Get documents about "Server Profile Template - PowerPoint
Description
Server Profile Template document sample
Document Sample
Windows Server 2003
使用者及電腦帳號管理
林寶森
jeffl@ms11.hinet.net
Introduction to User Accounts
Local User Accounts
Enable users to log on and access resources on a
specific computer
Reside in SAM
Domain User Accounts
Enable users to log on to the domain to gain access to
network resources
Reside in Active Directory
Built-in User Accounts
Enable users to perform administrative tasks or gain
temporary access to network resources
Administrator Reside in SAM (local built-in user accounts)
and Guest Reside in Active Directory (domain built-in user
accounts)
Creating Local User Accounts
New User
User name: JYoung
Full name: Jonathan Young
Description:
Password: **********
Confirm: **********
User must change password at next logon
User cannot change password
Password never expires
Account is disabled
Create Close
Creating Domain User Accounts
New Object - User
New Object - (User)
Create in: nwtraders.msft/Users
Create in: samerica1.nwtraders.msft/Ohio
Password: ********
First name:
Confirm Password: ********
Last name:
Full name:
User must change password at next logon
User logon name: User cannot change password
@ samerica1.nwtraders.msft
Password never expires
User logon name (pre-Windows 2000):
Account is disabled
SAMER\
<Back Next> Cancel
< Back Next > Cancel
Introduction to User Logon Names
• User Principal Name suzanf@contoso.msft
– The suffix defaults to the
name of the root domain, Prefix @ Suffix
but it can be changed and
others added
• User Logon Name (Pre-Windows 2000)
– A user selects the domain
when logging on contoso suzanf
• User Logon Name Uniqueness Rules
domain + user name
– Full name must be unique within the container
– User principal name is unique within the forest
– User logon name (pre-Windows 2000) is unique within the
domain
Creating a User Principal Name Suffix
Active Directory Domains and Trusts
Action View
Active Directory Domains and Trusts Properties
Tree Name Type
UPN Suffixes
contoso.msft domain.DNS
Active Directory Domains and Trusts
nwtraders.msft domain.DNS
The names of the current domain and the root domain
contoso.msft
Connect to Domain Controller…
nwtraders.msft are the default user principal name (UPN) suffixes.
Operations Master…
Adding alternative domain names provides additional
View logon security and simplifies user logon names.
Refresh
If you want alternative UPN suffixes to appear during
Export List…
user creation, add them to the following list.
Properties
Alternative UPN suffixes:
Help
contoso.msft Add
Remove
Opens property sheet for the current selection.
Add New Suffixes
OK Cancel Apply
Names Associated with Domain
User Accounts
Name Example
User logon name Jayadams
Pre-Windows 2000
Nwtraders\jayadams
logon name
User principal
Jayadams@nwtraders.msft
logon name
LDAP relative CN=jayadams,CN=users,
distinguished name dc=nwtraders,dc=msft
Setting Personal Properties
• Add Personal Information
About Users As Stored in Active Directory
Active Directory
• Use Personal Properties to
Search Active Directory
Student 01 Properties
Remote control Terminal Services Profile
Member Of Dial-in Environment Sessions
General Address Account Profile Telephones Organization
User01
When to Reset User Passwords
• Reset a password when a user forgets his
or her password
• After resetting a password, a user can no
longer access some types of information,
including:
– E-mail that is encrypted with the user’s public key
– Internet passwords that are saved on the computer
– Files that the user has encrypted
What Is a User Account Template?
• A user account template is a user account that
contains the properties that apply to users with
common requirements
• User account templates make creating user
accounts with standardized configurations more
efficient
User Account
Template
Creating User Account Templates
Active Directory Users and Computers
Console Window Help
Action View
Tree Users 28 objects
Active Directory Users and Compu Name Type Description
nwtraders.msft _Sales Template User Copy…
Builtin Administrator Add members to a group… ount f
Casablanca Cert Publishers Copy certifi
Enable AccountObject - User
Computers admi
DHCP Administrators Reset Password… o hav ions
Denver OU DHCP Users o hav
Domain Controllers Move… ontro
DnsAdmins Open home page Create in:strato
nwtraders.msft/Users
uest
ForeignSecurityPrincipals DnsUpdateProxy who
Portland Send mail aser
Domain Admins admi
Seattle Domain Computers All Tasks First name:
StudentOU sales Initials:
Domain Controllers
Tunis Domain Guests Delete user1
Last name:
Users Rename
Vancouver OU Domain Users
Enterprise Admins Refresh Full name: sales user1
Group 01 Properties
User logon name:
Creates a new user, copying information from the selected user. Help
salesuser1 @nwtraders.msft
User logon name (pre-Windows 2000):
• Set Up a User Account as a
NWTRADERS\ salesuser1
Template Account
• Create a User Account by
Coping the Template Account < Back Next > Cancel
Guidelines for Creating User
Account Templates
Create a separate classification for
each department
Create a separate group for short-term
and temporary employees
Set user account expiration dates for
short-term and temporary employees
Disable the account template
Identify the account template
Customizing User Settings with User Profiles
• Default User Profile
Display – Serves as the bases for all
user profiles
• Local User Profile
Regional User – Created the First Time a
Modify Settings Save Profile
User Logs on to a Computer
– Stored on a Computer's Local
Hard Disk
Mouse
Sounds Profile Windows 2000
Roaming User Profile Profile Professional
Server
Created by the System Display
Administrator
Stored on a server Regional Windows XP
Settings Professional
Mandatory User Profile
Created by the System Mouse
Administrator Windows Server
2003
Stored on a server
Sounds
Best Practices
Rename the Administrator Account
Create a User Account with Administrative Rights
Create a User Account for Non-Administrative Tasks
Enable the Guest Account Only in Low Security Networks
Create Random Initial Passwords
Require New Users to Change Their Passwords
Set Account Expiration Dates for Temporary Employees
What Is a Computer Account?
• Identifies a computer in a domain
• Provides a means for authenticating and auditing
computer access to the network and to domain
resources
• Is required for every computer running:
– Windows Server 2003
– Windows XP Professional
– Windows 2000
– Windows NT
Where Computer Accounts Are
Created in a Domain
Computers that join a domain are
created in the Computers container
Computer accounts can be moved to
or created in other organizational units
Creating Computer Accounts
When to Reset Computer Accounts
Reset computer accounts
when:
– Computers fail to
authenticate to the domain
– Passwords need to be
synchronized
Tools for Creating and Managing Accounts
Active Directory Directory Service Tools
Users and Computers
Dsadd
Dsmod
Dsrm
Csvde and Ldifde Tools Windows Script Host
Locating Accounts
Search entire Active Directory,
a specific domain, or an OU
Find Users, Contacts, and Groups
File Edit View Help
Find: Users, Contacts, and Groups In: Entire Directory Browse...
Entire Directory
Users, Contacts, and Groups Advanced
contoso
Find Now
Field Accounting
Stop
Clear All
Add Remove
Select attributes from above to this list> Specify value of
<Add criteria Set condition
for searching the attribute
Administer user accounts
Name Type in the results box
Description
Joe Pak User
Don Hall User
Anne Paper User
31 item(s) found
What Is a Saved Query?
Related docs
Other docs by rmk19014
