Chapter 6 managing users
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (806.34 KB, 66 trang )
Chapter
6
Managing Users
MICROSOFT EXAM OBJECTIVES COVERED IN
THIS CHAPTER
Implement, configure, manage, and troubleshoot local user
accounts.
Implement, configure, manage, and troubleshoot auditing.
Implement, configure, manage, and troubleshoot account
settings.
Implement, configure, manage, and troubleshoot account
policy.
Create and manage local users and groups.
Implement, configure, manage, and troubleshoot user
rights.
Implement, configure, manage, and troubleshoot local user
authentication.
Configure and troubleshoot local user accounts.
Configure and troubleshoot domain user accounts.
Implement, configure, manage, and troubleshoot a security
configuration.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
O
ne of the most fundamental tasks in network management
is the creation of user accounts. Without a user account, a user cannot log on
to a computer, server, or network.
When users log on, they supply a username and password. Then their user
accounts are validated by some security mechanism. In Windows 2000 Professional, users can log on to a computer locally, or they can log on through
the Active Directory.
When you first create users, you assign them usernames, passwords,
and password settings. After a user is created, you can change these settings and select other options for that user through the user Properties
dialog box.
You can also set up policies to help manage user accounts. Account policies are used to control the logon environment for the computer, such as
password and logon restrictions. Local policies specify what users are able to
do once they log on and include auditing, user rights, and security options.
In this chapter, you will learn about user management at the local level.
This chapter covers how to create user accounts, manage user properties, set
account and local policies, and troubleshoot user account authentication.
We’ll begin with an overview of the types of Windows 2000 user accounts
and how the logon process works.
Reviewing Windows 2000 User Accounts
W
hen you install Windows 2000 Professional, several user accounts
are created automatically. You can then create new user accounts. On Windows 2000 Professional computers, you can create local user accounts. If
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Reviewing Windows 2000 User Accounts
243
your network has a Windows 2000 Server domain controller, your network
can have domain user accounts.
Built-In Accounts
By default, a computer that is installed with Windows 2000 Professional in
a workgroup has three users:
Administrator The Administrator account is a special account that has
full control over the computer. You provide a password for this account
during Windows 2000 Professional installation. The Administrator
account can perform all tasks, such as creating users and groups, managing the file system, and setting up printing.
Guest The Guest account allows users to access the computer even if
they do not have a unique username and password. Because of the inherent security risks associated with this type of user, this account is disabled
by default. When this account is enabled, it is usually given very limited
privileges.
Initial user The initial user account uses the name of the registered user.
This account is created only if the computer is installed as a member of a
workgroup, rather than as part of a domain. By default, the initial user is
a member of the Administrators group.
By default, the name Administrator is given to the account with full control
over the computer. You can increase the computer’s security by renaming the
Administrator account and then creating an account named Administrator
without any permissions. This way, even if a hacker is able to log on as
Administrator, the intruder won’t be able to access any system resources.
Local and Domain User Accounts
Windows 2000 supports two kinds of users: local users and domain users. A
computer that is running Windows 2000 Professional has the ability to store
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
244
Chapter 6
Managing Users
its own user accounts database. The users that are stored at the local computer are known as local user accounts.
Microsoft
Exam
Objective
Implement, configure, manage, and troubleshoot local user
authentication.
Configure and troubleshoot local user accounts.
Configure and troubleshoot domain user accounts.
The Active Directory is a directory service that is available with the Windows 2000 Server platform. It stores information in a central database that
allows users to have a single user account for the network. The users that are
stored in the Active Directory’s central database are called domain user
accounts.
If you use local user accounts, they are required on each computer that the
user needs access to within the network. For this reason, domain user
accounts are commonly used to manage users on large networks.
On Windows 2000 Professional computers and Windows 2000 member
servers, you create local users through the Local Users and Groups utility, as
described in the “Working with User Accounts” section later in the chapter.
On Windows 2000 Server domain controllers, you manage users with the
Microsoft Active Directory Users and Computers utility.
The Active Directory is covered in detail in MCSE: Windows 2000 Directory
Services Administration Study Guide, by Anil Desai with James Chellis
(Sybex, 2000).
Logging On and Logging Off
Users must log on to a Windows 2000 Professional computer before
they can use that computer. When you create user accounts, you set up the
computer to accept the logon information provided by the user.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Logging On and Logging Off
245
When users are ready to stop working on a Windows 2000 Professional
computer, they should log off. Logging off is accomplished through the Windows Security dialog box.
