Contents
Overview 1
Lesson: Configuring Windows XP
Professional for a Workgroup 2
Demonstration: Using the Computer
Management Console 8
Practice: Joining a Workgroup 11
Practice: Configuring Fast User Switching 15
Lesson: Configuring Local Security 18
Lesson: Configuring Network Options in a
Workgroup 27
Lesson: Joining a Domain 38

Module 6: Configuring
Windows XP
Professional to Operate
in a Microsoft Network




Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,

logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2003 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows NT, ActiveX, Active Directory, MSDN, PowerPoint,
and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in
the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.


Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network iii


Instructor Notes
This module provides students with the skills to configure Microsoft®
Windows
® XP Professional to operate in a workgroup or in a domain. The
module explains user accounts and the Microsoft Management Console
(MMC).

After completing this module, students will be able to:
! Configure Microsoft Windows XP Professional for a workgroup.
! Configure security settings on individual accounts and computers.
! Use the Network Setup Wizard to configure network options when
operating in a workgroup.
! Configure Microsoft Windows XP Professional for a domain.

You need Microsoft PowerPoint® file 2285A_06.ppt.

It is recommended that you use PowerPoint 2002 or later to display
the slides for this course. If you use PowerPoint Viewer or an earlier version of
PowerPoint, some features of the slides may not appear correctly.

To prepare for this module:
! Read all materials for this module.
! Complete the practices.
! Read all materials listed under Additional reading in this module.

Presentation:
90 minutes

Lab:
00 minutes
Required materials
Important
Preparation tasks
iv Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


How to Teach This Module

This section contains information that will help you to teach this module.
For some topics in this module, references to additional information appear in
notes at the end of a topic. Read the additional information in preparation for
teaching the module. During class, ensure that students are aware of the
additional information.
Lesson: Configuring Windows XP Professional for a Workgroup
This section describes the instructional methods for teaching this lesson.
Explain what a workgroup is. Define peer-to-peer network and stand-alone
server. Ensure that students understand the advantages and limitations of
workgroups.
Describe the characteristics of a local user account. Describe the local Security
Account Manager (SAM) and cite the resources listed under Additional
reading.
Describe the different types of accounts. Explain that the default types are
created by using:
! Computer Management Console
! Control Panel

In this topic, describe the Computer Management Console. When you list the
tasks that the Computer Management Console performs, illustrate the tasks with
examples.
Demonstrate the process for creating user accounts, and then demonstrate how
to create user accounts in the Computer Management Console. Emphasize that
when you create accounts in the Computer Management Console, the default
account type is an Administrator account with no password, and that this type
of account can pose a security risk.
Recommend the following guidelines to increase security:
! Users must change their passwords after their initial logons.
! The administrator must disable idle accounts.



Before this demonstration, remove GLASGOW from the NWTRADERS
domain and put it in the WORKGROUP workgroup.

Describe the authentication process for local accounts. Explain what an access
token is. Emphasize that changes to accounts in a workgroup must occur on all
computers in the workgroup.
Assign students to work in pairs for this practice.
This practice takes approximately 10 minutes.
What Is a Work
g
roup?
What Is a Local User
Account?
Account Types and
Account Privile
g
es
What Is the Computer
Mana
g
ement Console?
Demonstration: Using
the Computer
Management Console
Note
The Authentication
Process
Practice: Joining a
Work

g
roup
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network v


List the options that are available only in Windows XP Professional when it
operates in a workgroup. Explain that these options are not available in a
domain.

Fast User Switching is available only when you enable Use the
Welcome Screen. If you disable Use the Welcome Screen as the easy logon
option, you also disable the Use Fast User Switching option. You also cannot
use Fast User Switching when Offline Files is enabled.

Remind students that they must continue to work in pairs in this practice.
This practice takes approximately 10 minutes.
Lesson: Configuring Local Security
Describe the MMC, and then give an overview of the process of configuring
local security.
Describe the settings that you can configure to increase security for Local
Policies. Explain the differences between User Rights Assignments and
Security Options.
Describe the CTRL+ALT+DEL security template options. Explain each setting
in the table.

