40
6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts Introducing Local User Accounts Local user account Identifies a user on a network Enables a user to access network resources, such as files, printers, and databases Enables a user to access local resources on the computer where the user is logged on Authenticates the identity of a system or user by verifying the user logon name and password (Skill 1)

6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

Embed Size (px)

Citation preview

Page 1: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.1 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing Local User Accounts

Local user account Identifies a user on a network Enables a user to access network resources, such as

files, printers, and databases Enables a user to access local resources on the

computer where the user is logged on Authenticates the identity of a system or user by

verifying the user logon name and password

(Skill 1)

Page 2: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.2 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing Local User Accounts (4)

Built-in user accounts Administrator account is used to manage the overall

functioning of a computer Guest account is used for infrequent users who must log

on to access shared resources for a short duration

(Skill 1)

Page 3: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.3 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-1 Creating a local user account

(Skill 1)

Page 4: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.4 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-2 New local user account in the Users folder

New user

account

(Skill 1)

Page 5: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.5 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-3 Tabs on the Properties dialog box for a local user account

(Skill 2)

Page 6: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.6 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-4 The Profile tab

Used to specify

the path to the

user profile

(Skill 2)

Page 7: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.7 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-5 The Sessions tab

Used to set Terminal

Services timeout and

reconnection settings

(Skill 2)

Page 8: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.8 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-6 The Remote control tab

Used to configure settings for remotely observing or controlling a Terminal Services client session

(Skill 2)

Page 9: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.9 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Setting and Modifying Local User Account Properties (2)

Managing user accounts Renaming a user account Resetting passwords Unlocking user accounts Disabling and enabling a user account Deleting a user account

(Skill 2)

Page 10: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.10 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-7 Preventing a user from changing the password

Activated when the

user breaches the

account threshold

Specifies that the user

cannot change the

password

Specifies that the

password for the

user account will

never need to be

changed

(Skill 2)

Page 11: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.11 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-8 Setting the dial-in properties

Defines routes to

be used for the

dial-in connection

(Skill 2)

Page 12: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.12 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-9 Modifying local user account properties

(Skill 2)

Page 13: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.13 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-13 Renaming a local user account

(Skill 2)

Page 14: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.14 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Creating a Domain User AccountDomain user account Used to log on to a domain and access network resources Use the Active Directory Users and Computers console to create

domain user accounts Created in an OU on a domain controller The domain controller replicates the new user account

information to all of the other domain controllers in the domain After replication, all domain controllers in the domain can

authenticate the user during logon All trusting domains allow the user account to gain access to

their resources

(Skill 3)

Page 15: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.15 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-14 Domain user account

(Skill 3)

Page 16: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.16 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-15 Creating a domain user account in an OU

(Skill 3)

Page 17: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.17 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-16 Creating a domain user account

(Skill 3)

Page 18: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.18 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-17 Specifying a password for a new domain user account

(Skill 3)

Page 19: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.19 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-18 Summary screen for a new domain user account

(Skill 3)

Page 20: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.20 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts (Skill 3)

Figure 6-19 The new user in the Active Directory Users and Computers console

Page 21: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.21 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Setting Domain User Account Properties Every user account has a set of default properties

Personal properties you define for a domain user account are useful when searching for users

Logon settings are used to specify the logon hours for a user

Dial-in settings include specifying whether a user can dial in from a remote location

Terminal Services settings allow a user to connect to a server from a remote location as well as run a session as if the user is physically sitting at the computer

(Skill 4)

Page 22: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.22 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-20 Specifying user account properties

(Skill 4)

Page 23: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.23 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-21 The Account tab for a domain user account

(Skill 4)

Page 24: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.24 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-22 Specifying logon hours for a user account

(Skill 4)

Page 25: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.25 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Automating User Creation and Modification (2)

Account templates User accounts created specifically for copying; no one

can log on using the template accountCreate the account Fill out all of the information common to all usersCopy it when creating new user accounts

