MOC PowerPoint slide deck template

Download Report

Transcript MOC PowerPoint slide deck template 

1
Chapter 6
WORKING WITH USER
ACCOUNTS
Chapter 6: WORKING WITH USER ACCOUNTS
2
CHAPTER OVERVIEW
 Understand the differences between local user and
domain user accounts.
 Plan, create, and manage local and domain user
accounts.
 Create and manage user accounts by using
templates, importation, and command-line tools.
 Manage user profiles.
 Understand the purpose and function of profiles.
 Troubleshoot user authentication issues.
Chapter 6: WORKING WITH USER ACCOUNTS
UNDERSTANDING USER ACCOUNTS
 Stored in the Security Accounts Manager (SAM)
database on that system
 Can be used only on that system
 Domain user accounts
 Stored in Active Directory on domain controllers
 Can be used on any system in Active Directory
3
Chapter 6: WORKING WITH USER ACCOUNTS
4
WORKGROUPS
 No centralized database of user accounts
 User account must exist in the SAM of each system
the user accesses
 Impractical in environments with more than 10
users
Chapter 6: WORKING WITH USER ACCOUNTS
DOMAINS
5
Chapter 6: WORKING WITH USER ACCOUNTS
PLANNING USER ACCOUNTS
 Account naming
 Choosing passwords
 Designing an Active Directory hierarchy
6
Chapter 6: WORKING WITH USER ACCOUNTS
ACCOUNT NAMING
 Account names can be between 1 and 20
characters (letters and/or numbers).
 Account names are not case sensitive.
 The following characters cannot be used in the
account name:
 "/\[]:;|,+=*?<>@
7
Chapter 6: WORKING WITH USER ACCOUNTS
CHOOSING PASSWORDS
8
Chapter 6: WORKING WITH USER ACCOUNTS
DESIGNING AN ACTIVE DIRECTORY
HIERARCHY
 Create an organizational unit (OU) structure
 Place users in appropriate OU
 Provides for features such as group policy
9
Chapter 6: WORKING WITH USER ACCOUNTS
WORKING WITH LOCAL USER ACCOUNTS
10
Chapter 6: WORKING WITH USER ACCOUNTS
CREATING A LOCAL USER ACCOUNT
11
Chapter 6: WORKING WITH USER ACCOUNTS
MANAGING LOCAL USER ACCOUNTS
12
Chapter 6: WORKING WITH USER ACCOUNTS
WORKING WITH DOMAIN USER ACCOUNTS
13
Chapter 6: WORKING WITH USER ACCOUNTS
CREATING A DOMAIN USER ACCOUNT
14
Chapter 6: WORKING WITH USER ACCOUNTS
MANAGING DOMAIN USER ACCOUNTS
 From the Action menu, you can:
 Reset a user account password.
 Rename, disable, and delete an account.
 Modify group membership.
 Send e-mail and open a user’s homepage.
15
Chapter 6: WORKING WITH USER ACCOUNTS
THE GENERAL TAB
16
Chapter 6: WORKING WITH USER ACCOUNTS
THE ADDRESS TAB
17
Chapter 6: WORKING WITH USER ACCOUNTS
THE TELEPHONES TAB
18
Chapter 6: WORKING WITH USER ACCOUNTS
THE ORGANIZATION TAB
19
Chapter 6: WORKING WITH USER ACCOUNTS
THE ACCOUNT TAB
20
Chapter 6: WORKING WITH USER ACCOUNTS
THE PROFILE TAB
21
Chapter 6: WORKING WITH USER ACCOUNTS
THE MEMBER OF TAB
22
Chapter 6: WORKING WITH USER ACCOUNTS
THE TERMINAL SERVICES PROFILE TAB
23
Chapter 6: WORKING WITH USER ACCOUNTS
THE ENVIRONMENT TAB
24
Chapter 6: WORKING WITH USER ACCOUNTS
THE REMOTE CONTROL TAB
25
Chapter 6: WORKING WITH USER ACCOUNTS
THE SESSIONS TAB
26
Chapter 6: WORKING WITH USER ACCOUNTS
THE DIAL-IN TAB
27
Chapter 6: WORKING WITH USER ACCOUNTS
THE COM+ TAB
28
Chapter 6: WORKING WITH USER ACCOUNTS
MANAGING MULTIPLE USERS
29
Chapter 6: WORKING WITH USER ACCOUNTS
MOVING USER OBJECTS
30
Chapter 6: WORKING WITH USER ACCOUNTS
CREATING MULTIPLE USER OBJECTS
 Using object templates
 Using Csvde.exe
 Using Dsadd.exe
31
Chapter 6: WORKING WITH USER ACCOUNTS
32
USING OBJECT TEMPLATES
 Can be an existing user account or an account
created specifically for copying.
 Not all properties are copied.
 Object templates should be disabled to prevent use
of the account.
Chapter 6: WORKING WITH USER ACCOUNTS
33
IMPORTING USER OBJECTS USING CSV
DIRECTORY EXCHANGE
 Useful for creating large numbers of users at a time.
 Step 1: Create a comma-separated value (CSV) text
file of user information.
 Step 2: Use Csvde.exe to import the user
information from the CSV file into Active Directory.
