Creating and Managing User Accounts

1
Creating and Managing User Accounts
2
Overview

• Introduction to User Accounts
• Guidelines for New User Accounts
• Creating Local User Accounts
• Creating and Configuring Domain User Accounts
• Setting Properties for Domain User Accounts

3
Introduction to User Accounts
Built-in User Accounts

• Enable users to perform administrative tasks or
  gain temporary access to network resources
• Reside in SAM (local built-in user accounts)
• Reside in Active Directory (domain built-in user
  accounts)

Administrator and Guest
4
Guidelines for New User Accounts

• Naming Conventions
• Password Guidelines
• Account Options

5
Naming Conventions

• User Logon Names and Full Names Must Be Unique
• User Logon Names
• Can contain up to 20 characters
• Can include a combination of special alphanumeric
  characters
• A Naming Convention Should
• Accommodates duplicate employee names
• Identifies temporary employees

6
Password Guidelines

• Assign a Password for the Administrator Account
• Determine Who Has Control over Passwords
• Educate Users on How to Use Password
• Use long passwords
• Use a combination of uppercase and lowercase
  characters

7
Account Options

• Set Logon Hours to Match Users Work Hours
• Specify the Computers from Which a User Can Log
  On
• Domain users can log on at any computer in the
  domain, by default
• Domain users can be restricted to specific
  computers to increase security
• Specify When a User Account Expires

8
Creating Local User Accounts
Local User Accounts Are

• Created on Computers Running Windows 2000
  Professional
• Created on Stand-alone or Member Servers Running
  Windows 2000 Server or Windows 2000 Advanced
  Server
• Reside in SAM

9
Lab A Creating Local User Accounts
10
Creating and Configuring Domain User Accounts

• Creating a Domain User Account
• Setting Password Requirements
• Managing User Data by Creating Home Folders

11
Creating a Domain User Account
DNS Administra
New Object - User
Delegate Control
12
Setting Password Requirements
New Object - User
Create in nwtraders.msft/Users
Password

Confirm Password

User must change password at next logon
User cannot change password
Password never expires
Account is disabled
lt Back
Next gt
Cancel
13
Managing User Data by Creating Home Folders

• Consider the Following WhenYou Create a Home
  Folder
• Backup and restore capability
• Sufficient space on the server
• Sufficient space on users computers
• Network performance
• To Create a Home Folder
• Create a shared folder on a server
• Assign the appropriate permission
• Provide a path for the user account

14
Setting Properties for Domain User Accounts

• Setting Personal Properties
• Setting Account Properties
• Specifying Logon Options
• Copying Domain User Accounts
• Creating User Account Templates

15
Setting Personal Properties

• Add Personal Information About Users As Stored in
  Active Directory
• Use Personal Properties to Search Active Directory

Active Directory
16
Setting Account Properties
Use 01 Properties
Remote control
Terminal Services Profile
Member Of
Dial-in
Environment
Sessions
General
Address
Account
Profile
Organization
Telephones
User logon name
_at_nwtraders.msft
User01
User logon name (pre-Windows 2000)
NWTRADERS\
Student01
Logon Hours
Log On To
Account is locked out
Account options
User must change password at next logon
User cannot change password
Password never expires
Store password using reversible encryption
Account expires
Never
End of
Wednesday, November 24, 1999
OK
Cancel
Apply
17
Specifying Logon Options
18
Copying Domain User Accounts
19
Creating User Account Templates

• Set Up a User Account as a Template Account
• Create a User Account by Coping the Template
  Account

20
Review

• Introduction to User Accounts
• Guidelines for New User Accounts
• Creating Local User Accounts
• Creating and Configuring Domain User Accounts
• Setting Properties for Domain User Accounts