70 271 Stu Chap03

548 views
482 views

Published on

This show is to be used in conjunction with the text or ebook.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
548
On SlideShare
0
From Embeds
0
Number of Embeds
32
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

70 271 Stu Chap03

  1. 1. SUPPORTING LOCAL USERS AND GROUPS Chapter 3
  2. 2. SUPPORTING LOCAL USERS AND GROUPS <ul><li>Explain the difference between local and domain accounts </li></ul><ul><li>Create and modify a user account in Microsoft Windows XP Professional Edition </li></ul><ul><li>Explain the use of and configure groups </li></ul><ul><li>Configure Fast User Switching </li></ul><ul><li>Troubleshoot common password and logon problems </li></ul>
  3. 3. SUPPORTING LOCAL USERS AND GROUPS (CONTINUED) <ul><li>Explain how Local Security Policy affects a computer running Windows XP </li></ul><ul><li>Use the Local Security Policy tool to change security settings </li></ul><ul><li>Identify the important security settings that are available through Local Security Policy </li></ul>
  4. 4. LOCAL ACCOUNTS <ul><li>Local accounts are used for the following activities: </li></ul><ul><ul><li>To gain initial access to the computer </li></ul></ul><ul><ul><li>To control access to local computer resources </li></ul></ul><ul><ul><li>To control access to network resources </li></ul></ul>
  5. 5. LOCAL ACCOUNTS
  6. 6. USER ACCOUNTS <ul><li>Account management is a comprehensive topic that includes: </li></ul><ul><ul><li>Auditing of account activity </li></ul></ul><ul><ul><li>Creation of user and group accounts, and management of account properties </li></ul></ul><ul><ul><li>Password and account lockout policy configuration </li></ul></ul><ul><ul><li>User rights assignments </li></ul></ul>
  7. 7. DEFAULT USER ACCOUNTS <ul><li>Administrator </li></ul><ul><li>Guest </li></ul><ul><li>HelpAssistant </li></ul><ul><li>SUPPORT_susux </li></ul>
  8. 8. CREATING USER ACCOUNTS
  9. 9. USER ACCOUNT PROPERTIES, GENERAL TAB
  10. 10. USER ACCOUNT PROPERTIES, PROFILE TAB
  11. 11. USER ACCOUNT ACTION MENU
  12. 12. GROUP ACCOUNTS <ul><li>Group accounts are used to simplify the assignment of security features by associating user accounts that have common needs. </li></ul>
  13. 13. DEFAULT GROUP ACCOUNTS <ul><li>There are several default, built-in groups in Windows XP Professional Edition. The most common of these are: </li></ul><ul><ul><li>Administrators group </li></ul></ul><ul><ul><li>Backup Operators group </li></ul></ul><ul><ul><li>Guest group </li></ul></ul><ul><ul><li>Power Users group </li></ul></ul><ul><ul><li>Users group </li></ul></ul>
  14. 14. GROUP MEMBERSHIPS ADDED AUTOMATICALLY <ul><li>Domain Admins </li></ul><ul><li>Domain Guests </li></ul><ul><li>Domain Users </li></ul>
  15. 15. SPECIAL GROUPS <ul><li>Everyone </li></ul><ul><li>Authenticated Users </li></ul><ul><li>Interactive </li></ul><ul><li>Network </li></ul>
  16. 16. CREATING GROUP ACCOUNTS
  17. 17. LOCAL GROUP ACCOUNTS VS. DOMAIN GROUP ACCOUNTS <ul><li>Local Groups </li></ul><ul><li>Global Groups or Universal Groups </li></ul><ul><li>Restricted Group </li></ul>
  18. 18. SECURITY IDENTIFIERS (SIDS) <ul><li>User accounts and groups are considered security principals. Every security principal has a unique Security Identifier (SID) assigned to it at the time of creation. </li></ul>
  19. 19. LIMITATIONS OF WINDOWS XP HOME EDITION <ul><li>Cannot create local groups </li></ul><ul><li>Local Users And Groups tool is not available—must use User Accounts tool </li></ul><ul><li>Supports only two types of accounts: </li></ul><ul><ul><li>Computer Administrator </li></ul></ul><ul><ul><li>Limited </li></ul></ul><ul><li>Does not have an account named Administrator </li></ul><ul><li>Cannot join a domain </li></ul>
  20. 20. USER PROFILES <ul><li>User profiles store user-specific configuration settings, such as customized desktops and personalized application settings </li></ul>
  21. 21. DOCUMENTS AND SETTINGS FOLDER <ul><li>Windows stores local user profiles in the Documents And Settings folder. This folder stores several files and folders containing configuration information and data for each user profile. </li></ul>
  22. 22. LOCAL USER PROFILES <ul><li>A local user profile is available only from the system on which it was created </li></ul><ul><li>A unique local user profile is created and stored on each computer a user logs on to </li></ul>
  23. 23. HANDLING MULTIPLE PROFILES FOR THE SAME USER NAME <ul><li>If a Windows XP Professional Edition computer is a member of a Windows domain, two users with the same user account name can log on to the same system. </li></ul>
  24. 24. ALL USERS AND DEFAULT USER PROFILES ON DUAL-BOOT SYSTEMS <ul><li>If a system is dual-booting between Windows XP and another Windows operating system, a discrete All Users profile and a Default User profile are maintained for each operating system installed. </li></ul>
  25. 25. ROAMING USER PROFILES <ul><li>Users will have a different profile on each machine they log on to </li></ul><ul><li>Without regular backup, if the local machine crashes, the profile could be lost </li></ul>
  26. 26. ENABLING ROAMING PROFILES <ul><li>Create and share a folder on the server that will hold the roaming profiles </li></ul><ul><li>Make sure that the users have access to the shared folder </li></ul><ul><li>Specify the location of the roaming profile folder </li></ul>