In this practice, the students use the tables as job aids to choose the correct
settings for their Account Policies. Explain that students can use the procedures
and the tables to choose the correct Account Policies for most circumstances.
This practice takes approximately 10 minutes.
Lesson: Configuring Network Options in a Workgroup

Emphasize that you must configure the network before you can enable file- and
print-sharing in a workgroup.
Describe the tasks involved when you configure networking options in a
workgroup. Mention the Home and Small Office Network Setup checklist and
the computer description because you will not explain them later in the module.
Describe how the Internet Connection Firewall (ICF) controls connections
between the internal network and the Internet. Be prepared to illustrate how ICF
can deny access to non-secure traffic from the Internet.
Describe how Internet Connection Sharing works. Be prepared to answer
questions from students who want to know more about the technology behind
Internet Connection Sharing (ICS). In particular, mention Universal Plug and
Play (UPnP), even though you will not present UPnP in the lesson.
Logon Options in a
Work
g
roup
Note
Practice: Configuring for
Fast User Switching
What Is Local Security
Confi
g
uration?
Guidelines for
Configuring Local
Policies
Guidelines for
Configuring
CTRL+ALT+DEL
Security Options

Practice: Configuring
Account Policies
How Workgroup
Confi
g
uration Works
What Is Internet
Connection Sharing?
What Is the Internet
Connection Firewall?
Guidelines for Selecting
an Internet Connection
Method
vi Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


Describe the two methods of connecting to the Internet: ICS and the Other
option in the Network Setup Wizard. Prepare real-life examples to illustrate
each method.

ICS Discovery and Control uses Universal Plug and Play (UPnP). ICS
clients can discover the ICS host, control the connection status of the ICS host
to the Internet Service Provider (ISP), and view basic statistical information
about the Internet connection.

Demonstrate how to enable ICS and ICF by using Control Panel.


Ensure that each student has a Windows XP Professional compact disc.
This practice takes approximately 15 minutes.

Lesson: Joining a Domain
Describe the differences between workgroups and domains, and explain the
requirements of joining a domain.
Explain how the Welcome screen differs from the Log on to Windows screen.
Describe the authentication process in a domain. Explain what cached
credentials are and how they are used.
In this practice, students will join a domain.
This practice takes approximately 15 minutes.
Assessment
This module has assessment questions for each lesson, which are located on the
Student Materials compact disc. You can use them as pre-instruction
assessments to help students identify areas of difficulty, or as post-instruction
assessments to validate learning.
Consider using assessment questions to reinforce learning at the end of the day.
You can also use them at the beginning of the day as a review of the
information that you taught on the previous day.
Lab
There are no labs for this module.
Note
Demonstration: Using
Control Panel to
Configure Network
Options
Practice: Configuring
Network Options in a
Work
g
roup
What Is the Impact of
Joinin

g
a Domain?
How Users Log On to a
Domain
Practice: Joining a
Domain
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 1


Overview

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
To configure Microsoft
® Windows® XP Professional to operate in a workgroup
or a domain, you must correctly create and configure user accounts, and
configure the security of the network. As an Information Technology (IT)
professional, you must understand the similarities and differences between
workgroups and domains so that you can configure Windows XP Professional
to operate properly in your network environment.
After completing this module, you will be able to:
! Configure Windows XP Professional for a workgroup.
! Configure security settings on individual accounts and computers.
! Use the Network Setup Wizard to configure network options in a
workgroup.
! Configure Windows XP Professional for a domain.

Introduction
Ob
j

ectives
2 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


Lesson: Configuring Windows XP Professional for a
Workgroup

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
To configure Windows XP Professional to operate in Microsoft Windows
networks, you must understand how a workgroup environment affects
configuration. You must also differentiate among the types of user accounts and
their capabilities.
After completing this lesson, you will be able to:
! Describe a workgroup.
! Describe local user accounts.
! Describe information about user accounts in a workgroup.
! Describe how the Computer Management Console works.
! Describe the authentication process in a domain.
! Join a workgroup.
! Change workgroup logon options.
! Configure Windows XP Professional for a workgroup.

Introduction
Lesson objectives
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 3


What Is a Workgroup?


*****************************
ILLEGAL FOR NON-TRAINER USE******************************
The advantages of a workgroup are:
! In smaller organizations where computers in a workgroup share resources,
there is no need to dedicate a computer as a server. This saves the
organization the expense of a server and server software.