The following sections describe the logon and logoff processes and the
options in the Windows Security dialog box.
Local User Logon Authentication
When you log on to a Windows 2000 Professional computer locally, you
must present a valid username and password (ones that exist within the local
accounts database). As part of a successful authentication, the following
steps take place:
1. At system startup, the user is prompted to press Ctrl+Alt+Delete to
access the logon dialog box. The user types in a valid logon name and
password, and then clicks the OK button.
The Ctrl+Alt+Delete sequence was originally used for security purposes.
Security violations occurred when programs were written to mimic the logon
process, but were actually copying out the username and password. If a rogue
password program were running and you pressed Ctrl+Alt+Delete, it would
cause the computer to reboot or the Windows Security dialog box to appear.
2. The local computer compares the user’s logon credentials with the
information in the local security database.
3. If the information presented matches the account database, an access
token is created. Access tokens are used to identify the user and the
groups that the user is a member of.
Access tokens are created only when you log on. If you change group memberships, you need to log off and log on again to update the access token.
Figure 6.1 illustrates the three main steps in the logon process.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
246
Chapter 6
Managing Users
FIGURE 6.1
The logon process
User logs on locally
?
User is checked
against database
Authentication returned
User
Local Security Database
Other actions that take place as part of the logon process include the
following:
The system reads the part of the Registry that contains user configuration information.
The user’s profile is loaded. (User profiles are discussed briefly in the
“Setting Up User Profiles, Logon Scripts, and Home Folders” section
later in this chapter and in more detail in Chapter 8, “Using User Profiles and Hardware Profiles.”)
Any policies that have been assigned to the user through a user or
group policy are enforced. (Policies for users are discussed later in this
chapter, in the “Using Account Policies” and “Using Local Policies”
sections. Group policies are covered in Chapter 7, “Managing
Groups.”)
Any logon scripts that have been assigned are executed. (Assigning
logon scripts to users is discussed in the “Setting Up User Profiles,
Logon Scripts, and Home Folders” section.)
Persistent network and printer connections are restored. (Network
connections are discussed in Chapter 11, “Managing Network Connections,” and printer connections are covered in Chapter 12, “Managing Printing.”)
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Logging On and Logging Off
247
Through the logon process, you can control what resources a user can access
by assigning permissions. Permissions are granted to either users or groups.
Permissions also determine what actions a user can perform on a computer.
In Chapter 10, “Accessing Files and Folders,” you will learn more about
assigning resource permissions.
Logging Off Windows 2000 Professional
You normally log off Windows 2000 Professional via the Windows Security
dialog box, shown in Figure 6.2. (Another way to log off is to use Start
Shutdown Logoff.) You access the Windows Security dialog box by pressing Ctrl+Alt+Delete.
FIGURE 6.2
The Windows Security dialog box
The Windows Security dialog box shows which user is currently logged on,
as well as the logon date and time. From this dialog box, you can just log off
the current user (and leave the computer running) or you can log off and shut
down the computer. In addition, there are a few other tasks you can perform
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
248
Chapter 6
Managing Users
using the Windows Security dialog box. Table 6.1 lists the options in the Windows Security dialog box.
TABLE 6.1
The Windows Security Dialog Box Options
Option
Description
Lock Computer
Leaves the current user logged on while securing the
computer from other access. You type in the password
of the user who locked the computer to unlock it.
Change
Password
Allows users to change their own password. The user
must enter the old password and then type in and confirm the new password.
Log Off
Logs off the active user but leaves the Windows 2000
Professional computer running. This allows other users
to access services and shares that have been created on
that computer.
Task Manager
Brings up the Task Manager utility.
Shut Down
Forces all files to be closed, saves all changes that have
been made to the operating system, and prepares the
computer to be shut down.
Cancel
Closes the Windows Security dialog box without making any changes.
In Exercise 6.1, you will use the options in the Windows Security dialog
box. You should already be logged on as Administrator before you begin this
exercise.
EXERCISE 6.1
Using the Windows Security Dialog Box
1. Press Ctrl+Alt+Delete to access the Windows Security dialog box.
2. Click the Lock Computer button to lock the computer.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
249
EXERCISE 6.1 (continued)
3. Press Ctrl+Alt+Delete. Supply the Administrator password to unlock
the computer.
