6. CONTENTS
1. UNDERSTANDING LOCAL USERS
2. PRACTICAL OF LOCAL USER ACCOUNTS
3. TROUBLESHOOTING LOCAL USERS
4. UNDERSTANDING GROUP ACCOUNTS
5. PRACTICAL OF LOCAL GROUP ACCOUNTS
6. TROUBLESHOOTING GROUP ACCOUNTS
7. UNDERSTANDING EFS
8. PRACTICAL OF EFS
9. TROUBLESHOOTING EFS
7. Topic division
Configuration and management of
USER ACCOUNTS
By RIZWAN AHMED
Configuration and management of
GROUP ACCOUNTS
By SABAHAT QADEER
Configuration and management of
EFS
By AYESHA ANAULLAH
Troubleshooting and practical
By GHAYOOR
8. User Account
User account is a collection of information that tells Windows
• Which files and folders administrator can access
• What changes administrator can make to the computer
• The personal preferences (desktop background or screen saver
etc ).
User accounts let administrator share a computer with several
people, while having the own files and settings.
Each person accesses his or her user account with a user name
and password.
User A/Cs is useful for assigning to the user to participate in the
network. 8
9. Types Of Accounts
There are two types of accounts
• Domain User Accounts
• Local User Accounts
9
10. Domain User Accounts
These are created in the Active Directory
(AD)
and they proved centralized management of
users
besides easy administration.
10
11. Local User Accounts
* These can be created on the Local machines
where the client works.
* Example Windows 2000 professional, XP
professional or server 2003 member server etc.
* These accounts do not provide centralized
management.
* Suitable only for smaller organizations where
there is no server.
11
12. Creating a local user Accounts
Three methods for creating users in Windows XP
Professional
• Control Panel → User Accounts
• Microsoft Consol
• Command
12
18. NOTE - Fast User Switching cannot be used if the Offline Files
option is enabled.
Also, once the system is added to a domain
administrator can no longer use Fast User
Switching, even if administrator log on to
the workstation by using the local user
account
database.
18
19. Creating User using Consol (compmgmt.msc,
lusrmgr.msc)
“Using the Local Users and Groups Snap-in “
On member server Log on to local account (Administrators and Power
Users)
>Right click on my computer >Manage
19
20. 1. Administrator can also type compmgmt.msc in the RUN box or from a command line to
launch the Computer Management MMC.
2. If administrator wants to directly open the Local Users and Groups MMC Type
lusrmgr.msc from the RUN box or from a command line.
20
23. Enabling disabled administrator account
• START >SEARCH>TYPE “CMD”>RIGHT CLICK
ON FIRST SEARCH>RESULT>RUN AS
ADMINISRATOR>GIVE COMMAND “net user
administrator: yes”>HIT ENTER
SUCCESS
23
24. Disabling enabled administrator account
• START >SEARCH >TYPE “CMD”>RIGHT CLICK
ON FIRST SEARCH RESULT>RUN AS
ADMINISRATOR>GIVE COMMAND “net user
administrator:no”>HIT ENTER
SUCCESS
24
25. Steps to change password of local user accounts
• Log on to local user account>click on start
control panel>user accounts and family
safety link>click on user accounts link
>click on the change password link
enter new password>confirm password
>type hint also(not compulsory)
success
• You can also remove password
25
28. To fix a corrupt windows user profile
• Microsoft says that a user profile can become corrupted
if your antivirus software is scanning your PC while you
try to log on, but it can also be caused by other factors.
• Troubleshooting
• A quick fix can be to restart your PC but if this doesn’t
work you’ll need to restart again and bot into safe mode
do this by pressing F8 before you see the windows
loading screen and choosing safe mode from the menu
that appears.
• Safe mode logs you into the built-in windows
administrator account, but you find that some options do
not work…
• or
• create a new user profile and backup your saved data.
28
29. You are unable to open an app in windows
• Microsoft says that whenever you purchase or load a
game or such an application that was designed for other
windows… but you do not have that window…. The file
will not run…
• Troubleshooting
• You are required to right click on that application and
then “run as administrator”…… in this way you will be
able to run such applications which were not designed
for your windows..
29
30. Restoring files from deleted user accounts
• Control panel>User accounts>configure
advanced user profile properties>create a
new admin account>log on to new
account>my computer>C-drive>Users
new account >windows enabler?run as
administrator >control panel>configure
advanced user and profiles> copy from one
user account to another user account……….
