120 likes | 214 Views
DIT314 ~ Client Operating System & Administration. CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias. 5.1 Introduction to user accounts. What is a User Accounts? A profile that defines user rights, customization and settings
E N D
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias
5.1 Introduction to user accounts • What is a User Accounts? • A profile that defines user rights, customization and settings • Allow a person to log on to the computer/network • Also determine the ability for a person to perform certain task on the computer • User Accounts properties; • Access right • Desktop layout • Individual user favorites and history • Use of a private “my documents” folder
5.2 Types of User Accounts • Windows XP uses 3 types of user accounts • Local User Account • Built-in User Account • Domain User Account 5.2.1 Local User Account • Allows user to log on a specific computer in order to use it • The user’s information is stored locally and verified during the login process • So, you can only login to the pc where your user account has been created because it will not be replicated to another pc • When you create a local user accounts, windows XP creates a local security database in the same computer • The local security database is used to verify (authenticate) the user during the log on process
5.2.1 Local User Accounts Properties of Local User Account • Provide access to resources on the local computer • Created in the computer not in a domain • Created in the local security database Example : • Right click My Computer -> Manage • Right click Users Folder -> New User • Fill in the forms of username, full name, description and password, confirm password • Select check box options ->Click Create button
5.2.1 Local User Accounts Options that are available when creating a local user account • User must change password at next logon • This option is selected by default • Meaning the user can specify their own password when they login for the first time • User cannot change Password • If the box is checked, the user has no rights to change his password, only the administrator can change it • However this option is not available if the first checkbox is checked • Password never expires • Select this box if you want to remain with the same password for a long time. • This option is not available if you check the first box • Account is disabled • Select this box if you want to block any user
5.2.2 Built-In User Accounts There are 3 types of built-in user accounts in Windows XP : • Administrator User Account • Can install software and hardware • Can create, modify and delete user accounts • Have full access of all files and programs • Can create/change passwords for all user accounts • Can modify names, pictures and account types of all users • Have full access of system software and hardware • Limited User Account • Can access already installed software • Can modify own user account with exception of account name or type • Cannot install software and hardware • Can create files in Shared Document folder • Can change desktop themes, wallpaper and screensaver • Guest User Account • Cannot install software and hardware • Cannot modify guest account and profile • The account is disable by default
Domain user account allow you to log on the domain and access the computer anywhere in the network During logon the username, password and domain name is checked by the domain controller. Domain controller is a server machine where all domain user’s info is stored. 5.2.3 Domain User Accounts Domain Controller Domain User Account • Active Directory • Microsoft’s directory • database for windows • 2000 network Domain user • What a Domain User Account can do ? • Provide access to network resources • Provide access to server (domain controller) and its resources • Allowed to access any resources on other computers which are part of that domain
5.3 User Profile • When you create an account, windows machine will create a profile that is a User Profile • This user profile contains all the information the computer needs to personalize the computer • The profile contains your desktop icon, shortcuts, personalized start menu and folders. • NTUSER.DAT file in the Windows Registry stores critical information such as network settings, network printer definition and desktop setting. • When you login, the file is read and Windows will set your environment accordingly • Some items in the user profile is ; • Application data • Cookies • Desktop
5.4 Groups • Every local user accounts belongs to 1 or >1 user groups • Properties of a Group • Groups are collection of user accounts • Members of same group have similar permission and rights • A single user can be a member of multiple group • Groups, itself can become member of other groups • Groups help in controlling and managing computer resources over a network • Windows XP has 4 primary user groups 1. Administrator 3. Users 2. Power Users 4. Guest
Administrator group Is the most powerful group of all, have the ability to change their own permission and others Rights Can install the OS and component Install service packs and windows pack Upgrade and repair the Operating system Configure critical OS parameter Take ownership of files that has become inaccessible Manage the security and auditing logs Back up and restore system Power User Groups Have more permission than user group, less than Administrator group Can perform any task except the Admin task (cannot modify any properties of Admin group) Rights Run already installed application Install programs that do not modify OS files and system files Customize printers, date time etc Create and manage local user accounts and groups Stop and start service 5.4 Groups
Users group Is the most secure because they do not have the permission to modify OS and other user’s data Rights User cannot modify system wide registry, OS Files and system files Can shut down workstation not servers Can create local group and only can manage the created group Can run installed programs Have full control of own files Guest Groups Guest account is the member of Guest group The guest groups are intended for those users who have no user account on the pc Rights Cannot install software and hardware, but can use it Cannot change the properties of guest account Cannot change picture 5.4 Groups
5.4 Create Group Example; • Right click My Computer -> Manage • Right click Groups Folder -> New Group • Fill in the group name (Marketing) and description -> create group • Find the new user -> Add to the Sales group