4. Click the Change Password button to access the Change Password
dialog box. You can change the password or click the Cancel button
to keep your current password.
5. Click the Task Manager button. Click each tab in the Task Manager
window to get a general idea of the features that Task Manager
offers. (See Chapter 14, “Optimizing Windows 2000,” for details on
using the Task Manager.)
6. When you’re finished exploring, close the Task Manager window.
You return to the Desktop.
Working with User Accounts
T
o set up and manage users, you use the Local Users and Groups utility. With Local Users and Groups, you can create, delete, and rename user
accounts, as well as change passwords.
Microsoft
Exam
Objective
Implement, configure, manage, and troubleshoot local user
accounts.
Implement, configure, manage, and troubleshoot account settings.
Create and manage local users and groups.
The procedures for many basic user management tasks—such as creating,
disabling, deleting, and renaming user accounts—are the same for both Windows 2000 Professional and Server.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
250
Chapter 6
Managing Users
Using the Local Users and Groups Utility
The first step to working with Windows 2000 Professional user accounts is
to access the Local Users and Groups utility. There are two common methods for accessing this utility:
You can load Local Users and Groups as a Microsoft Management
Console (MMC) snap-in. (See Chapter 4, “Configuring the Windows 2000 Environment,” for details on the MMC and the purpose
of snap-ins.)
You can access the Local Users and Groups utility through the Computer Management utility.
The following steps are used to add the Local Users and Groups snap-in
to the MMC:
1. Select Start
Run, type MMC in the Run dialog box, and press Enter to
open the MMC window, as shown in Figure 6.3.
FIGURE 6.3
The MMC window
2. Select Console
Add/Remove Snap-in to open the Add/Remove
Snap-in dialog box.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
251
3. Click the Add button to open the Add Standalone Snap-in dialog box.
4. Select Local Users and Groups and click the Add button.
5. The Choose Target Machine dialog box appears, with Local Computer
selected. Click the Finish button. You return to the Add Standalone
Snap-in dialog box.
6. Click the Close button. You return to the Add/Remove Snap-in dia-
log box.
7. Click the OK button. You will see that the Local Users and Groups
snap-in has been added to the MMC, as shown in Figure 6.4.
FIGURE 6.4
The Local Users and Groups snap-in added to the MMC
8. Save the console by selecting Console
Save. Specify the path and filename for your console. For easy access to the MMC, you might want
to save the console to your Desktop.
If your computer doesn’t have the MMC configured, the quickest way to
access the Local Users and Groups utility is through the Computer Management utility. Right-click My Computer and select Manage from the pop-up
menu to open the Computer Management window. In the System Tools
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
252
Chapter 6
Managing Users
folder, you will see the Local Users and Groups folder. Expand that folder to
access the Users and Groups folders in the utility, as shown in Figure 6.5.
FIGURE 6.5
The Local Users and Groups folder in Computer Management
In Exercise 6.2, you will use both methods for accessing the Local Users
and Groups utility.
EXERCISE 6.2
Accessing the Local Users and Groups Utility
In this exercise, you will first add the Local Users and Groups snap-in to
the MMC. Next, you will add a shortcut to your Desktop that will take
you to the MMC. Finally, you will use the other access technique of
opening the Local Users and Groups utility from the Computer
Management utility.
Adding the Local Users and Groups Snap-in to the MMC
1. Select Start
Run. In the Run dialog box, type MMC and press Enter.
2. Select Console
Add/Remove Snap-in.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
253
EXERCISE 6.2 (continued)
3. In the Add/Remove Snap-in dialog box, click the Add button.
4. In the Add Standalone Snap-in dialog box, select Local Users and
Groups and click the Add button.
5. In the Choose Target Machine dialog box, click the Finish button to
accept the default selection of Local Computer.
6. Click the Close button in the Add Standalone Snap-in dialog box.
Then click the OK button in the Add/Remove Snap-in dialog box.
7. In the MMC window, expand the Local Users and Groups folder to
see the Users and Groups folders.
Adding the MMC to Your Desktop
1. Select Console
Save. Click the folder with the up arrow icon until
you are at the root of the computer.
2. Select the Desktop option and specify Admin Console as the filename. The default extension is .msc. Click the Save button.