Standalone servers are computers running server software in a
workgroup.

! Workgroups are appropriate for organizations with decentralized resource
and account administration.

The limitation of workgroups is that they are difficult to manage if more than
10 computers are on a network.
In a workgroup, all user accounts are local user accounts. If five workers use
five computers in a workgroup and they require access to each other’s
resources, there are 25 user accounts in the workgroup because each computer
duplicates the five user accounts. When you make a change to a user account in
a workgroup, you must also make the change on each computer in the
workgroup.

Advantages
Note
Limitation
4 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


What Is a Local User Account?


*****************************
ILLEGAL FOR NON-TRAINER USE******************************
! A user account contains a user’s unique credentials. The user account
enables a user to:
• Use a specific computer in a workgroup to access resources on that
computer.
• Log on to a domain to access network resources.
! Local user accounts are created on the computer on which they are used,
and enable the user to access resources on that computer.
• A local user account resides in a security account database, called the
Security Account Manager (SAM), on the computer on which the user
account is created. Because the local user account resides locally, it
controls access only to local resources, which are resources that reside
on the local computer.
• A local user account is authenticated against the credentials in the local
SAM.

For more information about administering user accounts, see Module 1,
“Introduction to Windows 2000 Administration,” and Module 2, “Setting Up
User Accounts,” in Course 2028, Basic Administration of Microsoft
Windows 2000.
Key points
Additional reading
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 5


Account Types and Privileges

*****************************
ILLEGAL FOR NON-TRAINER USE******************************

In a workgroup, the default account type depends on how you create the user.
! If you create the user account by using the Computer Management Console,
the default account type is Limited user.

! If you create the account using Control Panel, the default account type is
Computer Administrator with no password. This account type can pose a
security risk; therefore, create all user accounts by using the Computer
Management Console.

Account types
Account t
y
pe privile
g
es
6 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


The following table lists the three account types and their associated privileges.
Account Type Group Privileges

Limited Users Limited users can:
• Change the pictures for their accounts.
• Change their passwords.
• Remove their passwords.
Standard Power Users Standard users have the Limited user
privileges, and can make basic changes to
computer settings (for example, modify
display properties and power options).
Computer

Administrator
Administrators Administrators have the Standard user
privileges, and they can:
• Create, change, and delete accounts.
• Make computerwide changes, and access
all files on the computer.
• Install all hardware and software.


You cannot create a Standard user account by using Control Panel. To
grant a user the privileges of a Standard user, or Power user, you must add the
user to the Power Users group in the Computer Management Console.

Note
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 7


What Is the Computer Management Console?

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
The Computer Management Console combines several administration utilities
into a console tree, which provides easy access to administrative properties and
utilities. The console tree in the left pane shows a hierarchical view of the
features of the Computer Management Console.
You can use Computer Management Console to:
! Monitor system events, such as logon times and application errors.
! Create and manage shared resources.
! View a list of users who are connected to a local or remote computer.
! Start and stop system services, such as Scheduled Tasks and Indexing

Service.
! Set properties for storage devices.
! View device configurations and add device drivers.
! Manage applications and services.

Key points
8 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


Demonstration: Using the Computer Management Console

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
In a workgroup environment, you must create a local user account on each
computer to which the individual requires access.
1. Click Start, right-click My Computer, and then click Manage.
2. In the Computer Management Console, expand Local Users and Groups,
right-click Users, and then click New User.
3. In the New User dialog box, enter the User Name, the Full Name
(optional), and then a Description (optional).
4. Type a password of P@ssw0rd and then confirm the password.

Although a password is optional, always assign a strong
password to accounts that you create to increase network security.

5. Select User must change password at next logon (which is recommended)
or User cannot change password, and then select Account is Disabled
unless the account will soon be used.

You can select or deselect the options mentioned in step 5, and also

disable or enable an account, by right-clicking a user in the right pane, and
then clicking Properties.

6. Click Create.

Introduction
Creating a user account
in a work
g
roup
Important
Note
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 9


To change the account type of a local user account in a workgroup:
1. Click Start, click Control Panel, click User Accounts, and then click
Change an account.
2. Select an account, then Click Change the account type.
3. Select an account type, and then click Change Account Type and view the
new account type beneath the user name.

