Title: Module 4: Creating and Managing User Accounts
1Module 4 Creating and Managing User Accounts
2Overview
- Introduction to User Accounts
- Guidelines for New User Accounts
- Creating Local User Accounts
- Creating and Configuring Domain User Accounts
- Setting Properties for Domain User Accounts
- Customizing User Settings with User Profiles
- Best Practices
3Introduction to User Accounts
Built-in User Accounts
- Enable users to perform administrative tasks or
gain temporary access to network resources - Reside in SAM (local built-in user accounts)
- Reside in Active Directory (domain built-in user
accounts)
Administrator and Guest
4 Guidelines for New User Accounts
- Naming Conventions
- Password Guidelines
- Account Options
5Naming Conventions
- User Logon Names and Full Names Must Be Unique
- User Logon Names
- Can contain up to 20 characters
- Can include a combination of special alphanumeric
characters - A Naming Convention Should
- Accommodates duplicate employee names
- Identifies temporary employees
6Password Guidelines
- Assign a Password for the Administrator Account
- Determine Who Has Control over Passwords
- Educate Users on How to Use Passwords
- Avoid obvious associations, such as a family name
- Use long passwords
- Use a combination of uppercase and lowercase
characters
7Account Options
- Set Logon Hours to Match Users Work Hours
- Specify the Computers from Which a User Can Log
On - Domain users can log on at any computer in the
domain, by default - Domain users can be restricted to specific
computers to increase security - Specify When a User Account Expires
8Creating Local User Accounts
Local User Accounts Are
- Created on Computers Running Windows 2000
Professional - Created on Stand-alone or Member Servers Running
Windows 2000 Server or Windows 2000 Advanced
Server - Reside in SAM
9 Lab A Creating Local User Accounts
10 Creating and Configuring Domain User Accounts
- Installing Windows 2000 Administration Tools
- Creating a Domain User Account
- Setting Password Requirements
- Managing User Data by Creating Home Folders
11Installing Windows 2000 Administration Tools
- The tools appear on the Administrative Tools menu
- After you install Administration Tools, use the
runas command to run the tools
12Creating a Domain User Account
DNS Administra
New Object - User
Delegate Control
13Setting Password Requirements
New Object - User
Create in nwtraders.msft/Users
Password
Confirm Password
User must change password at next logon
User cannot change password
Password never expires
Account is disabled
lt Back
Next gt
Cancel
14Managing User Data by Creating Home Folders
- Consider the Following WhenYou Create a Home
Folder - Backup and restore capability
- Sufficient space on the server
- Sufficient space on users computers
- Network performance
- To Create a Home Folder
- Create a shared folder on a server
- Assign the appropriate permission
- Provide a path for the user account
15Setting Properties for Domain User Accounts
- Setting Personal Properties
- Setting Account Properties
- Specifying Logon Options
- Copying Domain User Accounts
- Creating User Account Templates
16Setting Personal Properties
- Add Personal Information About Users As Stored in
Active Directory - Use Personal Properties to Search Active Directory
Active Directory
17Setting Account Properties
Use 01 Properties
Remote control
Terminal Services Profile
Member Of
Dial-in
Environment
Sessions
General
Address
Account
Profile
Organization
Telephones
User logon name
_at_nwtraders.msft
User01
User logon name (pre-Windows 2000)
NWTRADERS\
Student01
Logon Hours
Log On To
Account is locked out
Account options
User must change password at next logon
User cannot change password
Password never expires
Store password using reversible encryption
Account expires
Never
End of
Wednesday, November 24, 1999
OK
Cancel
Apply
18Specifying Logon Options
19Copying Domain User Accounts
20Creating User Account Templates
- Set Up a User Account as a Template Account
- Create a User Account by Coping the Template
Account
21 Customizing User Settings with User Profiles
- User Profile Types
- Creating Roaming and Mandatory Roaming User
Profiles
22User Profile Types
- Default User Profile
- Serves as the bases for alluser profiles
- Local User Profile
- Created the First Time a User Logs on to a
Computer - Stored on a Computer's Local Hard Disk
User Profile
Profile
Windows 2000 Client
- Roaming User Profile
- Created by the System Administrator
- Stored on a server
- Mandatory User Profile
- Created by the System Administrator
- Stored on a server
Windows 2000 Client
Windows 2000 Client
Profile Server
23Creating Roaming and Mandatory Roaming User
Profiles
Create a Roaming User Profile
Create a Shared Folder on the Server
Specify the Shared Folder in Path Information
Create a Mandatory User Profile
Create a Shared Folder on the Server with aUser
Profile Folder Inside
Set Up a Configured Roaming User Profile
Rename Ntuser.dat to Ntuser.man
24Best Practices
25 Lab B Creating and Modifying Domain User
Accounts
26Review
- Introduction to User Accounts
- Guidelines for New User Accounts
- Creating Local User Accounts
- Creating and Configuring Domain User Accounts
- Setting Properties for Domain User Accounts
- Customizing User Settings with User Profiles
- Best Practices