Embed Size (px)
Citation preview
Chapter 5: Configuring Users and Groups
Windows Vista User Accounts
• User accounts are the primary means of authentication
• Built-in Accounts– Administrator: Full Access
• Disabled by Default– Guest: Allows access to a user who does
not have their own unique account• Disabled by Default
– Initial User: Registered User• Administrators Group
• There are 2 Account Types– Administrator– Standard
2/11
Types of User Accounts• Administrator
– Unrestricted access to performing administrative tasks
– Use sparingly
• Standard User– Can perform most day-to-day
tasks– Administrative credentials required
to make system-wide changes– Reduced the risk of viruses and
malware
3/11
Local and Domain User Accounts
• Windows Vista supports two kinds of user authentication– Local
• Stored on the local computer• Must be configured on each
computer on the network
– Domain• Active Directory is a directory service
available in Windows Server• Centralized database for User
Accounts that will login on member workstations.
4/11
Logging on to Windows Vista
• Before a user can use a Windows Vista computer, he/she must authenticate by providing a Username and Password that match what’s in the Local Security Database
5/11
Logging on to Windows Vista
• If the username and password matches the database, then an access token is issued.
• Access tokens identify the user and groups of which the user is a member
• If the group membership changes than the user must logoff and log on again to update the access token
6/11
Working with User Accounts
• Use the Local Users and Groups snap-in in the MMC – Microsoft Management Console
• Manage Local Users and Groups through the Computer Management utility
• Start>Control Panel>User Accounts and Family Safety– You can also configure Parental
Controls from here77/11
Working with User Accounts
• Use the Local Users and Groups snap-in in the MMC – Microsoft Management Console
88/11
Creating New Users
• Rules– Usernames must be between 1 and 20
characters– Usernames must be unique among all user and
group names stored on your computer– Usernames can’t contain the following
characters:
– Usernames can’t consist of only periods or spaces
• Conventions– Keeping Rules in mind, choose a consistent
naming format, i.e. First Initial + Last Name• Usernames are not case sensitive
9/11
Creating New Users
• Usernames and Security Identifiers– When you create a new user, a
security identifier (SID) is automatically created on the computer for the user account.
– The username is a property of the SID
10/11
Options for New User Accounts
11/11
Disabling and Deleting User Accounts
• Accounts that are not in use should be disabled or deleted
• Why disable?– User on vacation– User left job, job will be filled again soon
• Why delete?– User of account left long ago, has been unused
since then
• Why not delete?– Deleting an account destroys its SID, and loses
any permissions assigned to it
12/11
Renaming Users and Changing a User’s Password
• When you hire a new person into the position vacated by a former employee, rename the user account, change the password, and re-enable the account. This preserves the SID, and the new employee has all the rights and permissions granted to the former one.
• To rename, highlight the User account in Local Users and Groups, click the Action button, and choose Rename.
• To change a password, highlight the User account in Local Users and Groups, click the Action button, and choose Set Password.– Usernames are not case sensitive, but
passwords are.
13/11
Managing User Properties
14/11
Setting Up User Profiles, Logon Scripts, and Home Folders
• Profile Path: Storage place for user environment settings for a specific user– Such as desktop arrangement, program
groups, and screen colors– Local, Roaming, Mandatory
• Local is a profile on the individual computer• Roaming resides on a network server• Mandatory can not be edited by the user.
Must be edited by a member of the administrator group
• Can be created for a single user or a group
15/11
Setting Up User Profiles, Logon Scripts, and Home Folders
• Logon Script: Set up drive mappings or printer mappings, or run executables at every logon time
• Home Folders: Where users store personal files and folders– UNC (Universal Naming Conventions)
to a Share• \\Sales\Users\Will
– Server=Sales– Folder=\Users\Will– Can use the variable %username
%16/11
Managing User Properties
• Managing Group Membership
17/11
Groups
• Groups are the primary means for an administrator to control access rights to users of similar access needs.
• There are various Built-in default groups that can be used.
• Create your own Groups.
18/11
Built-in Groups• Examples of Built-in default groups that can be
used– Administrators
• Full Permissions and Privileges– Backup Operators
• Full Access to the file system only when using the Backup utility
– Remote Desktop• Allows members to login remotely for the
purpose of using the Remote Desktop utility– Network Config Group
• Can edit the systems TCP/IP setting, as well as all other network properties
– Power Users (XP backward compatibility)• From XP to Vista upgrade
– User (Limited Access) 19/11
Creating Groups
• Group name should be descriptive (ex. Account Data Users)
• Group name must be unique to the computer
• Group names can be up to 256 characters
• Users can be members of multiple groups
20/11
