70-270:%20MCSE%20Guide%20to%20Microsoft%20Windows%20XP%20Professional%20%20Chapter%205:%20Users,%20Groups,%20Profiles,%20and%20Policies - PowerPoint PPT Presentation

About This Presentation
Title:

70-270:%20MCSE%20Guide%20to%20Microsoft%20Windows%20XP%20Professional%20%20Chapter%205:%20Users,%20Groups,%20Profiles,%20and%20Policies

Description:

List of user accounts with icons. Fast User Switching, Switch users without logoff ... Change the system time. Load and unload device drivers. Profile single process ... – PowerPoint PPT presentation

Number of Views:158
Avg rating:3.0/5.0

less

Transcript and Presenter's Notes

Title: 70-270:%20MCSE%20Guide%20to%20Microsoft%20Windows%20XP%20Professional%20%20Chapter%205:%20Users,%20Groups,%20Profiles,%20and%20Policies


1
70-270 MCSE Guide to Microsoft Windows XP
Professional Chapter 5 Users, Groups,
Profiles, and Policies
2
Objectives
  • Understand Windows XP Professional user accounts
  • Understand the different types of logons
  • Understand how to log on to Windows XP
  • Understand naming conventions
  • Create and manage local user accounts
  • Planning groups and system groups

3
Objectives (continue)
  • Work with Windows XP as a domain client
  • Create user profiles
  • Work with group policies
  • Troubleshoot cached credentials
  • Understand the Files and Settings Transfer Wizard
    and the User State Migration Tool (USMT)

4
Windows XP Professional User Accounts
  • Designed for use as a network client for
  • Windows NT
  • Windows 2000
  • Windows Server 2003
  • Member of a workgroup
  • Standalone operating system

5
Types of Windows XP Professional User Accounts
  • Local user account
  • Exists on a single computer
  • No domain access
  • Domain user account
  • Exists throughout a domain
  • Can be used on any domain member computer

6
How Accounts Interact with a Windows XP
Professional System
  • Standalone system, automatic logon
  • Standalone system
  • Workgroup member
  • Domain network client

7
Supporting More Than One User
  • Multiple-user systems
  • Implemented through
  • Groups
  • Resources
  • Policies
  • Profiles

8
Types of Logon
  • Logon authentication has two purposes
  • Maintain security
  • Track computer usage

9
Windows Welcome Logon Method
  • Completely new logon method
  • Designed for use on standalone or workgroup
    member systems
  • List of user accounts with icons
  • Fast User Switching,
  • Switch users without logoff

10
Classic Logon Method
  • Press CtrlAltDelete to access WinLogon security
    dialog box
  • Required for domain member systems

11
Logging On to Windows XP
  • XP automatically creates accounts
  • Administrator
  • Guest

12
Administrator
  • Most powerful user account possible
  • Unlimited access and unrestricted privileges
  • Must be protected from misuse
  • Complicated password should be used
  • Should rename this account

13
Administrator (continued)
  • Characteristics
  • Cannot be deleted
  • Cannot be locked out
  • Can be disabled
  • Can have a blank password (however, this is not
    recommended)
  • Can be renamed (which is recommended)
  • Cannot be removed from the Administrators local
    group

14
Guest
  • One of the least privileged user accounts
  • Limited access to resources and computer
    activities
  • Should rename account
  • Member of the Everyone group
  • Recommended to leave the Guest account disabled

15
Guest (continued)
  • Characteristics
  • Cannot be deleted
  • Can be locked out
  • Can be disabled (it is disabled by default)
  • Can have a blank password (it is blank by
    default)
  • Can be renamed (which is recommended)
  • Can be removed from the Guests local group

16
Naming Conventions
  • Predetermined process for creating names on
    network or standalone system
  • Should incorporate a scheme for
  • User accounts
  • Computers
  • Directories
  • Network shares
  • Printers
  • Servers

17
Managing Local User Accounts
  • Two types
  • Local representations of domain/network user
    accounts
  • Created from scratch locally
  • User Accounts applet
  • Used to create local representation
  • Local Users and Groups snap-in
  • Used to create accounts from scratch

18
User Accounts Applet
  • Users tab
  • Lists active users
  • Add New User wizard to add users
  • Advanced tab
  • Access to
  • Password and passport management
  • Advanced user management
  • Secure logon settings

19
Local Users and Groups
  • Create and manage local users
  • Console tree nodes
  • Users
  • Groups

20
Planning Groups and System Groups
  • Plan how to manage groups
  • Pair groups with resources for administrative
    control
  • Ongoing administrative task
  • Adding and removing users from groups

21
Working with Groups Youve Made
  • Must have a Windows NT, 2000, or Server 2003 in
    client/server environment
  • Resource
  • Has local groups assigned to it
  • Global user groups
  • Assigned to local resource groups
  • Users
  • Assigned to global groups

22
Assigning users access to resources using groups
23
Working with Default Groups
  • Administrators
  • Backup Operators
  • Guests
  • Network Configuration Operators
  • Power Users