Changing account types
10 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


The Authentication Process

*****************************
ILLEGAL FOR NON-TRAINER USE******************************

! When a user logs on to a local computer, the authentication process is:
• The user provides a user name and a password, and Windows XP
Professional forwards the information to the SAM on the local
computer.
• Windows XP Professional compares the logon information with the user
information in the SAM.
• If the information matches and the user account is valid, Windows XP
Professional creates an access token for the user.
! An access token is the user’s identification for that local computer and
contains the user’s security settings. These security settings enable the user
to access resources and perform specific system tasks.
! If you make a change to a user account, such as a password change, the
workgroup authentication process requires you to make the same change on
each computer to which the user requires access.

Key points
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 11


Practice: Joining a Workgroup

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
After completing this practice, you will be able to join a workgroup.
Before working on this practice, you must have a computer running
Windows XP Professional.
A department in your organization installed Windows XP Professional. The
department uses a workgroup. The person who installed Windows XP
Professional incorrectly installed the computers in a domain. Your task is to
reconfigure the computers into a workgroup.

! Reconfigure the computer into a workgroup
1. Log on to the local computer as Administrator with a password of
P@ssw0rd

You logged on as Administrator for this practice because you require
Administrator privileges to perform some of the steps.

2. Click Start, right-click My Computer, and then click Properties.
3. On the System Properties sheet, click Computer Name.
4. On the Computer Name tab, click Change.
5. Click Workgroup, type WORKGROUP as the workgroup name, and then
click OK.
6. In the Computer Name Changes dialog box, type Administrator as the
user name, type P@ssw0rd as the password, and then click OK.
7. On the Welcome to the WORKGROUP workgroup message box, click
OK.
Objectives
Prerequisites
Scenario
Procedure
Note
12 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


8. On the You must restart this computer for the changes to take effect
message, click OK.
9. Close the System Properties sheet, and then click Yes to restart the
computer.

! Explore the network and attempt to connect to network resources

1. Log on to the local computer as Administrator with a password of
P@ssw0rd and notice that you only logged on to the local computer, not the
domain.

2. Click Start, click My Computer, click My Network Places, and then click
View Workgroup Computers.
3. In the list of computers, double-click any computer except your own.
4. At the prompt for a password, click Cancel.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 13


Logon Options in a Workgroup

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
The Use the Welcome Screen and Use Fast User Switching are two logon
options in a workgroup environment.
The Welcome screen has several functions:
! Provides a quick and easy method for users to log on
! Allows users to select their user accounts and immediately type their
passwords
! Displays all valid user accounts on the local computer

By default, the Administrator account appears on the Welcome
screen. If another account has administrator privileges, the Administrator
account does not appear.

! Provides a user icon for each account that the user can set to any graphic;
for example, a photograph of the user.



The Welcome screen presents the list of user accounts on the
computer. This list is visible to anyone who can see the computer monitor,
which presents a security risk. Use the Welcome screen only in environments
where minimal security is acceptable.

The
W
elcome Screen
Note
Important
14 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


Fast User Switching enables users to switch among user accounts without
closing programs or logging off. The main features of Fast User Switching are:
! Fast User Switching is enabled by default.
! When it is enabled, the user sees Switch User in the Log Off Windows
dialog box.
! Fast User Switching enables users who must perform administrative
functions to access an account with administrative privileges, perform the
administrative function, log off the administrator account, and then return to
their own accounts without shutting down programs or logging off.
! Fast User Switching provides an additional tab, Users, in the Windows Task
Manager. On this tab, users can log off, and users with administrative
privileges can log off themselves or other users.


When multiple users are simultaneously logged on and running

programs, the performance of the computer depends on the speed of the
computer and the amount of memory available.

Fast User Switching
Note
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 15


Practice: Configuring Fast User Switching

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
After completing this practice, you will be able to:
! Change how users log on and off.
! Configure classic Windows Logon and Fast User Switching.

