Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter Five Users, Groups, Profiles, and Policies.

Published byAmarion Kimery Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter Five Users, Groups, Profiles, and Policies."— Presentation transcript:

1 Chapter Five Users, Groups, Profiles, and Policies

2 Objectives Understand local users and groups Understand local users and groups Understand user policies Understand user policies Understand the local security policies Understand the local security policies Create and manage user accounts Create and manage user accounts Create user profiles Create user profiles

3 Windows XP Professional User Accounts Local user accounts Local user accounts Exists on a single computer and cannot be used in any manner with domain resources or to gain domain access of any kind Exists on a single computer and cannot be used in any manner with domain resources or to gain domain access of any kind Domain user accounts Domain user accounts Exists in a domain by virtue of being created on a domain controller Exists in a domain by virtue of being created on a domain controller

4 Windows XP Professional User Accounts Local groups Local groups Group that exists only on the computer where it was created Group that exists only on the computer where it was created Can have users and global groups as members Can have users and global groups as members On a Windows XP Professional system, user accounts are used to govern or control access On a Windows XP Professional system, user accounts are used to govern or control access

5 Windows XP Professional User Accounts A Windows XP Professional system can exist as a: A Windows XP Professional system can exist as a: Standalone system Standalone system Workgroup member Workgroup member Domain network client Domain network client

6 Windows XP Professional User Accounts A Windows XP Professional local user account stores details about: A Windows XP Professional local user account stores details about: Security Security Access permissions Access permissions Preferences Preferences A user’s environmental settings and configuration preferences can be stored as a profile A user’s environmental settings and configuration preferences can be stored as a profile

7 Windows XP Professional User Accounts Password policy Password policy Defines the restrictions on passwords Defines the restrictions on passwords Account lockout policy Account lockout policy Defines the conditions that result in a user account being locked out Defines the conditions that result in a user account being locked out

8 Windows XP Professional User Accounts Audit policy Audit policy Defines the events that are recorded in the Security log of the Event Viewer Defines the events that are recorded in the Security log of the Event Viewer Security options Security options Defines and controls various security features, functions, and controls of the Windows XP environment Defines and controls various security features, functions, and controls of the Windows XP environment

9 Windows XP Professional User Accounts Windows XP implements its multiple-user system through the following: Windows XP implements its multiple-user system through the following: Groups Groups Resources Resources Policies Policies Profiles Profiles

10 Logging Onto Windows XP Windows XP uses logon authentication for two purposes: Windows XP uses logon authentication for two purposes: To maintain security and privacy within a network To maintain security and privacy within a network To track computer usage by user account To track computer usage by user account

11 Logging Onto Windows XP Windows XP supports two types of logons: Windows XP supports two types of logons: Windows Welcome Windows Welcome Completely new logon method to the Windows product line Completely new logon method to the Windows product line Classic Classic This method is Ctrl+Alt+Delete This method is Ctrl+Alt+Delete

12 Administrator Administrator account Administrator account Most powerful user account possible within the Windows XP environment Most powerful user account possible within the Windows XP environment Administrator account has the following characteristics: Administrator account has the following characteristics: It cannot be deleted It cannot be deleted It cannot be locked out It cannot be locked out

13 Administrator Administrator account has the following characteristics (cont.): Administrator account has the following characteristics (cont.): It can be disabled It can be disabled It can have a blank password It can have a blank password It can be renamed It can be renamed It cannot be removed from the Administrator local group It cannot be removed from the Administrator local group

14 Guest Guest account Guest account One of the least privileged user accounts in Windows XP One of the least privileged user accounts in Windows XP Guest account has the following characteristics: Guest account has the following characteristics: It cannot be deleted It cannot be deleted It can be locked out It can be locked out

15 Guest Guest account has the following characteristics (cont.): Guest account has the following characteristics (cont.): It can be disabled It can be disabled It can have a blank password It can have a blank password It can be renamed It can be renamed It can be removed from the Guest local group It can be removed from the Guest local group