24
Working with Default Groups (continued)
  • Remote Desktop Users
  • Replicator
  • Users
  • HelpServicesGroup

25
Working with System Groups and Other Important
Groups
  • Built-in system-controlled groups
  • Preexisting groups
  • Cannot be edited
  • Used by system to control or place restrictions
    on specific groups of users based on activities

26
Windows XP as a Domain Client
  • Can serve as a client to an Active Directory
    domain
  • Centralized control of user accounts and overall
    security
  • Resources centrally located
  • Management of access easier than a workgroup
    network

27
Adding a System as a Domain Client
  • Add a Windows XP Professional system as a client
    in domain network
  • Administrator creates computer account in the
    domain
  • Computer account in the domain is generated from
    the client
  • Remove a client from a domain
  • Join a workgroup

28
Controlling a Domain Client
  • Domain enforces control using group policy
    objects (GPOs)
  • GPOs
  • Registry templates
  • Forced onto a system each time it starts or each
    time a user logs on
  • Domain-level version of the local security policy

29
Access to Systems and Resources by a Domain Client
  • Only members of domain can access systems and
    resources within domain
  • Resources accessed through My Network Places

30
Group Types assigned by a Domain Client
  • Administrators
  • Backup Operators
  • Guests
  • HelpServicesGroup
  • Network Configuration Operators

31
Group Types assigned by a Domain Client
(continued)
  • Power Users
  • Remote Desktop Users
  • Replicator
  • Users

32
Active Directory Domain Containers
  • Active Directory domain containers
  • Logical
  • Domain
  • Organizational Unit (OU)
  • Physical
  • Site

33
User Profiles
  • Collection of desktop and environmental
    configurations
  • Computer maintains profile for each user
  • Material such as
  • Application data
  • My Documents
  • Cookies
  • Etc.

34
Local Profiles
  • Set of specifications and preferences
  • For an individual user
  • Stored on local machine
  • Reside in the username subdirectory beneath the
    \Documents and Settings directory
  • Set up by example
  • Saved on logout

35
Roaming Profiles
  • Resides on a network server
  • Automatically downloaded to any system when user
    logs on
  • Default path designation
  • \\computername\username

36
Application of Group Policies
  • Several security and access controls
  • Group policies (GPOs) can be defined for
  • Domain
  • Sites
  • Organizational units (OUs)
  • Local computer group policy managed from a
    Windows XP Professional system
  • Policies applied in order
  • LSDOU (local, site, domain, organizational unit)

37
Password Policy
  • Defines the restrictions on passwords
  • Includes password age, length, etc.

38
Account Lockout Policy
  • Conditions that result when a user account is
    locked out
  • Used to prevent brute force attacks against user
    accounts
  • Items
  • Account lockout threshold
  • Account lockout duration
  • Reset account lockout counter after

39
Audit Policy
  • Defines events recorded in Security log of Event
    Viewer
  • Used to track resource usage
  • Items (not full list)
  • Audit directory service access
  • Audit logon events
  • Audit account logon events
  • Audit system events

40
User Rights Assignment
  • Defines which groups or users can perform the
    specific privileged action
  • Items (not full list)
  • Access this computer from the network
  • Back up files and directories
  • Change the system time
  • Load and unload device drivers
  • Profile single process
  • Shut down the system

41
Security Options
  • Controls various security features, functions,
    and controls of environment
  • Items (not full list)
  • Accounts
  • Devices
  • Domain member
  • Microsoft network server

42
Group Policies
  • Domain-level version of the local security policy
  • Two primary divisions
  • Computer Configuration
  • User Configuration

43
Troubleshooting Cached Credentials
  • Automatically caches users credentials in the
    Registry
  • When domain logon or .NET Passport logon is
    performed
  • Can be disabled
  • Enable the group policy setting of Interactive
    logon
  • Set the cachedlogonscount Registry value to 0

44
Files and Settings Transfer Wizard
  • Move data files and personal desktop settings
    from another computer to new Windows XP
    Professional system
  • Must have some sort of network connection between
    the two systems
  • Transfer files from Windows 95, 98, SE, Me, NT,
    2000, or XP systems
  • Transfer process can take considerable time

45
User State Migration Tool (USMT)
  • Supports migration to user data from Windows 9x,
    Windows NT Workstation 4.0, and Windows 2000
    Professional to a Windows XP Professional system
  • Able to transfer the same files and settings that
    the Files and Settings Transfer Wizard can
  • Fully configurable and scriptable

46
User State Migration Tool (USMT) (continued)
  • Two command-line utilities
  • ScanState
  • LoadState
  • Read instructions and control parameters from INF
    files
  • ScanState
  • Used to create a backup of the user data
  • LoadState
  • Used to copy the data onto new target system

47
Summary
  • Three types of users
  • Locally created users
  • Imported users
  • Domain users
  • Users are collected into groups
  • Simplifies management and grant access or
    privileges
  • There are two built-in users, Administrator and
    Guest, and several built-in groups
  • Profiles can be local or roaming

48
Summary (continued)
  • Group policies are domain-level versions of the
    local security policy.
  • The Files and Settings Transfer Wizard
  • Used to move data files and personal desktop
    settings from one system to another.
  • The User State Migration Tool
  • Used for enterprise migrations
Write a Comment
User Comments (0)
About PowerShow.com