• success
30
31. I tried to log on to my user account but I keep getting message that the
user name or password is incorrect
• •1. Caps Lock might be ‘on’:
•Passwords in Windows are case-sensitive, which means that every time you type your
password, you have to capitalize each letter in exactly the same way that you did when
you first created it. If you have accidentally pressed Caps Lock, then you’re
inadvertently typing your password in all capital letters. Make sure Caps Lock is off,
and then type your password again.
31
32. Cont..
• 2.You might be typing the wrong password: If you can’t remember your
password, you need to reset your password, either with a password reset disk
or an administrator account.
3. An administrator on the computer might have reset your password: If your
computer is on a network, a network administrator has the ability to reset
your password. If you think this might be the problem, check with your
network administrator. If your computer is in a workgroup, anyone who has
an administrator account on the computer can change your password.
32
33. Cont..
• 4. You might be trying to log on to the wrong user account: If you have
more than one user account on the computer, make sure you’re logging on to
the account that matches the password you’re using. Use switch user to select
the right account.
33
34. Cont..
• 5. You might forget you password: Forgetting password is most
common issue. To overcome this issue use Reset Password option
available at log on screen once you tried to insert a wrong password.
34
35. My computer is part of a domain and I want to log on to a local user
account, not my domain account.
• To log on to a local user account on your computer, you
need to know the name of your computer and the user
name for the account that you want to log on to. To log
on to a local user account, follow these steps:
• On the Welcome screen, click Switch User.
• Click Other User.
• In the user name field, type the name of your computer,
a backslash (), and the user name for the account that
you want to log on to. For example: computer
nameuser name
• Type your password, and then press Enter.
35
36. You receive a "The User Profile Service failed the logon”
error message
• Troubleshooting
• Method 1: Fix the user account profile
• Method 2: Log on to Windows and copy your data to a new account
• Method 3: Delete the error SID and create a new profile
36
39. GROUP
What is a Group?
The group is a collection of accounts that
share the same security rights and
permissions.
40. GROUP ACCOUNTS
• A Group Account is a collection of user accounts. On a
management server that is running Windows, you can
create a group account to manage the privileges of
multiple accounts together. By making a
user account a member of a group, you give that user
all the rights and permissions granted to the group.
41. CONT…
• Windows has a long list of predefined user
groups which includes “Administrators” and
“Users.”
• A user account is a member of at least one
user group while some user accounts are
members of two groups or more, depending
on how they are set.
• User groups are managed automatically by
Windows and you won’t need to fiddle with
them, even though you can if you are an
administrator.
42. CONT….
• For example, all user accounts that are set as
administrators will be part of the
“Administrators” group. Standard user
accounts are part of the “Users” group.
However, both types of user accounts will
become members of the “HomeUsers” group,
when you start using the Homegroup
networking feature in Windows.
Local Users and Groups Consol
* Displays all built in groups as well as groups
created by administrator.
* The built-in groups are created automatically
when Windows XP is installed.
44. Administrators
Members of the Administrator group have total
control over the computer and everything on it.
The user named Administrator is the default
account within this group.
Administrators Can:
* Create, modify, and access local user accounts
• Install new hardware and software
• Upgrade the operating system
• Back up the system and files
• Claim ownership of files that have become
damaged
* Do anything a Power User can
45. Power Users and Users
The Power User class can perform any task except for
those reserved for Administrators. But a power
user can not
• Access other users' data without permission.
• Delete or modify user accounts they did not
create.
• Users can perform common tasks, but have little
power to affect the computer outside of their own
account.
Users can perform common tasks, but have little
power to affect the computer outside of their own
account.
46. Guests and Backup Operators
• Guests
• The Guests group grants limited access to
occasional or one-time users. Once a Guest
logsout, all files created by the guest is deleted.
• Backup Operators
• Members of the Backup Operators group can back
up and restore files on the computer but they cannot
change security settings.
• .
47. How to Create and Delete a User Group in
Windows 7
• Note
• This could be useful if you would like to create a
new group,add users to be a member of this
group, then assign user rights to the group. This
way you could have your own special custom group
of users with user rights assignments that you set
for them.
48. Create a New User Group
• Click on
• Right Click on
• Click on Manage
49. NEW GROUP
• In the left pane, click on Groups to open it. In the right pane
of Groups, right click on a empty space, and click on New Group.
• Type in a "group name" (ex: New Group), a "description" (ex:
Example of new group created) for the group, add users (ex: my
user account "Brink") that you would like to be a member of this
new group, then click on theCreate and Close buttons.
51. NEW GROUP
• You can now assign user rights to the group, and add
or remove users from being a member of this group at
anytime
52. HOW TO DELETE A GROUP
• When you delete a group, all users that were a member
of that group will automatically lose all user rights
assigned to that group. Be very careful to not delete the
wrong group. I would recommend to not delete any of
the default groups, and only delete groups that you
created and no longer need.
