Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Server 2003 使用者及電腦帳號管理 林寶森

Published byAnn Todd Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows Server 2003 使用者及電腦帳號管理 林寶森"— Presentation transcript:

1 Windows Server 2003 使用者及電腦帳號管理 林寶森 jeffl@ms11.hinet.net

2 Introduction to User Accounts Domain User Accounts Enable users to log on to the domain to gain access to network resources Reside in Active Directory Enable users to log on to the domain to gain access to network resources Reside in Active Directory Local User Accounts Enable users to log on and access resources on a specific computer Reside in SAM Enable users to log on and access resources on a specific computer Reside in SAM Built-in User Accounts Enable users to perform administrative tasks or gain temporary access to network resources Reside in SAM (local built-in user accounts) Reside in Active Directory (domain built-in user accounts) Enable users to perform administrative tasks or gain temporary access to network resources Reside in SAM (local built-in user accounts) Reside in Active Directory (domain built-in user accounts) Administrator and Guest

3 Creating Local User Accounts New User User name: JYoung Full name: Description: Jonathan Young Password: ********** Confirm: ********** User must change password at next logon User cannot change password Password never expires Account is disabled Close Create

4 Creating Domain User Accounts New Object - (User) Create in: samerica1.nwtraders.msft/Ohio First name: Last name: Full name: User logon name: @ samerica1.nwtraders.msft User logon name (pre-Windows 2000): SAMER\ Cancel <Back Next> New Object - User Create in: nwtraders.msft/Users Password: Confirm Password: < BackNext >Cancel User must change password at next logon User cannot change password Password never expires Account is disabled ********

5 Introduction to User Logon Names User Principal Name – The suffix defaults to the name of the root domain, but it can be changed and others added User Logon Name (Pre-Windows 2000) – A user selects the domain when logging on User Logon Name Uniqueness Rules – Full name must be unique within the container – User principal name is unique within the forest – User logon name (pre-Windows 2000) is unique within the domain + + user name domain contoso suzanf @ @ Suffix Prefix suzanf@contoso.msft

6 Creating a User Principal Name Suffix Active Directory Domains and Trusts Action View Tree NameType Active Directory Domains and Trusts contoso.msft nwtraders.msft domain.DNS contoso.msft nwtraders.msft Opens property sheet for the current selection. Connect to Domain Controller… Operations Master… View Refresh Export List… Help Properties Active Directory Domains and Trusts Properties UPN Suffixes The names of the current domain and the root domain are the default user principal name (UPN) suffixes. Adding alternative domain names provides additional logon security and simplifies user logon names. If you want alternative UPN suffixes to appear during user creation, add them to the following list. Alternative UPN suffixes: contoso.msft AddAdd Remove OKCancelApply Add New Suffixes

7 Names Associated with Domain User Accounts Name Example User logon nameJayadams Pre-Windows 2000 logon name Nwtraders\jayadams User principal logon name Jayadams@nwtraders.msft LDAP relative distinguished name CN=jayadams,CN=users, dc=nwtraders,dc=msft

8 Setting Personal Properties Active Directory Add Personal Information About Users As Stored in Active Directory Use Personal Properties to Search Active Directory Student 01 Properties Remote control User01 Terminal Services Profile Member OfDial-inEnvironmentSessions General AddressAccountProfile Telephones Organization

9 When to Reset User Passwords Reset a password when a user forgets his or her password After resetting a password, a user can no longer access some types of information, including: –E-mail that is encrypted with the user ’ s public key –Internet passwords that are saved on the computer –Files that the user has encrypted

10 What Is a User Account Template? A user account template is a user account that contains the properties that apply to users with common requirements User account templates make creating user accounts with standardized configurations more efficient User Account Template

