1. •Understand why user and groups are
required
•Understand what groups are and how they
are created.
•Know how to make a user account
•Creating users and groups in windows
server
2. Local Users and Groups is a tool you can use
to manage local users and groups in Windows
XP.
Local Users and Groups is an important
security feature because you can limit the
ability of users and groups to perform certain
actions by assigning them rights and
permissions.
3.
4. Users displays the two built-in user
accounts, Administrator and Guest, as well as
any user accounts you create. The built-in
user accounts are created automatically when
you install Windows 2000 or Windows XP.
Administrator account.
Guest account.
5. The Administrator account is the one you use
when you first set up a workstation or member
server. You use this account before you create an
account for yourself.
The Administrator account is a member of the
Administrators group on the workstation or
member server.
The Administrator account can never be
deleted, disabled, or removed from the
Administrators local group, ensuring that you
never lock yourself out of the computer by
6. Administrators Can:
Create, modify, and access local user
accounts
Install new hardware and software
Upgrade the operating system
Back up the system and files
Claim ownership of files that have
become damaged
Do anything a Power User can
7. The Guest account is used by people who do not
have an actual account on the computer. A user
whose account is disabled (but not deleted) can
also use the Guest account. The Guest account
does not require a password. The Guest account
is disabled by default, but you can enable it.
You can set rights and permissions for the Guest
account just like any user account. By default, the
Guest account is a member of the built-in Guests
group, which allows a user to log on to a
workstation or member server. Additional rights,
8. Guests Can:
Log in and out
Run installed applications
Navigate through the file system
Shut down the system
9. To create a new user account
To disable or activate a user account
To change the password for a user
To delete a user account
To modify a user account
To rename a user account
10.
11. A group is a collection of user accounts. Groups
simplify administration
by allowing you to assign permissions and
rights to a group of users rather
Than to each user account individually. In
Microsoft Windows XP
Professional, you will find a number of default
local groups on your system,
which can perform the following default
functions as outlined.
12. Administrators: Members of the
Administrators group have the largest amount
of default permissions and the ability to
change their own permissions.
Backup Operators: Members of the Backup
Operators group can back up and restore files
on the computer, regardless of any
permissions that protect those files. But they
cannot change security settings.
Power Users: Members of the Power Users
group can create user accounts. They can
13. Users: Members of the Users group can
perform most common tasks, such as running
applications, using local and network
printers, and shutting down and locking the
workstation. Users can create local
groups, but can modify only the local groups
that they created.
Guests: The Guests group allows occasional
or one-time users to log on to a workstation's
built-in Guest account and be granted limited
abilities. Members of the Guests group can
also shut down the system on a workstation.
Replicator: Replicator group supports
14. Before modifying any security settings, it is
important to take into consideration the
default settings.
There are three fundamental levels of security
granted to users. These are granted to end
users through membership in the
Users, Power Users, or Administrators
groups.
15. Administrators
Only trusted personnel should be members of
this group.
Install the operating system and components .
Install Service Packs and Windows Packs.
Upgrade & repair the operating system.
Configure critical operating system parameters
(such as password policy, access control, audit
policy, and so on).
•Take ownership of files that have become
inaccessible.
•Manage the security.
16. Power Users
The Power Users group primarily provides
backward compatibility for running non-
certified applications. Members of the Power
Users group have more permissions than
members of the Users group and fewer than
members of the Administrators group.
Install programs that do not modify operating
system files or install system services.
Customize system wide resources including
printers, date, time, power options, and other
Control Panel resources.
Create and manage local user accounts and
groups.
Stop and start system services which are not
17. Users
The Users group is the most secure, because the
default permissions allotted to this group do not
allow members to modify operating system
settings or other users' data.
The Users group provides the most secure
environment in which to run programs. On a
volume formatted with NTFS, the default security
settings on a newly installed system.
Users cannot modify system wide registry
settings, operating system files, or program files.
Users can create local groups, but can manage
only the local groups that they created. They can
run certified Windows XP Professional programs
that have been installed or deployed by
administrators.
18. Backup Operators
o Members of the Backup Operators group can
back up and restore files on
o the computer, regardless of any permissions
that protect those files.
o Backing up and restoring data files and
system files requires permissions to read and
write those files. The same default
permissions granted to Backup Operators that
allow them to back up and restore files also
make it possible for them to use the group's
permissions for other purposes, such as
19. Special Groups
Several additional groups are automatically
created by Windows XP Professional.
Interactive. This group contains the user
who is currently logged on to the computer.
During an upgrade to Windows 2000 or
Windows XP Professional, members of the
Interactive group will also be added to the
Power Users group, so that legacy
applications will continue to function as they
did before the upgrade.
Network. This group contains all users who
are currently accessing the system over the
network.
Terminal Server User. When Terminal Servers
20. To create a new local group
To add a member to a group
To delete a local group