Accessing Local Users and Groups through Computer Management
1. Right-click My Computer and select Manage.
2. In the Computer Management window, expand the System Tools
folder, then expand the Local Users and Groups folder.
Creating New Users
To create users on a Windows 2000 Professional computer, you must be
logged on as a user with permissions to create a new user, and you must be
a member of the Administrators group or Power Users group. (Groups are
covered in Chapter 7.)
Username Rules and Conventions
The only real requirement for creating a new user is that you must provide a valid username. “Valid” means that the name must follow the Windows 2000 rules for usernames. However, it’s also a good idea to have
your own rules for usernames, which form your naming convention.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
254
Chapter 6
Managing Users
The following are the Windows 2000 rules for usernames:
A username must be between 1 and 20 characters.
The username must be unique to all other user and group names
stored on the specified computer.
The username cannot contain the following characters:
*/\[]:;|=,+*?<>“
A username cannot consist exclusively of periods or spaces.
Keeping these rules in mind, you should choose a naming convention,
which is a consistent naming format. For example, consider a user named
Kevin Donald. One naming convention might use the last name and first initial, for the username DonaldK. Another naming convention might use the
first initial and last name, for the username KDonald. Other user-naming
conventions are based on the naming convention defined for e-mail names,
so that the logon name and e-mail name match. You should also provide a
mechanism that would accommodate duplicate names. For example, if you
had a user named Kevin Donald and a user named Kate Donald, you might
use a middle initial, for the usernames such as KLDonald and KMDonald.
Naming conventions should also be applied to objects such as groups, printers,
and computers.
Usernames and Security Identifiers
When you create a new user, a security identifier, or SID, is automatically
created on the computer for the user account. The username is a property of
the SID. For example, a user SID might look like this:
S-1-5-21-823518204-746137067-120266-629-500
It’s apparent that using SIDs would make administration a nightmare.
Fortunately, for your administrative tasks, you see and use the username
instead of the SID.
SIDs have several advantages. Because Windows 2000 uses the SID as the
user object, you can easily rename a user while still retaining all the properties of that user. SIDs also ensure that if you delete and recreate a user using
the same username, the new user account will not have any of the properties
of the old account, because it is based on a new, unique SID. Renaming and
deleting user accounts are discussed later in this chapter.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
255
Options for New User Accounts
To create a new user, you open the Local Users and Groups utility, highlight
the Users folder, and select Action New User. This opens the New User
dialog box, as shown in Figure 6.6.
FIGURE 6.6
The New User dialog box
In this dialog box, you must fill in the User Name field. All of the other settings in the New User dialog box are optional. Table 6.2 describes the options
in the New User dialog box.
TABLE 6.2
The New User Dialog Box Options
Option
Description
User Name
Defines the username for the new account. Choose a
name that is consistent with your naming convention
(e.g., WSmith). This is the only required field. Usernames
are not case-sensitive.
Full Name
Allows you to provide more detailed information about
this user. This is typically the user’s first and last name
(e.g., Wendy Smith). By default, this field is the same as
the entry in the User Name field.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
256
Chapter 6
Managing Users
TABLE 6.2
The New User Dialog Box Options (continued)
Option
Description
Description
Allows you to provide additional information. This is typically used to specify a title and/or location (e.g., SalesTexas), but it can be used for any purpose.
Password
Assigns the initial password for the user. For security purposes, it is not advisable to use readily available information about the user. Passwords can be up to 14 characters
and are case-sensitive.
Confirm
Password
Confirms that you typed the password the same way two
times to verify that you entered the password correctly.
User Must
Change Password at Next
Logon
If selected, forces the user to change the password the
first time that user logs on. This is done to increase security. By default, this option is selected.
User Cannot
Change
Password
If selected, prevents a user from changing the password.
It is useful for accounts like Guest and those that are
shared by more than one user. By default, this option is
not selected.
Password
Never
Expires
If selected, specifies that the password will never expire,
even if a password policy has been specified. For example, you might select this option if this is a service account
and you did not want the administrative overhead of
managing changing passwords. By default, this option is
not selected.
Account Is
Disabled
If selected, specifies that this account cannot be used for
logon purposes. For example, you might select this option for template accounts or if an account is not currently
being used. It helps keep inactive accounts from posing
security threats. By default, this option is not selected.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
257
Make sure that your users know that usernames are not case-sensitive, but
passwords are.
