560 likes | 574 Vues
This guide helps you understand and manage local and domain user accounts, including creating, modifying, and automating user creation. Learn about user profiles, including roaming user profiles.
E N D
Goals • Understand local user accounts • Set and modify local user account properties • Create a domain user account • Set domain user account properties • Automate user creation and modification • Understand user profiles • Create a roaming user profile
(Skill 1) Introducing Local User Accounts Local user account • Identifies a user on a network • Enables a user to access network resources, such as files, printers, and databases • Enables a user to access local resources on the computer where the user is logged on • Authenticates the identity of a system or user by verifying the user logon name and password
(Skill 1) Introducing Local User Accounts (2) Types of user accounts • Domain user account • Created in Active Directory • Can be used to log on from any computer in the forest • Local user account • Allows a user to log on only to a local computer • Allows access to the resources on that computer
(Skill 1) Introducing Local User Accounts (3) Factors to consider when planning user accounts • Naming conventions • Solidify an identification pattern for the users in a domain • Follow a consistent naming convention so users can easily remember and locate their logon names • Passwords • Play a very important role in protecting user access to a domain or a computer • Each user account is required to have a password
(Skill 1) Introducing Local User Accounts (4) Built-in user accounts • Administrator account is used to manage the overall functioning of a computer • Guest account is used for infrequent users who must log on to access shared resources for a short duration
(Skill 1) Figure 6-1 Creating a local user account
(Skill 1) New user account Figure 6-2 New local user account in the Users folder
(Skill 2) Setting and Modifying Local User Account Properties • Default properties for each local user account include the user name, password, and dial-in properties • Properties dialog box for a local user account • General tab • Member Of tab • Profile tab • Dial-in tab • Terminal Services settings • Terminal Services provides the ability to connect to a server from a remote location, as well as run a session as if you were physically sitting at the computer • These settings are accessed via the Environment, Sessions, Terminal Services Profile, and Remote Control tabs
(Skill 2) Figure 6-3 Tabs on the Properties dialog box for a local user account
(Skill 2) Used to specify the path to the user profile Figure 6-4 The Profile tab
(Skill 2) Used to set Terminal Services timeout and reconnection settings Figure 6-5 The Sessions tab
(Skill 2) Used to configure settings for remotely observing or controlling a Terminal Services client session Figure 6-6 The Remote control tab
(Skill 2) Setting and Modifying Local User Account Properties (2) Managing user accounts • Renaming a user account • Resetting passwords • Unlocking user accounts • Disabling and enabling a user account • Deleting a user account
(Skill 2) Specifies that the user cannot change the password Specifies that the password for the user account will never need to be changed Activated when the user breaches the account threshold Figure 6-7 Preventing a user from changing the password
(Skill 2) Defines routes to be used for the dial-in connection Figure 6-8 Setting the dial-in properties
(Skill 2) Figure 6-9 Modifying local user account properties
(Skill 2) Figure 6-10 Setting a new password for a local user account
(Skill 2) Figure 6-11 The Set Password for <user_name> dialog box
(Skill 2) Figure 6-13 Renaming a local user account
(Skill 3) Creating a Domain User Account Domain user account • Used to log on to a domain and access network resources • Use the Active Directory Users and Computers console to create domain user accounts • Created in an OU on a domain controller • The domain controller replicates the new user account information to all of the other domain controllers in the domain • After replication, all domain controllers in the domain can authenticate the user during logon • All trusting domains allow the user account to gain access to their resources
(Skill 3) Figure 6-14 Domain user account
(Skill 3) Figure 6-15 Creating a domain user account in an OU
(Skill 3) Figure 6-16 Creating a domain user account
(Skill 3) Figure 6-17 Specifying a password for a new domain user account
(Skill 3) Figure 6-18 Summary screen for a new domain user account
(Skill 3) Figure 6-19 The new user in the Active Directory Users and Computers console
(Skill 4) Setting Domain User Account Properties • Every user account has a set of default properties • Personal properties you define for a domain user account are useful when searching for users • Logon settings are used to specify the logon hours for a user • Dial-in settings include specifying whether a user can dial in from a remote location • Terminal Services settings allow a user to connect to a server from a remote location as well as run a session as if the user is physically sitting at the computer
(Skill 4) Figure 6-20 Specifying user account properties
(Skill 4) Figure 6-21 The Account tab for a domain user account
(Skill 4) Figure 6-22 Specifying logon hours for a user account
(Skill 5) Automating User Creation and Modification • Windows Server 2003 supports a variety of tools to automate the process of creating and modifying user accounts in a domain environment • Account templates • Importation tools • Scripting (for experienced administrators)