16 Naming Conventions Predetermined process for creating names on a network standalone system Predetermined process for creating names on a network standalone system Should incorporate a scheme for user accounts, computers, directories, network shares, printers, and servers Should incorporate a scheme for user accounts, computers, directories, network shares, printers, and servers Should be descriptive enough so that anyone can figure out to which type of object the name corresponds Should be descriptive enough so that anyone can figure out to which type of object the name corresponds

17 Naming Conventions Naming convention needs to address the following four elements: Naming convention needs to address the following four elements: Must be consistent across all objects Must be consistent across all objects Must be easy to use and understand Must be easy to use and understand New names should be easily constructed by mimicking the composition of existing names New names should be easily constructed by mimicking the composition of existing names An object’s name should clearly identify that object’s type An object’s name should clearly identify that object’s type

18 User Account Applets Figure 5-1: User Accounts applet, User tab

19 User Account Applets Figure 5-2: Add New User Wizard, user name and domain page

20 User Account Applets Figure 5-3: Add New User Wizard, level of access page

21 User Account Applets Imported user account Imported user account A local account created by duplicating the name and password of an existing domain account A local account created by duplicating the name and password of an existing domain account An imported account can be used only when the Windows XP Professional system is able to communicate with the domain of the original account An imported account can be used only when the Windows XP Professional system is able to communicate with the domain of the original account

22 Local Users and Groups Figure 5-4: Local Users and Groups, Users node

23 Users Figure 5-5: A user account’s Properties dialog box, General tab

24 Users Figure 5-6: A user account’s Properties dialog box, Member Of tab

25 Users Figure 5-7: A user account’s Properties dialog box, Profile tab

26 Groups To provide the highest degree of control over resources, Windows XP uses two types of groups: To provide the highest degree of control over resources, Windows XP uses two types of groups: Local groups Local groups Exist only on the computer where they are created Exist only on the computer where they are created Global groups Global groups Exist throughout a domain Exist throughout a domain

27 Groups Figure 5-8: Local Users and Groups, Groups node

28 System Groups and Other Important Groups Windows XP has several built-in system controlled groups Windows XP has several built-in system controlled groups System-controlled groups are pre-existing groups that you cannot manage but that appear in dialog boxes when assigned group membership or access permissions System-controlled groups are pre-existing groups that you cannot manage but that appear in dialog boxes when assigned group membership or access permissions These groups can be used by the system to control or place restrictions on specific groups of users based on their activities These groups can be used by the system to control or place restrictions on specific groups of users based on their activities

29 User Profiles Collection of desktop and environmental configurations on a Windows XP system for a specific user or group of users Collection of desktop and environmental configurations on a Windows XP system for a specific user or group of users By default, each Windows XP computer maintains a profile for each user who has logged on to the computer, except for Guest accounts By default, each Windows XP computer maintains a profile for each user who has logged on to the computer, except for Guest accounts Optionally, an administrator can force users to load a so-called mandatory profile Optionally, an administrator can force users to load a so-called mandatory profile

30 User Profiles Figure 5-9: User Profiles dialog box

31 Local Profiles Set of specifications and preferences for an individual user, stored on a local machine Set of specifications and preferences for an individual user, stored on a local machine Windows XP provides each user with a folder containing their profile settings Windows XP provides each user with a folder containing their profile settings Local profiles are established by default for each user who logs onto a particular machine Local profiles are established by default for each user who logs onto a particular machine

32 Roaming Profiles A roaming profile resides on a network server to make to broadly accessible A roaming profile resides on a network server to make to broadly accessible When a user whose profile is designated as roaming logs onto any Windows XP system on the network, that profile is automatically downloaded when the user logs on When a user whose profile is designated as roaming logs onto any Windows XP system on the network, that profile is automatically downloaded when the user logs on This process avoids having to store a local profile on each workstation that a user uses This process avoids having to store a local profile on each workstation that a user uses

33 Local Security Policy Windows XP has combined several security and access controls into a centralized policy: Windows XP has combined several security and access controls into a centralized policy: This centralized policy is called the group policy This centralized policy is called the group policy There are group policies for local computers, groups, domains, and organizational units There are group policies for local computers, groups, domains, and organizational units