Chapter 6: WORKING WITH USER ACCOUNTS
CREATING USER OBJECTS WITH DSADD.EXE
 Command-line utility
 Can be used in batch files or scripts
 Can be used to add other objects as well as users
34
Chapter 6: WORKING WITH USER ACCOUNTS
MODIFYING USER OBJECTS WITH DSMOD.EXE
 Command-line utility
 Can be used in batch files or scripts
 Can be used only to modify existing objects
35
Chapter 6: WORKING WITH USER ACCOUNTS
MANAGING USER PROFILES
 Allows each user to have a customized working
environment
 Preserves application settings, shortcuts, and
preferences
 Ensures that users do not affect each other’s work
environment
36
Chapter 6: WORKING WITH USER ACCOUNTS
USER PROFILE CONTENTS
 User-stored documents and files
 Application configurations and settings
 Desktop and environment settings
 Control Panel settings and configurations
37
Chapter 6: WORKING WITH USER ACCOUNTS
USER PROFILE DIRECTORY STRUCTURE
38
Chapter 6: WORKING WITH USER ACCOUNTS
39
USING LOCAL PROFILES
 Stored on the local system
 Available only when the user logs on to that system
 Can be modified by the user as needed
Chapter 6: WORKING WITH USER ACCOUNTS
USING ROAMING PROFILES
 Allows a user to have the same working
environment from any client computer she
logs on to.
 Central storage provides for easier backup.
40
Chapter 6: WORKING WITH USER ACCOUNTS
41
USING MANDATORY PROFILES
 Can be either local or roaming.
 User can make changes, but changes are not saved
when user logs off.
 Renaming Ntuser.dat to Ntuser.man designates
profile as mandatory.
Chapter 6: WORKING WITH USER ACCOUNTS
MONITORING AND TROUBLESHOOTING USER
AUTHENTICATION
 Using password policies
 Using account lockout policies
42
Chapter 6: WORKING WITH USER ACCOUNTS
USING PASSWORD POLICIES
 Provides a mechanism to control password use in
the organization.
 Should strike a balance between usability and
security.
 Creating a password policy that is too demanding
increases password-related support calls.
43
Chapter 6: WORKING WITH USER ACCOUNTS
USING ACCOUNT LOCKOUT POLICIES
 Account Lockout Threshold
 Account Lockout Duration
 Reset Account Lockout Counter After
44
Chapter 6: WORKING WITH USER ACCOUNTS
45
ACTIVE DIRECTORY CLIENTS
 Windows 2000, Windows XP, and Windows Server
2003 include full Active Directory client capabilities.
 Windows 95, Windows 98, Windows Me, and
Windows NT 4 require additional client software to
gain full Active Directory functionality.
Chapter 6: WORKING WITH USER ACCOUNTS
46
AUDITING AUTHENTICATION
 Allows you to track failed and successful logon
attempts
 Can form part of a security policy
 Creates minimal system overhead in all but largest
environments
Chapter 6: WORKING WITH USER ACCOUNTS
47
SUMMARY
 Local user accounts are stored on the local system and
can provide users with access only to local resources.
Domain user accounts are stored on Active Directory
domain controllers and can provide users with access to
resources all over the network.
 User objects include the properties related to the
individuals they represent.
 A user object template is an object that is copied to
produce new users. If the template is not a “real” user, it
should be disabled. Only a subset of user properties is
copied from templates.
 Windows Server 2003 includes command-line tools that
you can use to create and manage Active Directory
objects, including Csvde.exe, Dsadd.exe, and Dsmod.exe.
Chapter 6: WORKING WITH USER ACCOUNTS
48
SUMMARY (continued)
 A user profile is a collection of folders and data that
make up the desktop environment for a specific user.
 Windows Server 2003 generates an individual user
profile for each person who logs on to the system.
Local user profiles are stored on the local drive,
whereas a roaming user profile is stored on a network
server.
 A mandatory user profile is one that never changes,
providing the same desktop configuration each time
the user logs on.
 Auditing for authentication allows you to track logon
activity for the network.