Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference."— Presentation transcript:

1 11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3

2 Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference between local and domain accounts  Create and modify a user account in Microsoft Windows XP Professional Edition  Explain the use of and configure groups  Configure Fast User Switching  Troubleshoot common password and logon problems  Explain the difference between local and domain accounts  Create and modify a user account in Microsoft Windows XP Professional Edition  Explain the use of and configure groups  Configure Fast User Switching  Troubleshoot common password and logon problems

3 Chapter 3: Supporting Local Users and Groups3 SUPPORTING LOCAL USERS AND GROUPS (CONTINUED)  Explain how Local Security Policy affects a computer running Windows XP  Use the Local Security Policy tool to change security settings  Identify the important security settings that are available through Local Security Policy  Explain how Local Security Policy affects a computer running Windows XP  Use the Local Security Policy tool to change security settings  Identify the important security settings that are available through Local Security Policy

4 Chapter 3: Supporting Local Users and Groups4 LOCAL ACCOUNTS  Local accounts are used for the following activities:  To gain initial access to the computer  To control access to local computer resources  To control access to network resources  Specific to one PC only  Used in a workgroup setting  Local accounts are used for the following activities:  To gain initial access to the computer  To control access to local computer resources  To control access to network resources  Specific to one PC only  Used in a workgroup setting

5 Chapter 3: Supporting Local Users and Groups5 LOCAL ACCOUNTS right click my computer and choose manage

6 Chapter 3: Supporting Local Users and Groups6 USER ACCOUNTS  Account management is a comprehensive topic that includes:  Auditing of account activity  Creation of user and group accounts, and management of account properties  Password and account lockout policy configuration  User rights assignments  Account management is a comprehensive topic that includes:  Auditing of account activity  Creation of user and group accounts, and management of account properties  Password and account lockout policy configuration  User rights assignments

7 Chapter 3: Supporting Local Users and Groups7 DEFAULT USER ACCOUNTS – can not be deleted  Administrator – Most important user  Guest – limited privileges, used for guests  HelpAssistant – builtin for remote assistance  SUPPORT_susux – used by Microsoft when providing remote support through Help and Support Service.  Administrator – Most important user  Guest – limited privileges, used for guests  HelpAssistant – builtin for remote assistance  SUPPORT_susux – used by Microsoft when providing remote support through Help and Support Service.

8 Chapter 3: Supporting Local Users and Groups8 CREATING USER ACCOUNTS

9 Chapter 3: Supporting Local Users and Groups9 USER ACCOUNT PROPERTIES, GENERAL TAB

10 Chapter 3: Supporting Local Users and Groups10 USER ACCOUNT PROPERTIES, PROFILE TAB

11 Chapter 3: Supporting Local Users and Groups11 USER ACCOUNT ACTION MENU

12 Chapter 3: Supporting Local Users and Groups12 GROUP ACCOUNTS  Group accounts are used to simplify the assignment of security features by associating user accounts that have common needs.  For example the administrators group will store all users who have administrative rights on the local machine.  Group accounts are used to simplify the assignment of security features by associating user accounts that have common needs.  For example the administrators group will store all users who have administrative rights on the local machine.

13 Chapter 3: Supporting Local Users and Groups13 DEFAULT GROUP ACCOUNTS  There are several default, built-in groups in Windows XP Professional Edition. The most common of these are:  Administrators group  Backup Operators group  Guest group  Power Users group  Users group  There are several default, built-in groups in Windows XP Professional Edition. The most common of these are:  Administrators group  Backup Operators group  Guest group  Power Users group  Users group

14 Chapter 3: Supporting Local Users and Groups14 CREATING GROUP ACCOUNTS

15 Chapter 3: Supporting Local Users and Groups15 SECURITY IDENTIFIERS (SIDS)  User accounts and groups are considered security principals. Meaning that you can grant them access on a computer. Every security principal has a unique Security Identifier (SID) assigned to it at the time of creation.  Basically a number associated with a user or a group used for tracking security settings. It is easier for the OS to track a number rather than a Name.  User accounts and groups are considered security principals. Meaning that you can grant them access on a computer. Every security principal has a unique Security Identifier (SID) assigned to it at the time of creation.  Basically a number associated with a user or a group used for tracking security settings. It is easier for the OS to track a number rather than a Name.

16 Chapter 3: Supporting Local Users and Groups16 LIMITATIONS OF WINDOWS XP HOME EDITION  Cannot create local groups  Local Users And Groups tool is not available—must use User Accounts tool  Supports only two types of accounts:  Computer Administrator  Limited  Does not have an account named Administrator  Cannot join a domain  Cannot create local groups  Local Users And Groups tool is not available—must use User Accounts tool  Supports only two types of accounts:  Computer Administrator  Limited  Does not have an account named Administrator  Cannot join a domain

17 Chapter 3: Supporting Local Users and Groups17 USER PROFILES  User profiles store user-specific configuration settings, such as customized desktops and personalized application settings

18 Chapter 3: Supporting Local Users and Groups18 Types of profiles Windows XP supports  Local – available only on the PC it was created on. XP pro and Home support this  Roaming – stored in a shared folder on a network server and are accessible from any location in a network. Only XP Pro.  Mandatory – roaming profiles that users cannot make permanent changes to. Mandatory profiles are used to enforce configuration settings. Only XP Pro.  Local – available only on the PC it was created on. XP pro and Home support this  Roaming – stored in a shared folder on a network server and are accessible from any location in a network. Only XP Pro.  Mandatory – roaming profiles that users cannot make permanent changes to. Mandatory profiles are used to enforce configuration settings. Only XP Pro.