In Exercise 6.3, you will create several new local user accounts. We will use
these users for the subsequent exercises in this chapter. Before you start this
exercise, make sure that you are logged on as user with permissions to create
new users and have already added the Local Users and Groups snap-in to the
MMC (see Exercise 6.2).
EXERCISE 6.3
Creating New Local Users
1. Open the MMC and expand the Local Users and Groups snap-in.
2. Highlight the Users folder and select Action
New User. The New
User dialog box appears.
3. In the User Name text box, type Cam.
4. In the Full Name text box, type Cam Presely.
5. In the Description text box, type Sales Vice President.
6. Click the Create button to add the user. (Leave the Password and
Confirm Password text boxes empty and the defaults for the check
boxes.)
7. Use the New User dialog box to create six more users, filling out the
fields as follows:
Name: Dick; Full Name: Dick Jones; Description: Sales-Florida;
Password: (blank)
Name: Terry; Full Name: Terry Belle; Description: Marketing;
Password: (blank)
Name: Ron; Full Name: Ron Klein; Description: PR; Password:
superman
Name: Wendy; Full Name: Wendy Smith; Description: SalesTexas; Password: supergirl
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
258
Chapter 6
Managing Users
EXERCISE 6.3 (continued)
Name: Emily; Full Name: Emily Buras; Description: President;
Password: peach
Name: Michael; Full Name: Michael Phillips; Description: Tech
Support; Password: apple
8. After you’ve finished creating all of the users, click the Close button
to exit the New User dialog box.
You can also create users through the command-line utility NET USER. For
more information about this command, type NET USER /? from a command
prompt.
Disabling User Accounts
When a user account is no longer needed, the account should be disabled or
deleted. If you choose to disable an account, you can later enable that
account to restore it with all of its associated user properties. An account
that is deleted can never be recovered.
User accounts that are not in use pose a security threat because an intruder
could access your network though an inactive account. For example, after
inheriting a network, I ran a network security diagnostic and noticed several
accounts for users who no longer worked for the company. These accounts
had Administrative rights, including dial-in permissions. This was not a good
situation, and the accounts were deleted on the spot.
You might disable an account because a user will not be using it for a
period of time, perhaps because that employee is going on vacation or taking a leave of absence. Another reason to disable an account is if you’re
planning on putting another user in that some function. For example, suppose that Rick, the engineering manager, quit. If you disable his account,
when your company hires a new engineering manager, you can simply
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
259
rename the user account (from Rick to the username for the new manager)
and enable that account. This ensures that the user who takes over Rick’s
position will have all of the user properties and own all of the resources
that original user Rick had.
Disabling accounts also provides a security mechanism for special situations. For example, if your company were laying off a group of people, a
security measure would be to disable their accounts at the same time as these
employees get their layoff notices. This prevents the users from inflicting any
damage to the company’s files on their way out. (Yes, this does seem coldhearted, and other employees are bound to fear for their jobs any time the
servers go down and they aren’t able to log on, but it does serve the purpose.)
You disable a user account by checking the Account Is Disabled check
box in the user’s Properties dialog box, shown in Figure 6.7. To access this
dialog box, double-click the user account in the Users folder in the Local
Users and Groups utility.
FIGURE 6.7
A user Properties dialog box
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
260
Chapter 6
Managing Users
In Exercise 6.4, you will disable a user account. Before you follow this
exercise, you should have already created new users (see Exercise 6.3).
EXERCISE 6.4
Disabling a User
1. Open the MMC and expand the Local Users and Groups snap-in.
2. Open the Users folder. Double-click user Dick to open his Properties
dialog box.
3. In the General tab, check the Account Is Disabled box. Click the OK
button.
4. Log off as Administrator and attempt to log on as Dick. This should
fail, since the account is now disabled.
5. Log on as Administrator.
You can also access a user’s Properties dialog box by highlighting the user
and right-clicking (clicking the secondary mouse button).
Deleting User Accounts
As noted in the previous section, you should delete a user account if you are
sure that the account will never be needed again.
To delete a user, open the Local Users and Groups utility, highlight the
user account you wish to delete, and click Action to bring up the menu
shown in Figure 6.8. Then select Delete.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
FIGURE 6.8
261
Choosing to delete a user
Because user deletion is a permanent action, you will see the dialog box
shown in Figure 6.9, asking you to confirm that you really wish to delete the
account. After you click the Yes button here, you will not be able to recreate
or reaccess the account (unless you restore your local user accounts database
from a backup).
