ch05.ppt by wangnianwu

VIEWS: 0 PAGES: 30

									  Windows XP Professional User
           Accounts
• Designed for use as a network client for:
   • Windows NT
   • Windows 2000
   • Windows Server 2003
• Member of a workgroup
• Standalone operating system



                   70-270: MCSE Guide to Microsoft   1
                       Windows XP Professional
       Types of Windows XP
     Professional User Accounts
• Local user account
   • Exists on a single computer
   • No domain access
• Domain user account
   • Exists throughout a domain
   • Can be used on any domain member computer




                     70-270: MCSE Guide to Microsoft   2
                         Windows XP Professional
 How Accounts Interact with a
Windows XP Professional System
•   Standalone system, automatic logon
•   Standalone system
•   Workgroup member
•   Domain network client




                    70-270: MCSE Guide to Microsoft   3
                        Windows XP Professional
Supporting More Than One User
• Multiple-user systems
• Implemented through:
  •   Groups
  •   Resources
  •   Policies
  •   Profiles




                  70-270: MCSE Guide to Microsoft   4
                      Windows XP Professional
               Types of Logon
• Logon authentication has two purposes:
   • Maintain security
   • Track computer usage




                    70-270: MCSE Guide to Microsoft   5
                        Windows XP Professional
      Windows Welcome Logon
             Method
• Completely new logon method
• Designed for use on standalone or workgroup
  member systems
• List of user accounts with icons
• Fast User Switching,
   • Switch users without logoff




                     70-270: MCSE Guide to Microsoft   6
                         Windows XP Professional
        Classic Logon Method

• Press Ctrl+Alt+Delete to access WinLogon security
  dialog box
• Required for domain member systems




                  70-270: MCSE Guide to Microsoft     7
                      Windows XP Professional
    Logging On to Windows XP

• XP automatically creates accounts
   • Administrator
   • Guest




                     70-270: MCSE Guide to Microsoft   8
                         Windows XP Professional
                Administrator
• Most powerful user account possible
• Unlimited access and unrestricted privileges
• Must be protected from misuse
   • Complicated password should be used
   • Should rename this account




                    70-270: MCSE Guide to Microsoft   9
                        Windows XP Professional
       Administrator (continued)
• Characteristics:
   • Cannot be deleted
   • Cannot be locked out
   • Can be disabled
   • Can have a blank password (however, this is not
     recommended)
   • Can be renamed (which is recommended)
   • Cannot be removed from the Administrators local group



                     70-270: MCSE Guide to Microsoft         10
                         Windows XP Professional
                          Guest
•   One of the least privileged user accounts
•   Limited access to resources and computer activities
•   Should rename account
•   Member of the Everyone group
•   Recommended to leave the Guest account disabled




                    70-270: MCSE Guide to Microsoft       11
                        Windows XP Professional
                Guest (continued)
• Characteristics:
   •   Cannot be deleted
   •   Can be locked out
   •   Can be disabled (it is disabled by default)
   •   Can have a blank password (it is blank by default)
   •   Can be renamed (which is recommended)
   •   Can be removed from the Guests local group




                       70-270: MCSE Guide to Microsoft      12
                           Windows XP Professional
            Naming Conventions
• Predetermined process for creating names on network
  or standalone system
• Should incorporate a scheme for:
   •   User accounts
   •   Computers
   •   Directories
   •   Network shares
   •   Printers
   •   Servers

                        70-270: MCSE Guide to Microsoft   13
                            Windows XP Professional
 Managing Local User Accounts
• Two types:
  • Local representations of domain/network user accounts
  • Created from scratch locally
• User Accounts applet
  • Used to create local representation
• Local Users and Groups snap-in
  • Used to create accounts from scratch




                     70-270: MCSE Guide to Microsoft        14
                         Windows XP Professional
          User Accounts Applet
• Users tab
   • Lists active users
   • Add New User wizard to add users
• Advanced tab
   • Access to
      • Password and passport management
      • Advanced user management
      • Secure logon settings




                      70-270: MCSE Guide to Microsoft   15
                          Windows XP Professional
       Local Users and Groups
• Create and manage local users
• Console tree nodes:
   • Users
   • Groups