(Skill 5) Automating User Creation and Modification (2) Account templates • User accounts created specifically for copying; no one can log on using the template account • Create the account • Fill out all of the information common to all users • Copy it when creating new user accounts • Templates can significantly reduce the headaches involved with adding users to small as well large networks
(Skill 5) Automating User Creation and Modification (3) Importation utilities • Windows Server 2003 ships with two importation utilities helpful in creating large batches of user accounts • Csvde.exe • Ldifde.exe • Csvde (Comma separated value data exchange) • A utility designed to import and export objects into Active Directory using .csv files • .csv files can be used in Excel and most other spreadsheet programs
(Skill 5) Automating User Creation and Modification (4) • Ldifde (LDAP data interchange format data exchange) • A utility that performs the same functions as Csvde.exe,only with .ldif files • .ldif files are specifically formatted text files supported by many third-party LDAP applications • Both Csvde.exe and Ldifde.exe are installed by default with Windows 2003 Server, and should be run from a command prompt on the server
(Skill 5) Figure 6-23 Exporting user and computer accounts The –f parameter is used to specify the filename and the –r command is the export specific Filter command
(Skill 5) All objects of the user object class have been exported to a .csv file that can be opened in Excel Figure 6-24 Userlist.csv
(Skill 5) Figure 6-25 LDIF Directory Exchange parameters
(Skill 6) Introducing User Profiles User profile • A collection of data that includes a user’s personal data, desktop settings, printer connections, network connections that are established when the user logs on to the network, and other settings • Helps provide a consistent desktop environment
(Skill 6) Introducing User Profiles (2) Multiple users • User profiles enable multiple users to work from the same computer or a single user to work from multiple computers on a network without changing any of the settings • A user can customize the desktop environment without affecting another user’s settings • User profiles can be stored on a server so that users can use them on any computer running Microsoft Windows NT 4.0 or later
(Skill 6) Introducing User Profiles (3) Local user profile • Limited to the computer you log on to and is stored on the system ’s local hard disk • Is created the first time you log on to a computer by copying the settings in the “default user” profile, and is the default type of profile • Any changes you make to your local user profile are also specific to the computer on which you made the changes
(Skill 6) Introducing User Profiles (4) Roaming user profile • A profile that is stored on a network server and retrieved at user logon • This type of profile is especially helpful when a user has to work on multiple computers on a network, because he or she can have a uniform desktop on all computers they use • To enable a roaming profile, you must configure a network path to the roaming profile in the Properties for the user account
(Skill 6) This hidden folder contains program specific data, such as a custom dictionary; program vendors determine the data to be stored in this folder The faded icons indicate that these are hidden folders This hidden folder contains shortcuts to document-handling utilities such as access to the floppy drive Contains user template items such as ones created in Microsoft Word and Microsoft Excel Contains Application data, History, and Temporary files Figure 6-26 A sample user profile folder
(Skill 6) Introducing User Profiles (5) • In the User Profiles dialog box on the local computer, the user’s profile is automatically set to Roaming • Access this dialog box by clicking the Change Type button on the Advanced tab in the System Properties dialog box • Windows Server 2003 compares the locally stored user profile files for the user, and the roaming user profile files on the server where they are stored, and copies only the files that have changed since the last time the user logged on • When the user logs off, Windows Server 2003 copies the changes made to the local copy of the roaming user profile back to the network server
(Skill 6) Introducing User Profiles (6) Mandatory user profile • A type of roaming profile used to specify particular settings for individuals or a group • Users can choose their own desktop settings for the computer they are logged on to, but none of these changes are saved when they log off • The mandatory profile settings are applied to the local computer each time the user logs on
(Skill 6) Figure 6-27 The Change Profile Type dialog box
(Skill 6) Contains desktop items such as folders and program shortcuts Contains saved shortcuts to Internet sites Contains shortcuts to programs Figure 6-28 Contents of the All Users folder
(Skill 7) Creating a Roaming User Profile Standard roaming user profiles • Can be created for specific groups of users • Suggested practices • Always create standard roaming user profiles on the file server you back up most frequently to maintain copies of the latest settings • Place the roaming user profile folder on a member server rather than on a domain controller in order to improve logon performance
(Skill 7) First, you must assign the Full Control share permission to the Authenticated Users group for the folder that will house the standard roaming user profile Figure 6-29 Assigning Full Control to the Authenticated Users Group
(Skill 7) You must add the user account that will become the user profile template to the Print Operators group so that the user can log on to the domain controller and create a local user profile that can be copied; only the administrative and operator groups have the logon locally right by default Figure 6-30 Adding a user to the Print Operators group