2. Overview
Introduction to User Accounts
Requirements for New User Accounts
Creating a Domain User Account
Setting Password Requirements
Setting Properties for User Accounts
Best Practices
3. Introduction to User Accounts
Domain User Accounts
Local User Accounts
Built-in User Accounts
4. Domain User Accounts
Provides Access to Network Resources
Created on a Domain Controller
Dom
ai
Use n
Acc r
oun
Domain Controller t Active Directory
Domain Network Resources
Domain User Access
5. Local User Accounts
Provides Access to Resources on the Local Computer
Create Only on Computers That Are Not in a Domain
Created in the Local Security Database
Local
User
Account
Local Security
Database
Local User
6. Built-in User Accounts
Administrator Manages:
User accounts and groups
Security policies
File and print resources
Guest Disabled by Default
Used for Occasional Access
Limited Access to Resources
7. Requirements for New User Accounts
Naming Conventions
Secure Password
Account Options to Set
8. Naming Conventions
User Logon Names and Full Names Must Be Unique
Domain user accounts must be unique to Active Directory
Local user accounts must be unique on the computer
User Logon Names Can Contain up to 20 Characters
Consider a Naming Convention That:
Accommodates duplicate employee names
Identifies temporary employees
9. Secure Password
Assign a Password for the Administrator Account
Determine Who Has Control Over Passwords
Educate Users on How to Use Passwords
Avoid obvious associations, such as a family name
Use long passwords
Use a combination of uppercase and lowercase
characters
10. Account Options to Set
Set Logon Hours to Users’ Work Hours
Specify the Computers from Which a User Can Log On
Domain users can log on at any computer in the domain,
by default
Restrict domain users to specific computers to increase
security
Determine Whether a User Account Should Expire
11. Creating a Domain User Account
dsa - [Active Directory Users and Computers]
Console Window Help
Active View
Active Directory Delegate control…
nwtraders Find…. Create New Object (User)
Accounts
Builtin New
Computers New Create in: nwtraders.msft/Users
Information All Tasks
Users View
New Window from Here name:
First Judy
Last name: Lew
Refresh
Export List… Name: Judy Lew
User logon name:
Properties
judy1 @nwtraders.msft
Help Downlevel logon name:
NWTRADERS
< Back Next > Cancel
12. Setting Password Requirements
Create New Object (User)
Create in: nwtraders.msft/Users
Password: ********
Confirm Password: ********
User must change password at next logon
User cannot change password
Password never expires
Account disabled
< Back Next > Cancel
13. Setting Properties for User Accounts
Setting Personal Properties
Setting Account Properties
Setting Logon Hours
Setting the Computers from Which Users Can Log On
Configuring Dial-up Settings
14. Setting Personal Properties
Add Personal Information About
Active Directory
Users
Use Personal Properties to Search
Active Directory
Amy Jones Properties
Telephone/Notes Organization Member Of
General Address Account General
15. Setting Account Properties
Judy Lew Properties
Judy Lew User Telephone/Notes Organization Member Of Dial-in
User Two User General Address Account Profile
User Three
User Four User logon name:1
User Five Judyl nwtraders.msft
User SixAdd members to a Group... Downlevel logon name:
Disable Account
NWTRADERS
Reset Password…
Move… Logon Hours... Logon To...
Open home page
Send mail Account locked out
Account options:
All Tasks
User must change password at next logon
Delete
User cannot change password
Rename
Password never expires
Refresh
Save password as encrypted clear text
Properties
Properties Account expires
Never
Help End of: Saturday , May 01, 1999
OK Cancel Apply
17. Setting the Computers from Which Users Can Log On
Judy Lew - Logon Workstations ?
User may log on to all workstations Default
User may log on to these workstations:
Enter the computer’s NetBIOS name:
Brisbane Add
Perth Remove
Change
Note: the NetBIOS protocol is needed for this feature.
Close Cancel
18. Configuring Dial-up Settings
User1 Properties
General Address Account Profile Telephones/Notes Organization
Member Of Dial-in Environment Timeouts
Remote Access Permission (Dial-in or VPN)
Allow access
Deny access
User Can Work Control access through Remote Access Policy
Remotely by
Setup Verify Caller-ID:
Using Dial-Up Callback Options
Connections No Callback
Set by Caller (RAS only)
Always Callback to:
Assign Static IP Address
Apply Static Routes
Define routes to enable for this Dial-in
Static Routes...
connection.
OK Cancel Apply
19. Best Practices
Rename the Administrator Account
Create a User Account with Administrative Rights
Create a User Account for Non-Administrative Tasks
Enable the Guest Account Only in Low Security Networks
Create Random Initial Passwords
Require New Users to Change Their Passwords
Set Account Expiration Dates for Temporary Employees
20. Review
Introduction to User Accounts
Requirements for New User Accounts
Creating a Domain User Account
Setting Password Requirements
Setting Properties for User Accounts
Best Practices