Class 10: Users, Groups, Profiles, and Policies - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Class 10: Users, Groups, Profiles, and Policies

Description:

Add a Windows XP Professional system as a client in domain network: ... Automatically caches user's credentials in the Registry ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 26
Provided by: Owne1064
Category:

less

Transcript and Presenter's Notes

Title: Class 10: Users, Groups, Profiles, and Policies


1
Class 10 Users, Groups, Profiles, and Policies
2
Objectives
  • Create user profiles
  • Work with group policies
  • Troubleshoot cached credentials
  • Understand the Files and Settings Transfer Wizard
    and the User State Migration Tool (USMT)

3
Windows XP as a Domain Client
  • Can serve as a client to an Active Directory
    domain
  • Centralized control of user accounts and overall
    security
  • Resources centrally located
  • Management of access easier than a workgroup
    network

4
Adding a System as a Domain Client
  • Add a Windows XP Professional system as a client
    in domain network
  • Administrator creates computer account in the
    domain
  • Computer account in the domain is generated from
    the client
  • Remove a client from a domain
  • Join a workgroup

5
Controlling a Domain Client
  • Domain enforces control using group policy
    objects (GPOs)
  • GPOs
  • Registry templates
  • Forced onto a system each time it starts or each
    time a user logs on
  • Domain-level version of the local security policy

6
Access to Systems and Resources by a Domain Client
  • Only members of domain can access systems and
    resources within domain
  • Resources accessed through My Network Places

7
Group Types assigned by a Domain Client
  • Administrators
  • Backup Operators
  • Guests
  • HelpServicesGroup
  • Network Configuration Operators

8
Group Types assigned by a Domain Client
(continued)
  • Power Users
  • Remote Desktop Users
  • Replicator
  • Users

9
Active Directory Domain Containers
  • Active Directory domain containers
  • Logical
  • Domain
  • Organizational Unit (OU)
  • Physical
  • Site

10
User Profiles
  • Collection of desktop and environmental
    configurations
  • Computer maintains profile for each user
  • Material such as
  • Application data
  • My Documents
  • Cookies
  • Etc.

11
Local Profiles
  • Set of specifications and preferences
  • For an individual user
  • Stored on local machine
  • Reside in the username subdirectory beneath the
    \Documents and Settings directory
  • Set up by example
  • Saved on logout

12
Roaming Profiles
  • Resides on a network server
  • Automatically downloaded to any system when user
    logs on
  • Default path designation
  • \\computername\username

13
Application of Group Policies
  • Several security and access controls
  • Group policies (GPOs) can be defined for
  • Domain
  • Sites
  • Organizational units (OUs)
  • Local computer group policy managed from a
    Windows XP Professional system
  • Policies applied in order
  • LSDOU (local, site, domain, organizational unit)

14
Password Policy
  • Defines the restrictions on passwords
  • Includes password age, length, etc.

15
Account Lockout Policy
  • Conditions that result when a user account is
    locked out
  • Used to prevent brute force attacks against user
    accounts
  • Items
  • Account lockout threshold
  • Account lockout duration
  • Reset account lockout counter after

16
Audit Policy
  • Defines events recorded in Security log of Event
    Viewer
  • Used to track resource usage
  • Items (not full list)
  • Audit directory service access
  • Audit logon events
  • Audit account logon events
  • Audit system events

17
User Rights Assignment
  • Defines which groups or users can perform the
    specific privileged action
  • Items (not full list)
  • Access this computer from the network
  • Back up files and directories
  • Change the system time
  • Load and unload device drivers
  • Profile single process
  • Shut down the system

18
Security Options
  • Controls various security features, functions,
    and controls of environment
  • Items (not full list)
  • Accounts
  • Devices
  • Domain member
  • Microsoft network server

19
Group Policies
  • Domain-level version of the local security policy
  • Two primary divisions
  • Computer Configuration
  • User Configuration

20
Troubleshooting Cached Credentials
  • Automatically caches users credentials in the
    Registry
  • When domain logon or .NET Passport logon is
    performed
  • Can be disabled
  • Enable the group policy setting of Interactive
    logon
  • Set the cachedlogonscount Registry value to 0

21
Files and Settings Transfer Wizard
  • Move data files and personal desktop settings
    from another computer to new Windows XP
    Professional system
  • Must have some sort of network connection between
    the two systems
  • Transfer files from Windows 95, 98, SE, Me, NT,
    2000, or XP systems
  • Transfer process can take considerable time

22
User State Migration Tool (USMT)
  • Supports migration to user data from Windows 9x,
    Windows NT Workstation 4.0, and Windows 2000
    Professional to a Windows XP Professional system
  • Able to transfer the same files and settings that
    the Files and Settings Transfer Wizard can
  • Fully configurable and scriptable

23
User State Migration Tool (USMT) (continued)
  • Two command-line utilities
  • ScanState
  • LoadState
  • Read instructions and control parameters from INF
    files
  • ScanState
  • Used to create a backup of the user data
  • LoadState
  • Used to copy the data onto new target system

24
Summary
  • Three types of users
  • Locally created users
  • Imported users
  • Domain users
  • Users are collected into groups
  • Simplifies management and grant access or
    privileges
  • There are two built-in users, Administrator and
    Guest, and several built-in groups
  • Profiles can be local or roaming

25
Summary (continued)
  • Group policies are domain-level versions of the
    local security policy.
  • The Files and Settings Transfer Wizard
  • Used to move data files and personal desktop
    settings from one system to another.
  • The User State Migration Tool
  • Used for enterprise migrations
Write a Comment
User Comments (0)
About PowerShow.com