1 / 56

Managing User Accounts and Profiles

This guide helps you understand and manage local and domain user accounts, including creating, modifying, and automating user creation. Learn about user profiles, including roaming user profiles.

ushas
Télécharger la présentation

Managing User Accounts and Profiles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Goals • Understand local user accounts • Set and modify local user account properties • Create a domain user account • Set domain user account properties • Automate user creation and modification • Understand user profiles • Create a roaming user profile

  2. (Skill 1) Introducing Local User Accounts Local user account • Identifies a user on a network • Enables a user to access network resources, such as files, printers, and databases • Enables a user to access local resources on the computer where the user is logged on • Authenticates the identity of a system or user by verifying the user logon name and password

  3. (Skill 1) Introducing Local User Accounts (2) Types of user accounts • Domain user account • Created in Active Directory • Can be used to log on from any computer in the forest • Local user account • Allows a user to log on only to a local computer • Allows access to the resources on that computer

  4. (Skill 1) Introducing Local User Accounts (3) Factors to consider when planning user accounts • Naming conventions • Solidify an identification pattern for the users in a domain • Follow a consistent naming convention so users can easily remember and locate their logon names • Passwords • Play a very important role in protecting user access to a domain or a computer • Each user account is required to have a password

  5. (Skill 1) Introducing Local User Accounts (4) Built-in user accounts • Administrator account is used to manage the overall functioning of a computer • Guest account is used for infrequent users who must log on to access shared resources for a short duration

  6. (Skill 1) Figure 6-1 Creating a local user account

  7. (Skill 1) New user account Figure 6-2 New local user account in the Users folder

  8. (Skill 2) Setting and Modifying Local User Account Properties • Default properties for each local user account include the user name, password, and dial-in properties • Properties dialog box for a local user account • General tab • Member Of tab • Profile tab • Dial-in tab • Terminal Services settings • Terminal Services provides the ability to connect to a server from a remote location, as well as run a session as if you were physically sitting at the computer • These settings are accessed via the Environment, Sessions, Terminal Services Profile, and Remote Control tabs

  9. (Skill 2) Figure 6-3 Tabs on the Properties dialog box for a local user account

  10. (Skill 2) Used to specify the path to the user profile Figure 6-4 The Profile tab

  11. (Skill 2) Used to set Terminal Services timeout and reconnection settings Figure 6-5 The Sessions tab

  12. (Skill 2) Used to configure settings for remotely observing or controlling a Terminal Services client session Figure 6-6 The Remote control tab

  13. (Skill 2) Setting and Modifying Local User Account Properties (2) Managing user accounts • Renaming a user account • Resetting passwords • Unlocking user accounts • Disabling and enabling a user account • Deleting a user account

  14. (Skill 2) Specifies that the user cannot change the password Specifies that the password for the user account will never need to be changed Activated when the user breaches the account threshold Figure 6-7 Preventing a user from changing the password

  15. (Skill 2) Defines routes to be used for the dial-in connection Figure 6-8 Setting the dial-in properties

  16. (Skill 2) Figure 6-9 Modifying local user account properties

  17. (Skill 2) Figure 6-10 Setting a new password for a local user account

  18. (Skill 2) Figure 6-11 The Set Password for <user_name> dialog box

  19. Figure 6-12 Message confirming the changed password

  20. (Skill 2) Figure 6-13 Renaming a local user account

  21. (Skill 3) Creating a Domain User Account Domain user account • Used to log on to a domain and access network resources • Use the Active Directory Users and Computers console to create domain user accounts • Created in an OU on a domain controller • The domain controller replicates the new user account information to all of the other domain controllers in the domain • After replication, all domain controllers in the domain can authenticate the user during logon • All trusting domains allow the user account to gain access to their resources

  22. (Skill 3) Figure 6-14 Domain user account

  23. (Skill 3) Figure 6-15 Creating a domain user account in an OU

  24. (Skill 3) Figure 6-16 Creating a domain user account

  25. (Skill 3) Figure 6-17 Specifying a password for a new domain user account

  26. (Skill 3) Figure 6-18 Summary screen for a new domain user account

  27. (Skill 3) Figure 6-19 The new user in the Active Directory Users and Computers console

  28. (Skill 4) Setting Domain User Account Properties • Every user account has a set of default properties • Personal properties you define for a domain user account are useful when searching for users • Logon settings are used to specify the logon hours for a user • Dial-in settings include specifying whether a user can dial in from a remote location • Terminal Services settings allow a user to connect to a server from a remote location as well as run a session as if the user is physically sitting at the computer

  29. (Skill 4) Figure 6-20 Specifying user account properties

  30. (Skill 4) Figure 6-21 The Account tab for a domain user account

  31. (Skill 4) Figure 6-22 Specifying logon hours for a user account

  32. (Skill 5) Automating User Creation and Modification • Windows Server 2003 supports a variety of tools to automate the process of creating and modifying user accounts in a domain environment • Account templates • Importation tools • Scripting (for experienced administrators)