Templates can significantly reduce the headaches involved with adding users to small as well large networks

(Skill 5)

Page 26: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.26 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing User Profiles

User profile A collection of data that includes a user’s personal data,

desktop settings, printer connections, network connections that are established when the user logs on to the network, and other settings

Helps provide a consistent desktop environment

(Skill 6)

Page 27: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.27 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing User Profiles (2)

Multiple users User profiles enable multiple users to work from the

same computer or a single user to work from multiple computers on a network without changing any of the settings

A user can customize the desktop environment without affecting another user’s settings

User profiles can be stored on a server so that users can use them on any computer running Microsoft Windows NT 4.0 or later

(Skill 6)

Page 28: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.28 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing User Profiles (3)

Local user profile Limited to the computer you log on to and is stored on

the system ’s local hard disk Is created the first time you log on to a computer by

copying the settings in the “default user” profile, and is the default type of profile

Any changes you make to your local user profile are also specific to the computer on which you made the changes

(Skill 6)

Page 29: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.29 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing User Profiles (4)

Roaming user profile A profile that is stored on a network server and retrieved

at user logon This type of profile is especially helpful when a user has

to work on multiple computers on a network, because he or she can have a uniform desktop on all computers they use

To enable a roaming profile, you must configure a network path to the roaming profile in the Properties for the user account

(Skill 6)

Page 30: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.30 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-26 A sample user profile folder

This hidden folder

contains program

specific data, such as a

custom dictionary;

program vendors

determine the data to be

stored in this folder

The faded icons

indicate that these

are hidden folders

This hidden folder

contains shortcuts to

document-handling

utilities such as access

to the floppy drive

Contains user template

items such as ones

created in Microsoft Word

and Microsoft Excel

(Skill 6)

Contains Application

data, History,

and Temporary files

Page 31: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.31 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing User Profiles (5) In the User Profiles dialog box on the local computer, the

user’s profile is automatically set to Roaming Access this dialog box by clicking the Change Type

button on the Advanced tab in the System Properties dialog box

Windows Server 2003 compares the locally stored user profile files for the user, and the roaming user profile files on the server where they are stored, and copies only the files that have changed since the last time the user logged on

When the user logs off, Windows Server 2003 copies the changes made to the local copy of the roaming user profile back to the network server

(Skill 6)

Page 32: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.32 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Introducing User Profiles (6)

Mandatory user profile A type of roaming profile used to specify particular

settings for individuals or a group Users can choose their own desktop settings for the

computer they are logged on to, but none of these changes are saved when they log off

The mandatory profile settings are applied to the local computer each time the user logs on

(Skill 6)

Page 33: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.33 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-27 The Change Profile Type dialog box

(Skill 6)

Page 34: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.34 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Creating a Roaming User Profile

Standard roaming user profiles Can be created for specific groups of users Suggested practices

Always create standard roaming user profiles on the file server you back up most frequently to maintain copies of the latest settings

Place the roaming user profile folder on a member server rather than on a domain controller in order to improve logon performance

(Skill 7)

Page 35: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.35 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Creating a Roaming User Profile (2)

Mandatory user profile Can be created using the hidden file Ntuser.dat This file stores the Windows system settings (Registry

entries in the HKEY_CURRENT_USER hive) that apply specifically to individual user accounts and user environment settings

To change the profile to read-only so that it becomes a mandatory user profile, rename the file Ntuser.man

(Skill 7)

Page 36: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.36 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-31 The User Profiles dialog box

List of profiles

available on the

computer

(Skill 7)

Page 37: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.37 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-32 Copying the user profile template to the shared folder

Click to select

the path for

the copied

user profile

(Skill 7)

Page 38: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.38 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-33 Selecting the user who will be permitted to use the profile

(Skill 7)

Page 39: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.39 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-34 The user selected in the Select User or Group dialog box

(Skill 7)

Page 40: 6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts

6.40 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 6: Administering User Accounts

Figure 6-35 Specifying the path to the roaming user profile

(Skill 7)