DIT314 ~ Client Operating System & Administration

CHAPTER 5MANAGING USER ACCOUNTS AND

GROUPS

Prepared By : Suraya Alias

5.1 Introduction to user accounts

What is a User Accounts? A profile that defines user rights, customization and

settings Allow a person to log on to the computer/network Also determine the ability for a person to perform certain

task on the computer

User Accounts properties;

1. Access right

2. Desktop layout

3. Individual user favorites and history

4. Use of a private “my documents” folder

5.2 Types of User Accounts

Windows XP uses 3 types of user accounts1. Local User Account2. Built-in User Account3. Domain User Account

5.2.1 Local User Account Allows user to log on a specific computer in order to use it The user’s information is stored locally and verified during the

login process So, you can only login to the pc where your user account has been

created because it will not be replicated to another pc When you create a local user accounts, windows XP creates a

local security database in the same computer The local security database is used to verify (authenticate) the user

during the log on process

5.2.1 Local User Accounts

Properties of Local User Account Provide access to resources

on the local computer Created in the computer not

in a domain Created in the local security

database

Example : Right click My Computer ->

Manage Right click Users Folder ->

New User Fill in the forms of username,

full name, description and password, confirm password

Select check box options ->Click Create button

Options that are available when creating a local user account

1. User must change password at next logon This option is selected by default Meaning the user can specify their own password when they login for the first

time2. User cannot change Password

If the box is checked, the user has no rights to change his password, only the administrator can change it

However this option is not available if the first checkbox is checked3. Password never expires

Select this box if you want to remain with the same password for a long time. This option is not available if you check the first box

4. Account is disabled Select this box if you want to block any user

5.2.1 Local User Accounts

There are 3 types of built-in user accounts in Windows XP :

1. Administrator User Account Can install software and hardware Can create, modify and delete user accounts Have full access of all files and programs Can create/change passwords for all user accounts Can modify names, pictures and account types of all users Have full access of system software and hardware

2. Limited User Account Can access already installed software Can modify own user account with exception of account name or type Cannot install software and hardware Can create files in Shared Document folder Can change desktop themes, wallpaper and screensaver

3. Guest User Account Cannot install software and hardware Cannot modify guest account and profile The account is disable by default

5.2.2 Built-In User Accounts

5.2.3 Domain User Accounts

Domain user account allow you to log on the domain and access the computer anywhere in the network

During logon the username, password and domain name is checked by the domain controller.

Domain controller is a server machine where all domain user’s info is stored.

Domain user

Domain ControllerDomain User Account

Active Directory- Microsoft’s directorydatabase for windows 2000 network

What a Domain User Account can do ?

1) Provide access to network resources2) Provide access to server (domain controller) and its resources3) Allowed to access any resources on other computers which are part of that domain

5.3 User Profile

When you create an account, windows machine will create a profile that is a User Profile

This user profile contains all the information the computer needs to personalize the computer

The profile contains your desktop icon, shortcuts, personalized start menu and folders.

NTUSER.DAT file in the Windows Registry stores critical information such as network settings, network printer definition and desktop setting.

When you login, the file is read and Windows will set your environment accordingly

Some items in the user profile is ; Application data Cookies Desktop

5.4 Groups

Every local user accounts belongs to 1 or >1 user groups

Properties of a Group Groups are collection of user accounts Members of same group have similar permission and

rights A single user can be a member of multiple group Groups, itself can become member of other groups Groups help in controlling and managing computer

resources over a network Windows XP has 4 primary user groups

1. Administrator 3. Users 2. Power Users 4. Guest

5.4 Groups Administrator group

Is the most powerful group of all, have the ability to change their own permission and others

Rights1. Can install the OS and component2. Install service packs and windows

pack3. Upgrade and repair the Operating

system4. Configure critical OS parameter5. Take ownership of files that has

become inaccessible6. Manage the security and auditing

logs7. Back up and restore system

Power User Groups Have more permission than

user group, less than Administrator group

Can perform any task except the Admin task (cannot modify any properties of Admin group)

Rights1. Run already installed application2. Install programs that do not modify

OS files and system files3. Customize printers, date time etc4. Create and manage local user

accounts and groups5. Stop and start service

5.4 Groups Users group

Is the most secure because they do not have the permission to modify OS and other user’s data

Rights1. User cannot modify system wide

registry, OS Files and system files

2. Can shut down workstation not servers

3. Can create local group and only can manage the created group

4. Can run installed programs5. Have full control of own files

Guest Groups Guest account is the member

of Guest group The guest groups are intended

for those users who have no user account on the pc

Rights1. Cannot install software and

hardware, but can use it2. Cannot change the properties of

guest account3. Cannot change picture

5.4 Create Group

Example; Right click My Computer -> Manage Right click Groups Folder -> New Group Fill in the group name (Marketing) and

description -> create group Find the new user -> Add to the Sales group