                  70-270: MCSE Guide to Microsoft   16
                      Windows XP Professional
   Planning Groups and System
             Groups
• Plan how to manage groups
• Pair groups with resources for administrative control
• Ongoing administrative task:
   • Adding and removing users from groups




                    70-270: MCSE Guide to Microsoft       17
                        Windows XP Professional
   Working with Groups You’ve
             Made
• Must have a Windows NT, 2000, or Server 2003 in
  client/server environment
• Resource
   • Has local groups assigned to it
• Global user groups
   • Assigned to local resource groups
• Users
   • Assigned to global groups

                      70-270: MCSE Guide to Microsoft   18
                          Windows XP Professional
Assigning users access to
 resources using groups




       70-270: MCSE Guide to Microsoft   19
           Windows XP Professional
    Working with Default Groups
•   Administrators
•   Backup Operators
•   Guests
•   Network Configuration Operators
•   Power Users




                   70-270: MCSE Guide to Microsoft   20
                       Windows XP Professional
    Working with Default Groups
            (continued)
•   Remote Desktop Users
•   Replicator
•   Users
•   HelpServicesGroup




                  70-270: MCSE Guide to Microsoft   21
                      Windows XP Professional
    Working with System Groups
    and Other Important Groups
•   Built-in system-controlled groups
•   Preexisting groups
•   Cannot be edited
•   Used by system to control or place restrictions on
    specific groups of users based on activities




                     70-270: MCSE Guide to Microsoft     22
                         Windows XP Professional
Windows XP as a Domain Client
• Can serve as a client to an Active Directory domain
• Centralized control of user accounts and overall
  security
• Resources centrally located
• Management of access easier than a workgroup
  network




                   70-270: MCSE Guide to Microsoft      23
                       Windows XP Professional
                    User Profiles
• Collection of desktop and environmental
  configurations
• Computer maintains profile for each user
• Material such as:
   •   Application data
   •   My Documents
   •   Cookies
   •   Etc.



                          70-270: MCSE Guide to Microsoft   24
                              Windows XP Professional
                 Local Profiles
• Set of specifications and preferences
• For an individual user
• Stored on local machine
   • Reside in the %username% subdirectory beneath the
     \Documents and Settings directory
• Set up by example
• Saved on logout



                    70-270: MCSE Guide to Microsoft      25
                        Windows XP Professional
            Roaming Profiles
• Resides on a network server
• Automatically downloaded to any system when user
  logs on
• Default path designation:
  • \\computername\username




                  70-270: MCSE Guide to Microsoft    26
                      Windows XP Professional
        Troubleshooting Cached
             Credentials
• Automatically caches user’s credentials in the
  Registry
   • When domain logon or .NET Passport logon is performed
• Can be disabled:
   • Enable the group policy setting of Interactive logon
   • Set the cachedlogonscount Registry value to 0




                      70-270: MCSE Guide to Microsoft        27
                          Windows XP Professional
     Files and Settings Transfer
               Wizard
• Move data files and personal desktop settings from
  another computer to new Windows XP Professional
  system
• Must have some sort of network connection between
  the two systems
• Transfer files from Windows 95, 98, SE, Me, NT,
  2000, or XP systems
• Transfer process can take considerable time

                  70-270: MCSE Guide to Microsoft      28
                      Windows XP Professional
      User State Migration Tool
               (USMT)
• Supports migration to user data from Windows 9x,
  Windows NT Workstation 4.0, and Windows 2000
  Professional to a Windows XP Professional system
• Able to transfer the same files and settings that the
  Files and Settings Transfer Wizard can
• Fully configurable and scriptable



                    70-270: MCSE Guide to Microsoft       29
                        Windows XP Professional
      User State Migration Tool
        (USMT) (continued)
• Two command-line utilities:
   • ScanState
   • LoadState
   • Read instructions and control parameters from INF files
• ScanState
   • Used to create a backup of the user data
• LoadState
   • Used to copy the data onto new target system

                     70-270: MCSE Guide to Microsoft           30
                         Windows XP Professional

								
To top