuse • Complicated password should be used • Should rename this account 70-270: MCSE Guide to Microsoft Windows XP Professional

  13. Administrator (continued) • Characteristics: • Cannot be deleted • Cannot be locked out • Can be disabled • Can have a blank password (however, this is not recommended) • Can be renamed (which is recommended) • Cannot be removed from the Administrators local group 70-270: MCSE Guide to Microsoft Windows XP Professional

  14. Guest • One of the least privileged user accounts • Limited access to resources and computer activities • Should rename account • Member of the Everyone group • Recommended to leave the Guest account disabled 70-270: MCSE Guide to Microsoft Windows XP Professional

  15. Guest (continued) • Characteristics: • Cannot be deleted • Can be locked out • Can be disabled (it is disabled by default) • Can have a blank password (it is blank by default) • Can be renamed (which is recommended) • Can be removed from the Guests local group 70-270: MCSE Guide to Microsoft Windows XP Professional

  16. Naming Conventions • Predetermined process for creating names on network or standalone system • Should incorporate a scheme for: • User accounts • Computers • Directories • Network shares • Printers • Servers 70-270: MCSE Guide to Microsoft Windows XP Professional

  17. Managing Local User Accounts • Two types: • Local representations of domain/network user accounts • Created from scratch locally • User Accounts applet • Used to create local representation • Local Users and Groups snap-in • Used to create accounts from scratch 70-270: MCSE Guide to Microsoft Windows XP Professional

  18. User Accounts Applet • Users tab • Lists active users • Add New User wizard to add users • Advanced tab • Access to • Password and passport management • Advanced user management • Secure logon settings 70-270: MCSE Guide to Microsoft Windows XP Professional

  19. Local Users and Groups • Create and manage local users • Console tree nodes: • Users • Groups 70-270: MCSE Guide to Microsoft Windows XP Professional

  20. Planning Groups and System Groups • Plan how to manage groups • Pair groups with resources for administrative control • Ongoing administrative task: • Adding and removing users from groups 70-270: MCSE Guide to Microsoft Windows XP Professional

  21. Working with Groups You’ve Made • Must have a Windows NT, 2000, or Server 2003 in client/server environment • Resource • Has local groups assigned to it • Global user groups • Assigned to local resource groups • Users • Assigned to global groups 70-270: MCSE Guide to Microsoft Windows XP Professional

  22. Assigning users access to resources using groups 70-270: MCSE Guide to Microsoft Windows XP Professional

  23. Working with Default Groups • Administrators • Backup Operators • Guests • Network Configuration Operators • Power Users 70-270: MCSE Guide to Microsoft Windows XP Professional

  24. Working with Default Groups (continued) • Remote Desktop Users • Replicator • Users • HelpServicesGroup 70-270: MCSE Guide to Microsoft Windows XP Professional

  25. Working with System Groups and Other Important Groups • Built-in system-controlled groups • Preexisting groups • Cannot be edited • Used by system to control or place restrictions on specific groups of users based on activities 70-270: MCSE Guide to Microsoft Windows XP Professional

  26. Windows XP as a Domain Client • Can serve as a client to an Active Directory domain • Centralized control of user accounts and overall security • Resources centrally located • Management of access easier than a workgroup network 70-270: MCSE Guide to Microsoft Windows XP Professional

  27. Adding a System as a Domain Client • Add a Windows XP Professional system as a client in domain network: • Administrator creates computer account in the domain • Computer account in the domain is generated from the client • Remove a client from a domain: • Join a workgroup 70-270: MCSE Guide to Microsoft Windows XP Professional

  28. Controlling a Domain Client • Domain enforces control using group policy objects (GPOs) • GPOs • Registry templates • Forced onto a system each time it starts or each time a user logs on • Domain-level version of the local security policy 70-270: MCSE Guide to Microsoft Windows XP Professional

  29. Access to Systems and Resources by a Domain Client • Only members of domain can access systems and resources within domain • Resources accessed through My Network Places 70-270: MCSE Guide to Microsoft Windows XP Professional

  30. Group Types assigned by a Domain Client • Administrators • Backup Operators • Guests • HelpServicesGroup • Network Configuration Operators 70-270: MCSE Guide to Microsoft Windows XP Professional

  31. Group Types assigned by a Domain Client (continued) • Power Users • Remote Desktop Users • Replicator • Users 70-270: MCSE Guide to Microsoft Windows XP Professional