  27. 27. ADDITIONAL POINTS ON ROAMING PROFILES <ul><li>Roaming profiles are generally used in a domain environment </li></ul><ul><li>In a workgroup environment, the administrator must create an account for the user on the computer that contains the roaming profile </li></ul><ul><li>In a domain account, a roaming profile is created and configured once on a domain controller </li></ul>
  28. 28. MANDATORY USER PROFILES <ul><li>Mandatory user profiles are applied to roaming user profiles. When a profile is made mandatory, users are unable to save changes to desktop settings. </li></ul>
  29. 29. FAST USER SWITCHING <ul><li>Allows multiple local user accounts to log on to a computer simultaneously </li></ul><ul><li>Users can switch sessions without logging off or closing programs </li></ul><ul><li>Running programs still consume computer resources </li></ul>
  30. 30. TROUBLESHOOTING PASSWORD PROBLEMS <ul><li>The user is mistyping the user name, password, or both </li></ul><ul><li>The user has the CAPS LOCK key engaged </li></ul>
  31. 31. TROUBLESHOOTING DOMAIN LOGON PROBLEMS <ul><li>Problems with cached credentials </li></ul><ul><li>Missing domain controller issues </li></ul>
  32. 32. SECURITY POLICY <ul><li>Security policy is a combination of security settings that affect the security on a computer </li></ul><ul><li>Computers that are members of a workgroup are subject only to Local Security Policy </li></ul><ul><li>Computers that are members of a domain are subject to both Local Security Policy and Group Policy </li></ul>
  33. 33. ORDER OF POLICY APPLICATION <ul><ul><li>Local Computer Policy is applied to the computer </li></ul></ul><ul><ul><li>Group Policy settings are applied for the Active Directory site of which the computer is a member </li></ul></ul><ul><ul><li>Group Policy settings are applied for the Active Directory domain of which the computer is a member </li></ul></ul><ul><ul><li>Group Policy settings configured for the Active Directory OU of which the computer is a member are applied </li></ul></ul>
  34. 34. RESULTANT SET OF POLICY <ul><li>Policy settings are cumulative, so all settings contribute to effective policy. The effective policy is called the Resultant Set of Policy (RSoP). </li></ul>
  35. 35. ACCESSING LOCAL SECURITY POLICY
  36. 36. CONFIGURABLE SECURITY OPTIONS <ul><li>There are quite a few configurable security options in Windows XP </li></ul>
  37. 37. PASSWORD POLICY <ul><li>Enforce password history </li></ul><ul><li>Maximum password age </li></ul><ul><li>Minimum password age </li></ul><ul><li>Minimum password length </li></ul><ul><li>Passwords must meet complexity requirements </li></ul><ul><li>Store password using reversible encryption for all users in the domain </li></ul>
  38. 38. ACCOUNT LOCKOUT POLICY <ul><li>Account Lockout Policy allows you to configure the computer to stop responding to logon requests from a user who has a valid logon name but who keeps entering the incorrect password. The policy settings are as follows: </li></ul><ul><ul><li>Account Lockout Duration </li></ul></ul><ul><ul><li>Account Lockout Threshold </li></ul></ul><ul><ul><li>Reset Account Lockout After </li></ul></ul>
  39. 39. AUDITING <ul><li>Auditing consists of two major components: </li></ul><ul><ul><li>Audit policy </li></ul></ul><ul><ul><li>Audit entries </li></ul></ul>
  40. 40. CHOOSING EVENTS TO AUDIT <ul><li>There are several types of events that can be audited based on the specific security needs of the given system. </li></ul>
  41. 41. POTENTIAL EVENTS TO AUDIT <ul><li>Shutting down and restarting the computer </li></ul><ul><li>Users logging on at odd hours </li></ul><ul><li>Users logging on to computers they wouldn’t normally log on to </li></ul><ul><li>Users attempting to log on unsuccessfully </li></ul><ul><li>Changes to user and group accounts </li></ul><ul><li>Printer usage </li></ul><ul><li>Access to particular files and folders </li></ul>
  42. 42. CONFIGURING AUDIT POLICY <ul><li>Configure the audit policy </li></ul><ul><li>Enable auditing on specific resources </li></ul>
  43. 43. VIEWING AUDIT ENTRIES IN THE SECURITY LOG
  44. 44. USER RIGHTS ASSIGNMENT <ul><li>Gives the user the ability to perform a particular task </li></ul><ul><li>Examples of rights include: </li></ul><ul><ul><li>Back up the computer </li></ul></ul><ul><ul><li>Change the time </li></ul></ul><ul><ul><li>Shut down the computer </li></ul></ul><ul><ul><li>Access the computer from the network </li></ul></ul>
  45. 45. CHAPTER SUMMARY <ul><li>Local user accounts are used to gain initial access to a computer and to control local resources. </li></ul><ul><li>Local groups are used to simplify the assignment of security features by associating user accounts that have common needs. </li></ul><ul><li>User profiles store user-specific configuration settings, such as customized desktops and personalized application settings. </li></ul>
  46. 46. CHAPTER SUMMARY (CONTINUED) <ul><li>Windows stores local user profiles in the Documents And Settings folder. This folder stores several files and folders containing configuration information and data for each user profile. </li></ul><ul><li>Password problems are a common issue with users. Make sure that they are typing their logon information correctly and that the Caps Lock key is not engaged. </li></ul>
  47. 47. CHAPTER SUMMARY (CONTINUED) <ul><li>Security policy is a combination of security settings that affect the security on a computer. Computers that are members of a workgroup are subject only to Local Security Policy. Computers that are members of a domain are subject to both Local Security Policy and Group Policy. </li></ul>

×