310 likes | 432 Views
Working with Users and Groups. Lesson 5. Skills Matrix. Skills Matrix. Understanding Local and Domain Users. Workgroups Domains. Chapter 5. Introducing Built-In Local Users. Administrator New User Account Guest. Chapter 5. Using Built-In Local Groups. Administrators Backup Operators
E N D
Working with Users and Groups Lesson 5
Understanding Local and Domain Users • Workgroups • Domains Chapter 5
Introducing Built-In Local Users • Administrator • New User Account • Guest Chapter 5
Using Built-In Local Groups • Administrators • Backup Operators • Cryptographic Operators • Distributed COM Users • Event Log Readers Chapter 5
Using Built-In Local Groups (cont.) • Guest • IIS_IUSRS • Network Configuration Operators • Performance Log Users • Power Users Chapter 5
Using Built-In Local Groups (cont.) • Remote Desktop Users • Replicator • Users • HelpServicesGroup Chapter 5
Introducing Special Identities • Anonymous Logon • Authenticated Users • Batch • Creator Owner • Creator Group • Dialup Chapter 5
Introducing Special Identities (cont.) • Everyone • Interactive • Network • Remote Interactive Logon • Service • Terminal Server Users Chapter 5
Creating and Managing Users and Groups • User Accounts control panel • Local Users And Groups MMC snap-in Chapter 5
Creating a New User Account • Click Start, and then click Control Panel. • Click User Accounts. • Click Add Or Remove User Accounts. • Click Create A New Account. Chapter 5
Creating a New User Account (cont.) • Type a name for the new account in the text box, and choose the appropriate radio button to specify whether the account should be a Standard User or an Administrator. • Click Create Account. Chapter 5
Creating a Local Group • Open the Computer Management console. • In the scope pane of the console (on the left side), expand the Local Users And Groups subheading and click Groups. Right-click the Groups folder and, from the context menu, select New Group. • In the Group Name text box, type the name you want to assign to the group. Click the Add button. Chapter 5
Creating a Local Group (cont.) • Type the names of the users that you want to add to the group, separated by semicolons, in the text box and click OK. • Click Create to create the group and populate it with the user(s) you specified. • Click Close. • Close the Computer Management console. Chapter 5
User Profile Types • Local user profile • Roaming user profile • Mandatory user profile Chapter 5
Configuring UAC Local Security Policies • Click Start, and then click Control Panel. • Click System And Maintenance > Administrative Tools • Double-click Local Security Policy Chapter 5
Configuring UAC Local Security Policies (cont.) • Expand the Local Policies header, and click Security Options. • Scroll down to the bottom of the policy list until you see the nine policies with the User Account Control prefix. • Double-click one of the User Account Control policies. Chapter 5
Configuring UAC Local Security Policies (cont.) • Select the radio button (or dropdown list option) for the setting you want the policy to use and click OK. • Close the Local Security Policy console and the Administrative Tools window. Chapter 5
Configuring Password Policies • Click Start, and then click Control Panel. • Click System And Maintenance > Administrative Tools. • Double-click Local Security Policy. • Expand the Account Policies header and click Password Policy. Double-click one of the password policies. Chapter 5
Configuring Password Policies (cont.) • Configure the policy by setting a value using the spin box, radio button, or other control and click OK. • Close the Local Security Policy console and the Administrative Tools window. Chapter 5
You Learned • The user account is the fundamental unit of identity in the Windows operating systems. • A group is an identifying token that Windows uses to represent a collection of users. Chapter 5
You Learned (cont.) • A workgroup is a collection of computers that are all peers. A peer network is one in which every computer can function as both a server, by sharing its resources with other computers, and a client, by accessing the shared resources on other computers. • A domain is a collection of computers that all utilize a central directory service for authentication and authorization. Chapter 5
You Learned (cont.) • Windows Vista includes a number of built-in local groups that are already equipped with the permissions and rights needed to perform certain tasks. • A special identity is essentially a placeholder for a collection of users with a similar characteristic. Chapter 5
You Learned (cont.) • Windows Vista provides two separate interfaces for creating and managing local user accounts: the User Accounts control panel and the Local Users And Group snap-in for the Microsoft Management Console (MMC). • A roaming user profile is simply a copy of a local user profile that is stored on a network share so that the user can access it from any computer on the network. Chapter 5
You Learned (cont.) • A mandatory user profile is simply a read-only roaming user profile. • On a Windows Vista computer running User Account Control (UAC), a standard user still receives a standard user token, but an administrative user receives two tokens: one for standard user access and one for administrative user access. Chapter 5
You Learned (cont.) • When a standard user attempts to perform a task that requires administrative privileges, the system displays a credential prompt, requesting that the user supply the name and password for an account with administrative privileges. Chapter 5
You Learned (cont.) • When an administrator attempts to perform a task that requires administrative access, the system switches the account from the standard user token to the administrative token. This is known as Admin Approval Mode. Chapter 5
You Learned (cont.) • Before the system permits the user to employ the administrative token, it requires the human user to confirm that he or she is actually trying to perform an administrative task. To do this, the system generates an elevation prompt. Chapter 5
You Learned (cont.) • The secure desktop is an alternative to the interactive user desktop that Windows normally displays. When Vista generates an elevation or credential prompt, it switches to the secure desktop, suppressing the operation of all other desktop controls and permitting only Windows processes to interact with the prompt. Chapter 5
You Learned (cont.) • User Account Control is enabled by default in all Windows Vista installations, but it is possible to configure several of its properties, or even disable it completely, using Local Security Policy. Chapter 5