DIT314 ~ Client Operating System & Administration
CHAPTER 5MANAGING USER ACCOUNTS AND
GROUPS
Prepared By : Suraya Alias
5.1 Introduction to user accounts
What is a User Accounts? A profile that defines user rights, customization and
settings Allow a person to log on to the computer/network Also determine the ability for a person to perform certain
task on the computer
User Accounts properties;
1. Access right
2. Desktop layout
3. Individual user favorites and history
4. Use of a private “my documents” folder
5.2 Types of User Accounts
Windows XP uses 3 types of user accounts1. Local User Account2. Built-in User Account3. Domain User Account
5.2.1 Local User Account Allows user to log on a specific computer in order to use it The user’s information is stored locally and verified during the
login process So, you can only login to the pc where your user account has been
created because it will not be replicated to another pc When you create a local user accounts, windows XP creates a
local security database in the same computer The local security database is used to verify (authenticate) the user
during the log on process
5.2.1 Local User Accounts
Properties of Local User Account Provide access to resources
on the local computer Created in the computer not
in a domain Created in the local security
database
Example : Right click My Computer ->
Manage Right click Users Folder ->
New User Fill in the forms of username,
full name, description and password, confirm password
Select check box options ->Click Create button
Options that are available when creating a local user account
1. User must change password at next logon This option is selected by default Meaning the user can specify their own password when they login for the first
time2. User cannot change Password
If the box is checked, the user has no rights to change his password, only the administrator can change it
However this option is not available if the first checkbox is checked3. Password never expires
Select this box if you want to remain with the same password for a long time. This option is not available if you check the first box
4. Account is disabled Select this box if you want to block any user
5.2.1 Local User Accounts
There are 3 types of built-in user accounts in Windows XP :
1. Administrator User Account Can install software and hardware Can create, modify and delete user accounts Have full access of all files and programs Can create/change passwords for all user accounts Can modify names, pictures and account types of all users Have full access of system software and hardware
2. Limited User Account Can access already installed software Can modify own user account with exception of account name or type Cannot install software and hardware Can create files in Shared Document folder Can change desktop themes, wallpaper and screensaver
3. Guest User Account Cannot install software and hardware Cannot modify guest account and profile The account is disable by default
5.2.2 Built-In User Accounts
5.2.3 Domain User Accounts
Domain user account allow you to log on the domain and access the computer anywhere in the network
During logon the username, password and domain name is checked by the domain controller.
Domain controller is a server machine where all domain user’s info is stored.
Domain user
Domain ControllerDomain User Account
Active Directory- Microsoft’s directorydatabase for windows 2000 network
What a Domain User Account can do ?
1) Provide access to network resources2) Provide access to server (domain controller) and its resources3) Allowed to access any resources on other computers which are part of that domain
5.3 User Profile
When you create an account, windows machine will create a profile that is a User Profile
This user profile contains all the information the computer needs to personalize the computer
The profile contains your desktop icon, shortcuts, personalized start menu and folders.
NTUSER.DAT file in the Windows Registry stores critical information such as network settings, network printer definition and desktop setting.
When you login, the file is read and Windows will set your environment accordingly
Some items in the user profile is ; Application data Cookies Desktop
5.4 Groups
Every local user accounts belongs to 1 or >1 user groups
Properties of a Group Groups are collection of user accounts Members of same group have similar permission and
rights A single user can be a member of multiple group Groups, itself can become member of other groups Groups help in controlling and managing computer
resources over a network Windows XP has 4 primary user groups
1. Administrator 3. Users 2. Power Users 4. Guest
5.4 Groups Administrator group
Is the most powerful group of all, have the ability to change their own permission and others
Rights1. Can install the OS and component2. Install service packs and windows
pack3. Upgrade and repair the Operating
system4. Configure critical OS parameter5. Take ownership of files that has
become inaccessible6. Manage the security and auditing
logs7. Back up and restore system
Power User Groups Have more permission than
user group, less than Administrator group
Can perform any task except the Admin task (cannot modify any properties of Admin group)
Rights1. Run already installed application2. Install programs that do not modify
OS files and system files3. Customize printers, date time etc4. Create and manage local user
accounts and groups5. Stop and start service
5.4 Groups Users group
Is the most secure because they do not have the permission to modify OS and other user’s data
Rights1. User cannot modify system wide
registry, OS Files and system files
2. Can shut down workstation not servers
3. Can create local group and only can manage the created group
4. Can run installed programs5. Have full control of own files
Guest Groups Guest account is the member
of Guest group The guest groups are intended
for those users who have no user account on the pc
Rights1. Cannot install software and
hardware, but can use it2. Cannot change the properties of
guest account3. Cannot change picture
5.4 Create Group
Example; Right click My Computer -> Manage Right click Groups Folder -> New Group Fill in the group name (Marketing) and
description -> create group Find the new user -> Add to the Sales group
Top Related