1
WORKING WITH
USER ACCOUNTS
Chapter 6
Chapter 6: WORKING WITH USER ACCOUNTS 2
CHAPTER OVERVIEW
•
Understand the differences between local user
and domain user accounts.
•
Plan, create, and manage local and domain user
accounts.
•
Create and manage user accounts by using
templates, importation, and command-line tools.
•
Manage user profiles.
•
Understand the purpose and function of profiles.
•
Troubleshoot user authentication issues.
Chapter 6: WORKING WITH USER ACCOUNTS 3
UNDERSTANDING USER ACCOUNTS
•
Local user accounts stored in the Security
Accounts Manager (SAM) database on that
system
•
Can be used only on that system
•
Domain user accounts
•
Stored in Active Directory on domain controllers
•
Can be used on any system in Active Directory
Chapter 6: WORKING WITH USER ACCOUNTS 4
WORKGROUPS
•
No centralized database of user accounts
•
User account must exist in the SAM of each
system the user accesses
•
Impractical in environments with more than 10
users
Chapter 6: WORKING WITH USER ACCOUNTS 5
DOMAINS
Chapter 6: WORKING WITH USER ACCOUNTS 6
PLANNING USER ACCOUNTS OVERVIEW
•
Account naming
•
Choosing passwords
•
Designing an Active Directory hierarchy
Chapter 6: WORKING WITH USER ACCOUNTS 7
ACCOUNT NAMING
•
Account names can be up to 256 characters
•
Account names authentication credential can be
between 1 and 20 characters (letters and/or
numbers).
•
For names longer than 20 characters the first 20
must be unique.
•
Account names are not case sensitive.
•
The following characters cannot be used in the
account name:
•
" / \ [ ] : ; | , + = * ? < > @
Chapter 6: WORKING WITH USER ACCOUNTS 8
STRONG PASSWORDS
•
Cannot be easily guessed or broken by a
password cracking program.
•
Use password policy:
•
Enforce strong password (PASSFILT.DLL)
•
Must be six characters long
•
At least three (3) of the following four (4) classes:
•
Upper case
•
Lower case
•
Westernized Arabic numeral (0 – 9)
•
Special characters
•
Cannot contain user name or any part of full name
•
Example: Up2Lower5
Chapter 6: WORKING WITH USER ACCOUNTS 9
ACCOUNT PASSWORD POLICY
Chapter 6: WORKING WITH USER ACCOUNTS 10
DESIGNING AN ACTIVE DIRECTORY
HIERARCHY
•
Create an organizational unit (OU) structure
•
Place users in appropriate OU
•
Provides for features such as group policy
Chapter 6: WORKING WITH USER ACCOUNTS 11
WORKING WITH LOCAL USER
ACCOUNTS
Chapter 6: WORKING WITH USER ACCOUNTS 12
CREATING A LOCAL USER ACCOUNT
Chapter 6: WORKING WITH USER ACCOUNTS 13
MANAGING LOCAL USER ACCOUNTS
Chapter 6: WORKING WITH USER ACCOUNTS 14
WORKING WITH DOMAIN USER
ACCOUNTS
Chapter 6: WORKING WITH USER ACCOUNTS 15
CREATING A DOMAIN USER ACCOUNT
Chapter 6: WORKING WITH USER ACCOUNTS 16
MANAGING DOMAIN USER ACCOUNTS
•
From the Action menu, you can:
•
Reset a user account password.
•
Rename, disable, and delete an account.
•
Modify group membership.
•
Send e-mail and open a user’s homepage.
Chapter 6: WORKING WITH USER ACCOUNTS 17
THE GENERAL TAB
Chapter 6: WORKING WITH USER ACCOUNTS 18
THE ADDRESS TAB
Chapter 6: WORKING WITH USER ACCOUNTS 19
THE TELEPHONES TAB
Chapter 6: WORKING WITH USER ACCOUNTS 20
THE ORGANIZATION TAB
Chapter 6: WORKING WITH USER ACCOUNTS 21
THE ACCOUNT TAB
Chapter 6: WORKING WITH USER ACCOUNTS 22
THE PROFILE TAB
Chapter 6: WORKING WITH USER ACCOUNTS 23
THE MEMBER OF TAB
Chapter 6: WORKING WITH USER ACCOUNTS 24
THE TERMINAL SERVICES PROFILE TAB
Chapter 6: WORKING WITH USER ACCOUNTS 25
THE ENVIRONMENT TAB