  32. Active Directory Domain Containers • Active Directory domain containers: • Logical: • Domain • Organizational Unit (OU) • Physical: • Site 70-270: MCSE Guide to Microsoft Windows XP Professional

  33. User Profiles • Collection of desktop and environmental configurations • Computer maintains profile for each user • Material such as: • Application data • My Documents • Cookies • Etc. 70-270: MCSE Guide to Microsoft Windows XP Professional

  34. Local Profiles • Set of specifications and preferences • For an individual user • Stored on local machine • Reside in the %username% subdirectory beneath the \Documents and Settings directory • Set up by example • Saved on logout 70-270: MCSE Guide to Microsoft Windows XP Professional

  35. Roaming Profiles • Resides on a network server • Automatically downloaded to any system when user logs on • Default path designation: • \\computername\username 70-270: MCSE Guide to Microsoft Windows XP Professional

  36. Application of Group Policies • Several security and access controls • Group policies (GPOs) can be defined for: • Domain • Sites • Organizational units (OUs) • Local computer group policy managed from a Windows XP Professional system • Policies applied in order: • LSDOU (local, site, domain, organizational unit) 70-270: MCSE Guide to Microsoft Windows XP Professional

  37. Password Policy • Defines the restrictions on passwords • Includes password age, length, etc. 70-270: MCSE Guide to Microsoft Windows XP Professional

  38. Account Lockout Policy • Conditions that result when a user account is locked out • Used to prevent brute force attacks against user accounts • Items: • Account lockout threshold • Account lockout duration • Reset account lockout counter after 70-270: MCSE Guide to Microsoft Windows XP Professional

  39. Audit Policy • Defines events recorded in Security log of Event Viewer • Used to track resource usage • Items (not full list): • Audit directory service access • Audit logon events • Audit account logon events • Audit system events 70-270: MCSE Guide to Microsoft Windows XP Professional

  40. User Rights Assignment • Defines which groups or users can perform the specific privileged action • Items (not full list): • Access this computer from the network • Back up files and directories • Change the system time • Load and unload device drivers • Profile single process • Shut down the system 70-270: MCSE Guide to Microsoft Windows XP Professional

  41. Security Options • Controls various security features, functions, and controls of environment • Items (not full list): • Accounts • Devices • Domain member • Microsoft network server 70-270: MCSE Guide to Microsoft Windows XP Professional

  42. Group Policies • Domain-level version of the local security policy • Two primary divisions: • Computer Configuration • User Configuration 70-270: MCSE Guide to Microsoft Windows XP Professional

  43. Troubleshooting Cached Credentials • Automatically caches user’s credentials in the Registry • When domain logon or .NET Passport logon is performed • Can be disabled: • Enable the group policy setting of Interactive logon • Set the cachedlogonscount Registry value to 0 70-270: MCSE Guide to Microsoft Windows XP Professional

  44. Files and Settings Transfer Wizard • Move data files and personal desktop settings from another computer to new Windows XP Professional system • Must have some sort of network connection between the two systems • Transfer files from Windows 95, 98, SE, Me, NT, 2000, or XP systems • Transfer process can take considerable time 70-270: MCSE Guide to Microsoft Windows XP Professional

  45. User State Migration Tool (USMT) • Supports migration to user data from Windows 9x, Windows NT Workstation 4.0, and Windows 2000 Professional to a Windows XP Professional system • Able to transfer the same files and settings that the Files and Settings Transfer Wizard can • Fully configurable and scriptable 70-270: MCSE Guide to Microsoft Windows XP Professional

  46. User State Migration Tool (USMT) (continued) • Two command-line utilities: • ScanState • LoadState • Read instructions and control parameters from INF files • ScanState • Used to create a backup of the user data • LoadState • Used to copy the data onto new target system 70-270: MCSE Guide to Microsoft Windows XP Professional

  47. Summary • Three types of users: • Locally created users • Imported users • Domain users • Users are collected into groups • Simplifies management and grant access or privileges • There are two built-in users, Administrator and Guest, and several built-in groups • Profiles can be local or roaming 70-270: MCSE Guide to Microsoft Windows XP Professional

  48. Summary (continued) • Group policies are domain-level versions of the local security policy. • The Files and Settings Transfer Wizard • Used to move data files and personal desktop settings from one system to another. • The User State Migration Tool • Used for enterprise migrations 70-270: MCSE Guide to Microsoft Windows XP Professional

More Related