11 Creating User Account Templates Console Active Directory Users and Computers WindowHelp ActionView Tree NameTypeDescription Users 28 objects Active Directory Users and Compu nwtraders.msft Builtin Casablanca Computers Denver OU Domain Controllers ForeignSecurityPrincipals Administrator Cert Publishers DHCP Administrators DHCP Users DnsAdmins DnsUpdateProxy Domain Admins Domain Computers ount f certifi o hav strato who Users Portland Seattle StudentOU Tunis Vancouver OU Domain Controllers Domain Guests Domain Users Enterprise Admins Group 01 _Sales TemplateUser Copy… Add members to a group… Enable Account Reset Password… Move… Open home page Send mail All Tasks Delete Rename Refresh Properties Help Creates a new user, copying information from the selected user. admi ions ontro uest aser admi Copy Object - User Create in: nwtraders.msft/Users First name: Last name: Full name: sales user1 sales user1 Initials: User logon name: salesuser1@nwtraders.msft User logon name (pre-Windows 2000): NWTRADERS\ salesuser1 < Back Next >Cancel Set Up a User Account as a Template Account Create a User Account by Coping the Template Account

12 Guidelines for Creating User Account Templates Create a separate classification for each department Create a separate group for short-term and temporary employees Set user account expiration dates for short-term and temporary employees Disable the account template Identify the account template

13 Customizing User Settings with User Profiles Default User Profile – Serves as the bases for all user profiles Local User Profile – Created the First Time a User Logs on to a Computer – Stored on a Computer's Local Hard Disk Default User Profile – Serves as the bases for all user profiles Local User Profile – Created the First Time a User Logs on to a Computer – Stored on a Computer's Local Hard Disk User Profile User Profile Display Regional Settings Regional Settings Mouse Sounds Modify Save Roaming User Profile Created by the System Administrator Stored on a server Mandatory User Profile Created by the System Administrator Stored on a server Roaming User Profile Created by the System Administrator Stored on a server Mandatory User Profile Created by the System Administrator Stored on a server Profile Windows 2000 Professional Windows 2000 Professional Windows XP Professional Windows XP Professional Windows Server 2003 Windows Server 2003 Profile Server Display Regional Settings Regional Settings Mouse Sounds

14 Best Practices Rename the Administrator Account Create a User Account with Administrative Rights Create a User Account for Non-Administrative Tasks Enable the Guest Account Only in Low Security Networks Create Random Initial Passwords Require New Users to Change Their Passwords Set Account Expiration Dates for Temporary Employees

15 What Is a Computer Account? Identifies a computer in a domain Provides a means for authenticating and auditing computer access to the network and to domain resources Is required for every computer running: –Windows Server 2003 –Windows XP Professional –Windows 2000 –Windows NT

16 Where Computer Accounts Are Created in a Domain Computers that join a domain are created in the Computers container Computer accounts can be moved to or created in other organizational units Computer accounts can be moved to or created in other organizational units

17 Creating Computer Accounts

18 When to Reset Computer Accounts Reset computer accounts when: –Computers fail to authenticate to the domain –Passwords need to be synchronized

19 Tools for Creating and Managing Accounts Active Directory Users and Computers Directory Service Tools Dsadd Dsmod Dsrm Dsadd Dsmod Dsrm Csvde and Ldifde Tools Windows Script Host

20 Locating Accounts Find Users, Contacts, and Groups File Edit View Help Find: Entire DirectoryUsers, Contacts, and Groups In: Find Now Stop Clear All Browse... Add Remove NameDescriptionType Joe Pak Don Hall Anne Paper User Entire Directory contoso Accounting Field Users, Contacts, and Groups Advanced 31 item(s) found Select attributes for searching Select attributes for searching Specify value of the attribute Set condition Administer user accounts in the results box Search entire Active Directory, a specific domain, or an OU

21 What Is a Saved Query?

Download ppt "Windows Server 2003 使用者及電腦帳號管理 林寶森"

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Windows Server 2003 AD 安裝設定與管理維護 林寶森

Windows Server 2003 AD 安裝設定與管理維護 林寶森
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows Server 2003 使用者群組管理 林寶森

Windows Server 2003 使用者群組管理 林寶森
 Overview User Accounts Groups User Rights Permissions.

 Overview User Accounts Groups User Rights Permissions.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 5: Account Management.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 5: Account Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.

Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.

Similar presentations

Ads by Google