19 Chapter 3: Supporting Local Users and Groups19 DOCUMENTS AND SETTINGS FOLDER – Storage Location for Local Profiles  Windows stores local user profiles in the Documents And Settings folder. This folder stores several files and folders containing configuration information and data for each user profile.

20 Chapter 3: Supporting Local Users and Groups20 LOCAL USER PROFILES  A local user profile is available only from the system on which it was created  A unique local user profile is created and stored on each computer a user logs on to  A local user profile is available only from the system on which it was created  A unique local user profile is created and stored on each computer a user logs on to

21 Chapter 3: Supporting Local Users and Groups21 HANDLING MULTIPLE PROFILES FOR THE SAME USER NAME  If a Windows XP Professional Edition computer is a member of a Windows domain, two users with the same user account name can log on to the same system.  If there were 2 Matts that logged onto a local machine 2 separate folders would be created. 1. C:\documents and settings\matt 2. C:\documents and settings\matt. where is the name of the local PC  If a Windows XP Professional Edition computer is a member of a Windows domain, two users with the same user account name can log on to the same system.  If there were 2 Matts that logged onto a local machine 2 separate folders would be created. 1. C:\documents and settings\matt 2. C:\documents and settings\matt. where is the name of the local PC

22 Chapter 3: Supporting Local Users and Groups22 ROAMING USER PROFILES – stored on a network server - this helps avoid the following 2 problems  Users will have a different profile on each machine they log on to  Without regular backup, if the local machine crashes, the profile could be lost  Users will have a different profile on each machine they log on to  Without regular backup, if the local machine crashes, the profile could be lost

23 Chapter 3: Supporting Local Users and Groups23 ENABLING ROAMING PROFILES  Create and share a folder on the server that will hold the roaming profiles  Make sure that the users have access to the shared folder  Specify the location of the roaming profile folder  Create and share a folder on the server that will hold the roaming profiles  Make sure that the users have access to the shared folder  Specify the location of the roaming profile folder

24 Chapter 3: Supporting Local Users and Groups24 ADDITIONAL POINTS ON ROAMING PROFILES  Roaming profiles are generally used in a domain environment  In a domain account, a roaming profile is created and configured once on a domain controller  Roaming profiles are generally used in a domain environment  In a domain account, a roaming profile is created and configured once on a domain controller

25 Chapter 3: Supporting Local Users and Groups25 MANDATORY USER PROFILES  Mandatory user profiles are applied to roaming user profiles. When a profile is made mandatory, users are unable to save changes to desktop settings.  Used when you don’t want users to change settings, such as desktop backgrounds and icons.  Mandatory user profiles are applied to roaming user profiles. When a profile is made mandatory, users are unable to save changes to desktop settings.  Used when you don’t want users to change settings, such as desktop backgrounds and icons.

26 Chapter 3: Supporting Local Users and Groups26 FAST USER SWITCHING  Allows multiple local user accounts to log on to a computer simultaneously  Users can switch sessions without logging off or closing programs  Running programs still consume computer resources  This can really slow down the PC. I would not recommend using it.  Allows multiple local user accounts to log on to a computer simultaneously  Users can switch sessions without logging off or closing programs  Running programs still consume computer resources  This can really slow down the PC. I would not recommend using it.

27 Chapter 3: Supporting Local Users and Groups27 TROUBLESHOOTING PASSWORD PROBLEMS  The user is mistyping the user name, password, or both  The user has the CAPS LOCK key engaged  The user is mistyping the user name, password, or both  The user has the CAPS LOCK key engaged

28 Chapter 3: Supporting Local Users and Groups28 SECURITY POLICY  Security policy is a combination of security settings that affect the security on a computer  Computers that are members of a workgroup are subject only to Local Security Policy  Computers that are members of a domain are subject to both Local Security Policy and Group Policy  Security policy is a combination of security settings that affect the security on a computer  Computers that are members of a workgroup are subject only to Local Security Policy  Computers that are members of a domain are subject to both Local Security Policy and Group Policy

29 Chapter 3: Supporting Local Users and Groups29 ORDER OF POLICY APPLICATION 1. Local Computer Policy is applied to the computer 2. Group Policy settings are applied for the Active Directory site of which the computer is a member 3. Group Policy settings are applied for the Active Directory domain of which the computer is a member 4. Group Policy settings configured for the Active Directory OU of which the computer is a member are applied 1. Local Computer Policy is applied to the computer 2. Group Policy settings are applied for the Active Directory site of which the computer is a member 3. Group Policy settings are applied for the Active Directory domain of which the computer is a member 4. Group Policy settings configured for the Active Directory OU of which the computer is a member are applied

30 Chapter 3: Supporting Local Users and Groups30 RESULTANT SET OF POLICY  Policy settings are cumulative, so all settings contribute to effective policy. The effective policy is called the Resultant Set of Policy (RSoP).