Before working on this practice, you must have a computer running
Windows XP Professional.
A department in your organization installed Windows XP Professional. You
recently reconfigured the department’s computers to use a workgroup rather
than a domain. You want users to log on to their computers by using Windows
Logon so that they can use Fast User Switching. Your task is to reconfigure the
computers so that this is possible.
! Create a local user account
1. Log on to the local computer as Administrator with a password of
P@ssw0rd.
2. Click Start, right-click My Computer, and then click Manage.
3. In the Computer Management window, expand Local Users and Groups.

You logged on as Administrator for this practice because you require

Administrator privileges to perform some of the steps and to eliminate the
steps used in creating a second limited test user. Restrict the use of the
Administrator account in production environments.

4. Right-click Users, and then click New User.
5. In the User Name box, type FastSwitchUser and in the Password and
Confirm Password boxes, type P@ssw0rd
Objectives
Prerequisites
Scenario
Procedure
Note
16 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


6. Clear the User must change password at next logon check box, and then
click Create.
7. Close the New User dialog box, click Users and view FastSwitchUser in
the list of users.
8. Close all open windows.

! Configure Fast User Switching
1. Click Start, click Control Panel, and then click User Accounts.
2. On the Pick a Task page, click Change the way users log on or off.
3. Click OK on the User Accounts dialog box that appears.
4. Uncheck the Enable Offline Files check box and click OK.
5. On the Select logon and logoff options page, select Use the Welcome
Screen, select Use Fast User Switching, and then click Apply Options.
6. Close the User Accounts window and close Control Panel.
7. Click Start, click Log Off, and then click Switch User to log off the

computer.

! Test Fast User Switching
The logon screen lists all users on the computer, so you can click a user and
type a password. When you use Fast User Switching, you are not required to
press CTRL+ALT+DEL to log on.
1. Click FastSwitchUser with a password of P@ssw0rd
2. Click Start, click All Programs, click Accessories, and then click
WordPad.
3. Type some text into the WordPad document, and do not close or save the
new document.
4. Click Start, click Log off, and on the Log Off Windows message, click
Switch User.
On the Welcome screen, notice that both the Administrator and
FastSwitchUser are logged on, and FastSwitchUser has one running
program.
5. Log on as Administrator with a password of P@ssw0rd
6. Open WordPad and type some text into the new document, but do not close
or save the new document.
7. Click Start, click Log off, and on the Log Off Windows message, click
Switch User.
On the Welcome screen, notice that both the Administrator and
FastSwitchUser are logged on, and that each has one running program.
8. Log on as FastSwitchUser with a password of P@ssw0rd
Notice that WordPad is still running and that the text you typed is still there.
9. Close the Document - WordPad window, on the Save changes to
Document message, click No.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 17



10. Click Start, click Log off, and on the Log Off Windows message, click
Log Off.
11. Log on as Administrator with a password of P@ssw0rd
12. Close the Document - WordPad window, on the Save changes to
Document message, click No.
13. Click Start, click Log off, and on the Log Off Windows message, click
Log Off.

18 Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network


Lesson: Configuring Local Security

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
To configure local security, you must configure Group Policy settings. In this
lesson, you will learn how configure security settings on individual accounts
and individual computers.
After completing this lesson, you will be able to:
! Describe the local security features.
! Describe the guidelines for increasing security for Local Policies.
! Describe the guidelines for using the CTRL+ALT+DEL security templates.
! Configure security settings on individual accounts and individual
computers.

Introduction
Lesson ob
j
ectives
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network 19



What Is Local Security Configuration?

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
Local security configuration allows you to modify security settings for users
and computers.
To modify security settings, you must use the Microsoft Management Console
(MMC) to access the appropriate administrative snap-ins. The MMC allows
you to create customized snap-ins (called consoles). Each console focuses on a
specific administrative task; for example, local security.
To configure local security, you must:
! Create a custom console.
! Add the Group Policy and Local Users and Groups snap-ins to the console.

To manage local security, use the customized console to:
! Create and manage users and groups.
! Set policies on individual accounts and computers.
! Configure Account Policies and Local Policies by using the Group Policy
snap-in.
! Configure security options, such as CTRL+ALT+DEL options, by using the
Local Computer Policy snap-in.

Using the Microsoft
Mana
g
ement Console
Configuring local
security

Mana
g
in
g
local securit
y