34 Password Policy Figure 5-10: Local Security Settings, Password Policy selected

35 Account Lockout Policy The items in this policy are: The items in this policy are: Account lockout threshold: 0 Invalid logon attempts Account lockout threshold: 0 Invalid logon attempts Account lockout duration: Not Defined Account lockout duration: Not Defined Reset account counter after: Not Defined Reset account counter after: Not Defined

36 Audit Policy Defines the events that are recorded in the Security log of the Event Viewer Defines the events that are recorded in the Security log of the Event Viewer Auditing is used to track resource usage Auditing is used to track resource usage Each item in this list can be set to audit the Success and/or Failure of the event Each item in this list can be set to audit the Success and/or Failure of the event

37 User Rights Policy Defines which groups or users can perform the specific privileged action Defines which groups or users can perform the specific privileged action Troubleshooting user rights is a process of test, re-configure, and retest Troubleshooting user rights is a process of test, re-configure, and retest For more details on user rights, consult the Microsoft Windows XP Professional Resource Kit For more details on user rights, consult the Microsoft Windows XP Professional Resource Kit

38 Security Options Defines and controls various security features, functions, and controls of the Windows XP environment Defines and controls various security features, functions, and controls of the Windows XP environment For more details on security options, consult the Microsoft Windows XP Professional Resource Kit For more details on security options, consult the Microsoft Windows XP Professional Resource Kit

39 Troubleshooting Cached Credentials Windows XP Professional automatically caches a user’s credentials in the Registry when a domain logon or.NET passport logon is performed Windows XP Professional automatically caches a user’s credentials in the Registry when a domain logon or.NET passport logon is performed Caching of credentials is used to enable a single sign-on requirements Caching of credentials is used to enable a single sign-on requirements Caching of credentials can be disabled through two means from the Windows XP Professional client Caching of credentials can be disabled through two means from the Windows XP Professional client Cached logons are stored within a utility named “Stored User Names and Passwords” Cached logons are stored within a utility named “Stored User Names and Passwords”

40 Troubleshooting Cached Credentials Problems can occur with stored credentials Problems can occur with stored credentials If you discover that you are being authenticated as the wrong user account or with the wrong access level, you should remove the stored account information for that server or domain If you discover that you are being authenticated as the wrong user account or with the wrong access level, you should remove the stored account information for that server or domain Another problem is being unable to access resources to which you previously had access Another problem is being unable to access resources to which you previously had access Yet another problem might occur when you obtain access to a resource to which you should not have access Yet another problem might occur when you obtain access to a resource to which you should not have access

41 File and Settings Transfer Wizard Used to move your data files and personal desktop settings from another computer to your new Windows XP Professional system Used to move your data files and personal desktop settings from another computer to your new Windows XP Professional system Must have some sort of network connection between the two systems Must have some sort of network connection between the two systems Using this Wizard, you can transfer files from Windows 95, 98, SE, Me, NT, 2000, or XP systems Using this Wizard, you can transfer files from Windows 95, 98, SE, Me, NT, 2000, or XP systems

42 Chapter Summary Windows XP Professional can employ three types of users Windows XP Professional can employ three types of users Users are collected into groups to simplify management and grant access or privileges Users are collected into groups to simplify management and grant access or privileges Users and groups are managed through the User Accounts applet and the Local Users and Groups utility Users and groups are managed through the User Accounts applet and the Local Users and Groups utility

43 Chapter Summary User profiles can be local profiles when working with local users or imported users, or they can be roaming when using a domain-user account User profiles can be local profiles when working with local users or imported users, or they can be roaming when using a domain-user account User profiles store a wide variety of personalized or custom data about a user’s environment User profiles store a wide variety of personalized or custom data about a user’s environment The Local Security Policy is used to manage password, account lockout, audit, user rights, security options, and more The Local Security Policy is used to manage password, account lockout, audit, user rights, security options, and more

Download ppt "Chapter Five Users, Groups, Profiles, and Policies."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.

Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Six Creating and Managing User.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Six Creating and Managing User.

Similar presentations

Ads by Google