  33. (Skill 5) Automating User Creation and Modification (2) Account templates • User accounts created specifically for copying; no one can log on using the template account • Create the account • Fill out all of the information common to all users • Copy it when creating new user accounts • Templates can significantly reduce the headaches involved with adding users to small as well large networks

  34. (Skill 5) Automating User Creation and Modification (3) Importation utilities • Windows Server 2003 ships with two importation utilities helpful in creating large batches of user accounts • Csvde.exe • Ldifde.exe • Csvde (Comma separated value data exchange) • A utility designed to import and export objects into Active Directory using .csv files • .csv files can be used in Excel and most other spreadsheet programs

  35. (Skill 5) Automating User Creation and Modification (4) • Ldifde (LDAP data interchange format data exchange) • A utility that performs the same functions as Csvde.exe,only with .ldif files • .ldif files are specifically formatted text files supported by many third-party LDAP applications • Both Csvde.exe and Ldifde.exe are installed by default with Windows 2003 Server, and should be run from a command prompt on the server

  36. (Skill 5) Figure 6-23 Exporting user and computer accounts The –f parameter is used to specify the filename and the –r command is the export specific Filter command

  37. (Skill 5) All objects of the user object class have been exported to a .csv file that can be opened in Excel Figure 6-24 Userlist.csv

  38. (Skill 5) Figure 6-25 LDIF Directory Exchange parameters

  39. (Skill 6) Introducing User Profiles User profile • A collection of data that includes a user’s personal data, desktop settings, printer connections, network connections that are established when the user logs on to the network, and other settings • Helps provide a consistent desktop environment

  40. (Skill 6) Introducing User Profiles (2) Multiple users • User profiles enable multiple users to work from the same computer or a single user to work from multiple computers on a network without changing any of the settings • A user can customize the desktop environment without affecting another user’s settings • User profiles can be stored on a server so that users can use them on any computer running Microsoft Windows NT 4.0 or later

  41. (Skill 6) Introducing User Profiles (3) Local user profile • Limited to the computer you log on to and is stored on the system ’s local hard disk • Is created the first time you log on to a computer by copying the settings in the “default user” profile, and is the default type of profile • Any changes you make to your local user profile are also specific to the computer on which you made the changes

  42. (Skill 6) Introducing User Profiles (4) Roaming user profile • A profile that is stored on a network server and retrieved at user logon • This type of profile is especially helpful when a user has to work on multiple computers on a network, because he or she can have a uniform desktop on all computers they use • To enable a roaming profile, you must configure a network path to the roaming profile in the Properties for the user account

  43. (Skill 6) This hidden folder contains program specific data, such as a custom dictionary; program vendors determine the data to be stored in this folder The faded icons indicate that these are hidden folders This hidden folder contains shortcuts to document-handling utilities such as access to the floppy drive Contains user template items such as ones created in Microsoft Word and Microsoft Excel Contains Application data, History, and Temporary files Figure 6-26 A sample user profile folder

  44. (Skill 6) Introducing User Profiles (5) • In the User Profiles dialog box on the local computer, the user’s profile is automatically set to Roaming • Access this dialog box by clicking the Change Type button on the Advanced tab in the System Properties dialog box • Windows Server 2003 compares the locally stored user profile files for the user, and the roaming user profile files on the server where they are stored, and copies only the files that have changed since the last time the user logged on • When the user logs off, Windows Server 2003 copies the changes made to the local copy of the roaming user profile back to the network server

  45. (Skill 6) Introducing User Profiles (6) Mandatory user profile • A type of roaming profile used to specify particular settings for individuals or a group • Users can choose their own desktop settings for the computer they are logged on to, but none of these changes are saved when they log off • The mandatory profile settings are applied to the local computer each time the user logs on

  46. (Skill 6) Figure 6-27 The Change Profile Type dialog box

  47. (Skill 6) Contains desktop items such as folders and program shortcuts Contains saved shortcuts to Internet sites Contains shortcuts to programs Figure 6-28 Contents of the All Users folder

  48. (Skill 7) Creating a Roaming User Profile Standard roaming user profiles • Can be created for specific groups of users • Suggested practices • Always create standard roaming user profiles on the file server you back up most frequently to maintain copies of the latest settings • Place the roaming user profile folder on a member server rather than on a domain controller in order to improve logon performance

  49. (Skill 7) First, you must assign the Full Control share permission to the Authenticated Users group for the folder that will house the standard roaming user profile Figure 6-29 Assigning Full Control to the Authenticated Users Group

  50. (Skill 7) You must add the user account that will become the user profile template to the Print Operators group so that the user can log on to the domain controller and create a local user profile that can be copied; only the administrative and operator groups have the logon locally right by default Figure 6-30 Adding a user to the Print Operators group

More Related