31 Chapter 3: Supporting Local Users and Groups31 ACCESSING LOCAL SECURITY POLICY

32 Chapter 3: Supporting Local Users and Groups32 CONFIGURABLE SECURITY OPTIONS  There are quite a few configurable security options in Windows XP  Including:  Shutdown: Allow System To Be Shut Down Without Having To Log On  Microsoft Network Server: Amount Of Idle Time Required Before Suspending A Session  Network Security: Force Logoff When Logon Hours Expire  Other security options  There are quite a few configurable security options in Windows XP  Including:  Shutdown: Allow System To Be Shut Down Without Having To Log On  Microsoft Network Server: Amount Of Idle Time Required Before Suspending A Session  Network Security: Force Logoff When Logon Hours Expire  Other security options

33 Chapter 3: Supporting Local Users and Groups33 PASSWORD POLICY  Enforce password history  Maximum password age  Minimum password age  Minimum password length  Passwords must meet complexity requirements  Store password using reversible encryption for all users in the domain  Enforce password history  Maximum password age  Minimum password age  Minimum password length  Passwords must meet complexity requirements  Store password using reversible encryption for all users in the domain

34 Chapter 3: Supporting Local Users and Groups34 ACCOUNT LOCKOUT POLICY  Account Lockout Policy allows you to configure the computer to stop responding to logon requests from a user who has a valid logon name but who keeps entering the incorrect password. The policy settings are as follows:  Account Lockout Duration  Account Lockout Threshold  Reset Account Lockout After  Account Lockout Policy allows you to configure the computer to stop responding to logon requests from a user who has a valid logon name but who keeps entering the incorrect password. The policy settings are as follows:  Account Lockout Duration  Account Lockout Threshold  Reset Account Lockout After

35 Chapter 3: Supporting Local Users and Groups35 AUDITING  Auditing consists of two major components:  Audit policy  Audit entries  Auditing consists of two major components:  Audit policy  Audit entries

36 Chapter 3: Supporting Local Users and Groups36 CHOOSING EVENTS TO AUDIT  There are several types of events that can be audited based on the specific security needs of the given system.  Table 3-1 lists these Auditable events  There are several types of events that can be audited based on the specific security needs of the given system.  Table 3-1 lists these Auditable events

37 Chapter 3: Supporting Local Users and Groups37 POTENTIAL EVENTS TO AUDIT  Shutting down and restarting the computer  Users logging on at odd hours  Users logging on to computers they wouldn’t normally log on to  Users attempting to log on unsuccessfully  Changes to user and group accounts  Printer usage  Access to particular files and folders  Shutting down and restarting the computer  Users logging on at odd hours  Users logging on to computers they wouldn’t normally log on to  Users attempting to log on unsuccessfully  Changes to user and group accounts  Printer usage  Access to particular files and folders

38 Chapter 3: Supporting Local Users and Groups38 CONFIGURING AUDIT POLICY  Configure the audit policy  Enable auditing on specific resources  Configure the audit policy  Enable auditing on specific resources

39 Chapter 3: Supporting Local Users and Groups39 VIEWING AUDIT ENTRIES IN THE SECURITY LOG

40 Chapter 3: Supporting Local Users and Groups40 CHAPTER SUMMARY  Local user accounts are used to gain initial access to a computer and to control local resources.  Local groups are used to simplify the assignment of security features by associating user accounts that have common needs.  User profiles store user-specific configuration settings, such as customized desktops and personalized application settings.  Local user accounts are used to gain initial access to a computer and to control local resources.  Local groups are used to simplify the assignment of security features by associating user accounts that have common needs.  User profiles store user-specific configuration settings, such as customized desktops and personalized application settings.

41 Chapter 3: Supporting Local Users and Groups41 CHAPTER SUMMARY (CONTINUED)  Windows stores local user profiles in the Documents And Settings folder. This folder stores several files and folders containing configuration information and data for each user profile.  Password problems are a common issue with users. Make sure that they are typing their logon information correctly and that the Caps Lock key is not engaged.  Windows stores local user profiles in the Documents And Settings folder. This folder stores several files and folders containing configuration information and data for each user profile.  Password problems are a common issue with users. Make sure that they are typing their logon information correctly and that the Caps Lock key is not engaged.

42 Chapter 3: Supporting Local Users and Groups42 CHAPTER SUMMARY (CONTINUED)  Security policy is a combination of security settings that affect the security on a computer. Computers that are members of a workgroup are subject only to Local Security Policy. Computers that are members of a domain are subject to both Local Security Policy and Group Policy.

Download ppt "11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.

Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory

Administering Active Directory
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Six Creating and Managing User.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Six Creating and Managing User.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.

Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google