Chapter 3: Setting Up and Managing User Accounts

1
Chapter 3 Setting Up and Managing User Accounts

• By the Objectives

2
Chapter Overview

• Understanding User Accounts
• Planning New User Accounts
• Creating, Modifying, and Deleting User Accounts
• Setting Properties for User Accounts
• Implementing Groups

3
Lesson One Objectives

• Explain how to create local user accounts and
  domain user accounts
• Describe how to create and disable built-in user
  accounts

4
Local User Accounts
5
Domain User Accounts
6
Built-In User Accounts

• Administrator
• Use this account to manage the overall computer.
• For nonadministrative tasks, use a user account
  that is not a member of the Administrators group.
• You cannot delete the Administrator account.
• Guest
• Use this account to allow occasional users to log
  on and access resources.
• You can rename or disable the Guest account, but
  you cannot delete it.

7
Lesson Two Objectives

• Establish an effective naming convention for your
  organization
• Describe the password guidelines for protecting
  access to computers running Windows XP
  Professional

8
Naming Conventions

• Create standards for identifying users
• Make it easier to remember logon names
• Simplify account administration

9
Naming Convention Guidelines

• Create unique logon names.
• Use a maximum of 20 characters.
• Remember that logon names are not case sensitive.
• Avoid invalid characters / \ ,
  ? lt gt
• Allow for duplicate employee names.
• Identify the employee type.
• Rename the Administrator and Guest accounts.

10
Password Guidelines

• Assign a password to the Administrator account.
• Determine who assigns passwords.
• Use passwords that are hard to guess.
• Use a minimum of 8 characters (128 characters
  maximum).
• Use uppercase and lowercase letters.
• Use numerals and valid nonalphanumeric
  characters.

11
Lesson Three Objectives

• Modify existing user accounts
• Create local user accounts
• Delete user accounts

12
User Accounts Tool
13
Change an Account

• Change My/The Name
• Create A Password
• Change My/The Password
• Remove My/The Password
• Change My/The Picture
• Change My/The Account Type
• Set Up My Account To Use A .NET Passport
• Delete The Account

14
Manage My Network Passwords Option

• Use the Stored User Names And Passwords option to
  store all user names and passwords in a single
  place.
• In Control Panel, click User Accounts.
• In a workgroup environment, click your account
  name, and in the What Do You Want To Change About
  Your Account window, under Related Tasks, click
  Manage My Network Passwords.
• In a domain, in the Advanced tab, in Passwords
  And .NET Passports, click Manage Passwords.
• In the Stored User Names And Passwords window,
  click Add and in the Server text box, type the
  name of a server, domain, workgroup, or network
  location.
• In the User Name text box, type the user name you
  use to access the resource, and in the Password
  text box, type the password.

15
Prevent a Forgotten Password Option

• In Control Panel, click User Accounts, and then
  click your account name.
• In the What Do You Want To Change About Your
  Account window, under Related Tasks, click
  Prevent A Forgotten Password to launch the
  Forgotten Password Wizard.
• Click Next to continue.
• Insert a blank, formatted floppy disk into drive
  A, and then click Next.
• Type the current users password, and then click
  Next.
• In the Creating Password Reset Disk page, when
  the Progress bar gets to 100, click Next.

16
Using a Password Reset Disk in a Workgroup

• In the Welcome screen, click your user account
  icon, and then type an incorrect password.
• When you type an incorrect password, Windows XP
  Professional displays the Logon Failed dialog
  box, asking if you want to use your password
  reset disk to set a new password for your
  account.
• Click Reset.
• This starts the Password Reset Wizard. The wizard
  will step you through the process.

17
Create A New User Account

• Only administrators can create new user accounts.
• There are two types of user accounts
• Computer Administrator
• Limited

18
Change the Way Users Log On or Log Off
19
Picking an Account to Change
20
The Microsoft Management Console (MMC)

• Provides a standardized method for managing
  administrative tools
• Is used to administer tasks and troubleshoot
  problems locally and remotely
• Centralizes administration

21
The Computer Management Snap-In
22
Creating a Customized MMC Console
23
Creating a Local User Account with the Computer
Management Snap-In
24
Lesson Four Objectives

• Set properties for user accounts

25
The General Tab Options
26
The Profile Tab Options
27
Lesson Five Objectives

• Describe the key features of local groups and
  Windows XP Professional built-in groups
• Create and delete local groups
• Add members to and remove them from local groups

28
Understanding Groups
29
Local Groups

• A local group is a collection of user accounts on
  a computer.
• Using local groups simplifies administration on a
  local computer.
• You should use local groups only on computers
  that are not part of a domain.
• You cannot create local groups on a domain
  controller.
• Local groups can contain only user accounts that
  reside on that computer.
• Local groups cannot belong to any other group.

30
Creating Local Groups
31
Adding Members to a Group

• Use the Add button in the New Group dialog box
  when you create a new local group.
• Use the Computer Management snap-in to add
  members to an existing local group.
• Use the Members Of tab in the Properties dialog
  box of a user account.

32
Adding a User to Multiple Groups

• Start the Computer Management snap-in.
• Expand System Tools and Local Users And Groups.
• Double-click Users.
• In the details pane, right-click the user account
  you want to add to several groups, and then click
  Properties.
• Click the Member Of tab, and then click Add.
• In the Select Groups dialog box, in the Enter The
  Object Names To Select text box, type the names
  of the groups you want to add the user to.
• If you use multiple groups, separate the group
  names by semicolons.

33
Deleting Local Groups
34
Built-In Local Groups

• Administrators
• Backup Operators
• Guests
• Power Users
• Replicator
• Users

35
Built-In System Groups

• Everyone
• Authenticated Users
• Creator Owner
• Network
• Interactive
• Anonymous Logon
• Dialup

36
Chapter Summary

• Local user accounts let users log on and access
  resources only on the computer where the local
  user account was created.
• Do not create local user accounts in a domain
  environment.
• Domain user accounts let users log on to the
  domain and access resources anywhere on the
  network.
• You create a domain user account in the copy of
  the Active Directory service database (the
  directory) on a domain controller.
• Windows XP Professional creates built-in user
  accounts, such as Administrator and Guest, that
  cannot be deleted.

37
Chapter Summary (Cont.)

• Local user accounts must be unique on the local
  computer.
• They can contain up to 20 characters.
• They cannot contain the following characters /
  \ , ? lt gt
• Local user logon names are not case sensitive,
  but passwords are case sensitive.
• The User Accounts tool and the Computer
  Management snap-in are two tools for creating and
  managing user accounts and groups.
• Groups simplify administration by allowing you to
  assign permissions and rights to a group of users
  rather than to individual user accounts.