FIGURE 6.9
Confirming user deletion
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
262
Chapter 6
Managing Users
In Exercise 6.5, you will delete a user account. This exercise assumes that
you have completed the previous exercises in this chapter.
EXERCISE 6.5
Deleting a User
1. Open the MMC and expand the Local Users and Groups snap-in.
2. Open the Users folder and highlight user Dick.
3. Select Action
Delete. The dialog box for confirming user deletion
appears.
4. Click the Yes button.
The Administrator and Guest accounts cannot be deleted. The initial user
account can be deleted.
Renaming Users
Once an account has been created, you can rename the account at any time.
Renaming a user account allows the user to retain all of the associated user
properties of the previous username. As noted earlier in the chapter, the
name is a property of the SID.
You might want to rename a user account because the user’s name has
changed (for example, the user got married) or because the name was spelled
incorrectly. Also, as explained in the “Disabling User Accounts” section, you
can rename an existing user’s account for a new user who you want to have
the same properties, such as someone hired to take an ex-employee’s position.
To rename a user, open the Local Users and Groups utility, highlight the
user account you wish to rename, and select Action Rename. Edit the username and press Enter to complete the action.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Working with User Accounts
263
In Exercise 6.6, you will rename a user account. This exercise assumes
that you have completed all of the previous exercises in this chapter.
EXERCISE 6.6
Renaming a User
1. Open the MMC and expand the Local Users and Groups snap-in.
2. Open the Users folder and highlight user Terry.
3. Select Action
Rename.
4. Type in the username Taralyn and press Enter. Notice that the Full
Name retained the original property of Terry in the Local Users and
Groups utility.
Renaming a user does not change any “hard-coded” names, such as the
user’s home folder. If you want to change these names as well, you need to
modify them manually.
Changing a User’s Password
What do you do if user Terry forgot her password and can’t log on? You
can’t just open a dialog box and see her old password. However, as the
Administrator, you can change Terry’s password, and then she can use the
new one.
To change a user’s password, open the Local Users and Groups utility,
highlight the user account, and select Action Set Password. Type in the
new password to set it and then again to confirm it.
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
264
Chapter 6
Managing Users
In Exercise 6.7, you will change a user’s password. This exercise assumes
that you have completed all of the previous exercises in this chapter.
EXERCISE 6.7
Changing a User’s Password
1. Open the MMC and expand the Local Users and Groups snap-in.
2. Open the Users folder and highlight user Ron.
3. Select Action
Set Password. The Set Password dialog box
appears.
4. Type in the new password and then confirm the password. Click the
OK button.
Managing User Properties
F
or more control over user accounts, you can configure user properties. Through the user Properties dialog box, you can change the original
password options, add the users to existing groups, and specify user profile
information.
Microsoft
Exam
Objective
Implement, configure, manage, and troubleshoot local user
accounts.
Implement, configure, manage, and troubleshoot account settings.
Create and manage local users and groups.
To open the user Properties dialog box, access the Local Users and
Groups utility, open the Users folder, and double-click the user account. The
user Properties dialog box has tabs for the three main categories of properties: General, Member Of, and Profile.
The General tab (see Figure 6.7 earlier in the chapter) contains the information that you supplied when you set up the new user account, including
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
Managing User Properties
265
any Full Name and Description information you entered, the password
options you selected, and whether or not the account is disabled (see the
“Creating a New User” section earlier in this chapter). If you want to modify
any of these properties after you’ve created the user, simply open the user
Properties dialog box and make the changes on the General tab.
The Member Of tab is used to manage the user’s membership in groups.
The Profile tab lets you set properties to customize the user’s environment.
These properties are discussed in detail in the following sections.
Managing User Group Membership
The Member Of tab of the user Properties dialog box displays all the groups
that the user belongs to, as shown in Figure 6.10. From this tab, you can add
the user to an existing group or remove that user from a group. To add a user
to a group, click the Add button and select the group that the user should
belong to. If you want to remove the user from a group, highlight the group
and click the Remove button.
FIGURE 6.10
The Member Of tab of the user Properties dialog box
Copyright © 2000 SYBEX Inc., Alameda, CA.
www.sybex.com
