1 / 43
Télécharger la présentation

Managing User Accounts and Security Policies in Windows XP Professional

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter Five Users, Groups, Profiles, and Policies

  2. Objectives • Understand local users and groups • Understand user policies • Understand the local security policies • Create and manage user accounts • Create user profiles

  3. Windows XP Professional User Accounts • Local user accounts • Exists on a single computer and cannot be used in any manner with domain resources or to gain domain access of any kind • Domain user accounts • Exists in a domain by virtue of being created on a domain controller

  4. Windows XP Professional User Accounts • Local groups • Group that exists only on the computer where it was created • Can have users and global groups as members • On a Windows XP Professional system, user accounts are used to govern or control access

  5. Windows XP Professional User Accounts • A Windows XP Professional system can exist as a: • Standalone system • Standalone system • Workgroup member • Domain network client

  6. Windows XP Professional User Accounts • A Windows XP Professional local user account stores details about: • Security • Access permissions • Preferences • A user’s environmental settings and configuration preferences can be stored as a profile

  7. Windows XP Professional User Accounts • Password policy • Defines the restrictions on passwords • Account lockout policy • Defines the conditions that result in a user account being locked out

  8. Windows XP Professional User Accounts • Audit policy • Defines the events that are recorded in the Security log of the Event Viewer • Security options • Defines and controls various security features, functions, and controls of the Windows XP environment

  9. Windows XP Professional User Accounts • Windows XP implements its multiple-user system through the following: • Groups • Resources • Policies • Profiles

  10. Logging Onto Windows XP • Windows XP uses logon authentication for two purposes: • To maintain security and privacy within a network • To track computer usage by user account

  11. Logging Onto Windows XP • Windows XP supports two types of logons: • Windows Welcome • Completely new logon method to the Windows product line • Classic • This method is Ctrl+Alt+Delete

  12. Administrator • Administrator account • Most powerful user account possible within the Windows XP environment • Administrator account has the following characteristics: • It cannot be deleted • It cannot be locked out

  13. Administrator • Administrator account has the following characteristics (cont.): • It can be disabled • It can have a blank password • It can be renamed • It cannot be removed from the Administrator local group

  14. Guest • Guest account • One of the least privileged user accounts in Windows XP • Guest account has the following characteristics: • It cannot be deleted • It can be locked out

  15. Guest • Guest account has the following characteristics (cont.): • It can be disabled • It can have a blank password • It can be renamed • It can be removed from the Guest local group

  16. Naming Conventions • Predetermined process for creating names on a network standalone system • Should incorporate a scheme for user accounts, computers, directories, network shares, printers, and servers • Should be descriptive enough so that anyone can figure out to which type of object the name corresponds

  17. Naming Conventions • Naming convention needs to address the following four elements: • Must be consistent across all objects • Must be easy to use and understand • New names should be easily constructed by mimicking the composition of existing names • An object’s name should clearly identify that object’s type

  18. User Account Applets Figure 5-1: User Accounts applet, User tab

  19. User Account Applets Figure 5-2: Add New User Wizard, user name and domain page

  20. User Account Applets Figure 5-3: Add New User Wizard, level of access page

  21. User Account Applets • Imported user account • A local account created by duplicating the name and password of an existing domain account • An imported account can be used only when the Windows XP Professional system is able to communicate with the domain of the original account

  22. Local Users and Groups Figure 5-4: Local Users and Groups, Users node

  23. Users Figure 5-5: A user account’s Properties dialog box, General tab

  24. Users Figure 5-6: A user account’s Properties dialog box, Member Of tab

  25. Users Figure 5-7: A user account’s Properties dialog box, Profile tab

  26. Groups • To provide the highest degree of control over resources, Windows XP uses two types of groups: • Local groups • Exist only on the computer where they are created • Global groups • Exist throughout a domain

  27. Groups Figure 5-8: Local Users and Groups, Groups node

  28. System Groups and Other Important Groups • Windows XP has several built-in system controlled groups • System-controlled groups are pre-existing groups that you cannot manage but that appear in dialog boxes when assigned group membership or access permissions • These groups can be used by the system to control or place restrictions on specific groups of users based on their activities

  29. User Profiles • Collection of desktop and environmental configurations on a Windows XP system for a specific user or group of users • By default, each Windows XP computer maintains a profile for each user who has logged on to the computer, except for Guest accounts • Optionally, an administrator can force users to load a so-called mandatory profile

  30. User Profiles Figure 5-9: User Profiles dialog box

  31. Local Profiles • Set of specifications and preferences for an individual user, stored on a local machine • Windows XP provides each user with a folder containing their profile settings • Local profiles are established by default for each user who logs onto a particular machine

  32. Roaming Profiles • A roaming profile resides on a network server to make to broadly accessible • When a user whose profile is designated as roaming logs onto any Windows XP system on the network, that profile is automatically downloaded when the user logs on • This process avoids having to store a local profile on each workstation that a user uses

  33. Local Security Policy • Windows XP has combined several security and access controls into a centralized policy: • This centralized policy is called the group policy • There are group policies for local computers, groups, domains, and organizational units

  34. Password Policy Figure 5-10: Local Security Settings, Password Policy selected

  35. Account Lockout Policy • The items in this policy are: • Account lockout threshold: 0 Invalid logon attempts • Account lockout duration: Not Defined • Reset account counter after: Not Defined

  36. Audit Policy • Defines the events that are recorded in the Security log of the Event Viewer • Auditing is used to track resource usage • Each item in this list can be set to audit the Success and/or Failure of the event

  37. User Rights Policy • Defines which groups or users can perform the specific privileged action • Troubleshooting user rights is a process of test, re-configure, and retest • For more details on user rights, consult the Microsoft Windows XP Professional Resource Kit

  38. Security Options • Defines and controls various security features, functions, and controls of the Windows XP environment • For more details on security options, consult the Microsoft Windows XP Professional Resource Kit

  39. Troubleshooting Cached Credentials • Windows XP Professional automatically caches a user’s credentials in the Registry when a domain logon or .NET passport logon is performed • Caching of credentials is used to enable a single sign-on requirements • Caching of credentials can be disabled through two means from the Windows XP Professional client • Cached logons are stored within a utility named “Stored User Names and Passwords”

  40. Troubleshooting Cached Credentials • Problems can occur with stored credentials • If you discover that you are being authenticated as the wrong user account or with the wrong access level, you should remove the stored account information for that server or domain • Another problem is being unable to access resources to which you previously had access • Yet another problem might occur when you obtain access to a resource to which you should not have access

  41. File and Settings Transfer Wizard • Used to move your data files and personal desktop settings from another computer to your new Windows XP Professional system • Must have some sort of network connection between the two systems • Using this Wizard, you can transfer files from Windows 95, 98, SE, Me, NT, 2000, or XP systems

  42. Chapter Summary • Windows XP Professional can employ three types of users • Users are collected into groups to simplify management and grant access or privileges • Users and groups are managed through the User Accounts applet and the Local Users and Groups utility

  43. Chapter Summary • User profiles can be local profiles when working with local users or imported users, or they can be roaming when using a domain-user account • User profiles store a wide variety of personalized or custom data about a user’s environment • The Local Security Policy is used to manage password, account lockout, audit, user rights, security options, and more

More Related