Embed Size (px)
Citation preview
11
MANAGING USERS AND GROUPS
Chapter 13
Chapter 13: MANAGING USERS AND GROUPS 2
OVERVIEW
Configure and manage user accounts
Manage user account properties
Manage user and group rights
Configure user account policy
Manage and troubleshoot cached credentials
Chapter 13: MANAGING USERS AND GROUPS 3
USER ACCOUNTS
Identify users to the system and to each other
Used to grant access to resources
Collect information about users
Chapter 13: MANAGING USERS AND GROUPS 4
GROUPS
Collections of user accounts
Simplify access to resources
Can be used for security and messaging (Active Directory)
Chapter 13: MANAGING USERS AND GROUPS 5
BUILT-IN USER ACCOUNTS
Configured during setup
Used for administration or guest access
Can be renamed but not deleted
Chapter 13: MANAGING USERS AND GROUPS 6
BUILT-IN GROUPS
Created during setup
Designed for specific use or administrative roles
User accounts can be added as members
Built-in user accounts cannot be removed
Chapter 13: MANAGING USERS AND GROUPS 7
IMPLICIT GROUPS
Membership can change dynamically
Do not appear in user administration tools
Used to grant permissions based on circumstances
Chapter 13: MANAGING USERS AND GROUPS 8
SERVICE ACCOUNTS
Grant services access to system resources
Include built-in and user-defined accounts
Require special accommodations
Chapter 13: MANAGING USERS AND GROUPS 9
DOMAIN ACCOUNTS AND GROUPS
Include built-in and user-defined accounts and groups
Provide logon and resource access to local system
Can be placed into local groups
Chapter 13: MANAGING USERS AND GROUPS 10
LOCAL USERS AND GROUPS
Chapter 13: MANAGING USERS AND GROUPS 11
CONTROL PANEL USER ACCOUNTS
Chapter 13: MANAGING USERS AND GROUPS 12
ACTIVE DIRECTORY USERS AND COMPUTERS
Chapter 13: MANAGING USERS AND GROUPS 13
MANAGING USERS WITH NET.EXE
Chapter 13: MANAGING USERS AND GROUPS 14
PLANNING USERS AND GROUPS
Chapter 13: MANAGING USERS AND GROUPS 15
USER ACCOUNT NAMING CONVENTIONS
Chapter 13: MANAGING USERS AND GROUPS 16
PASSWORD COMPLEXITY
Create passphrases
Use uppercase, lowercase, and nonalphanumeric characters
Consider enforcing complexity with Group Policy
Chapter 13: MANAGING USERS AND GROUPS 17
CHANGING HOW USERS LOG ON OR LOG OFF
Chapter 13: MANAGING USERS AND GROUPS 18
MANAGING USERS WITH LOCAL USERS AND GROUPS
Chapter 13: MANAGING USERS AND GROUPS 19
MANAGING GROUPS WITH LOCAL USERS AND GROUPS
Chapter 13: MANAGING USERS AND GROUPS 20
MANAGING GROUPS WITH NET.EXE
Chapter 13: MANAGING USERS AND GROUPS 21
MANAGING USERS WITH USER ACCOUNTS
Chapter 13: MANAGING USERS AND GROUPS 22
USER MANAGEMENT BEST PRACTICES
Give administrators a limited account for nonadministrative use
Limit the number of users in the Administrators group
Rename or disable the Administrator account
Rename and leave the Guest account disabled
Observe the principle of least privilege
Chapter 13: MANAGING USERS AND GROUPS 23
MANAGING USER RIGHTS ASSIGNMENTS
Chapter 13: MANAGING USERS AND GROUPS 24
MANAGING PASSWORD POLICY
Chapter 13: MANAGING USERS AND GROUPS 25
MANAGING ACCOUNT LOCKOUT POLICY
Chapter 13: MANAGING USERS AND GROUPS 26
CACHED CREDENTIALS
Cache users’ logon information for offline authentication
User must log on to the domain at least once
Can be disabled to force logons to use domain
Chapter 13: MANAGING USERS AND GROUPS 27
MANAGING CACHED CREDENTIALS
Chapter 13: MANAGING USERS AND GROUPS 28
TROUBLESHOOTING CACHED CREDENTIALS
Cached credentials are out of date
User does not have credentials cached
Cached credentials are disabled on a notebook computer
Chapter 13: MANAGING USERS AND GROUPS 29
SUMMARY
User accounts help manage resource access.
User groups simplify administration.
Naming conventions uniquely identify users.
Complex passwords strengthen security.
Cached credentials allow access when the domain is unavailable.