• I would highly recommend that you create a restore
point before adding or deleting groups. This way if you
make a mistake and delete the wrong group, you will be
able to do a system restore at boot and select the
restore point to undo the mistake.
• In the left pane, click on Groups to open it. In the right
pane of Groups, right click on a group (ex: New Group)
that you wanted to delete, and click on Delete.
Warning
57. Open "Local Users and Groups
Manager"
• OPTION ONE
• Open "Local Users and Groups Manager"
Directly
• 1. Press the Windows + R keys to open the Run
dialog, type lusrmgr.msc, and press Enter.
NOTE: This file is located
at C:WindowsSystem32lusrmgr.msc.
2. You can now set and manage the Local Users
and Groups settings on your computer to how
you want them.
58. OPTION TWO
• Open "Local Users and Groups Manager" in
Computer Management
• 1. Open the Control Panel (icons view), and
click/tap on the Administrative Tools icon.
2. Close the Control Panel window.
3. In Administrative Tools, click/tap on
the Computer Management icon.
4. If prompted, click/tap on Yes.
5. Close the Administrative Tools window.
6. In the left pane of Computer Management,
double click/tap on Local Users and Groups. (
59. OPTION TWO
You can now set and manage the Local Users and Groups settings
on your computer to how you want them.
60. OPTION THREE
Open "Local Users and Groups Manager" in
Advanced User Accounts
• 1. Press the Windows + R keys to open the Run
dialog, type netplwiz, and press Enter.
2. If prompted by UAC, click/tap on Yes.
3. Click/tap on the Advanced tab, and click/tap
on the Advanced button.
• You can now set and manage the Local Users and
Groups settings on your computer to how you
want them
64. Two users out of three logon in their accounts 3rd cannot
Troubleshooting
1. Check whether caps lock is on.
2. Check whether you are entering right
password.
3. It may be possible that an admin account
or the group manager has changed the
user password.. Ask the manager or admin
to check your password or reset your
password…
But this is briefly discussed in group policies
which is another vast discussion
65. A local user cannot view desktop icons
Troubleshooting
1st of all right click on the desktop screen.
Now click on view.
Click on view desktop icons..
If it doesn’t work then the group manager
may have customized group account
policies for you.
Again group policy is another vast discussion
and another topic.
66. Do you know??
1. Can an admin account create a new
admin account?
2. Can an admin account change the
password of the admin account
created before?
3. Can local account change password
of an admin account?
4. Can an admin account created
before change the password of te
account created after it?
5. Can an admin make local user an
admin?
•6. Can a standard user access admin?
•7. Can an admin view files of a standard
user?
•8. Can a standard user view the files of
other standard user?
•9. Can an admin view files of another
admin?
•10. In group accounts, can a standard
user access admin accounts? Reason.
66
87. When I try to encrypt my files, it doesn't work.
• Make sure that the following conditions are true:
• A recovery agent policy has been defined.
• The file volume is NTFS.
• The file is not compressed.
• You have write access to the file.
• Sometimes users think that the file is not encrypted because they can
open it and read the file. Remind them to verify that the file is
encrypted by checking the file's attribute.
• Sometimes a user tries to encrypt a folder that has the compression
attribute set or is on a compressed drive. First, you have to remove
the compression attribute, and then you can encrypt.
87
88. I can't open files I have encrypted.
• Make sure you have the correct EFS certificate and
private key for the file. If it is an old file, the public key
and private key set might no longer be available.
Expired certificates and private keys are archived.
However, users can delete archived certificates and
private keys, or they might be damaged. If so, recover
the file as described earlier in this chapter.
• If the computer previously operated in stand-alone mode
and is now a member of a domain, this can make a
difference. The file might have been encrypted by using
a local self-signed certificate issued by the computer,
whereas the CA designated at the domain level is now
the issuing authority.
88
89. Are there warnings to a user that a file goes from an encrypted state to
an unencrypted state when copying or moving?
• There is no warning. Always check the
properties of the resulting file to ensure that
it is still encrypted.
89
90. I can't open an EFS file after upgrading from a previous build of Windows 2000. A
message that read "Access denied" appeared, but I can still encrypt and open new EFS
files.
• It is possible that the previous build is a domestic, nonexportable
build with support for strong cryptography, and the new build is an
international, exportable build with weaker cryptography. The
weaker cryptography technology cannot handle files that have been
encrypted using the stronger cryptography.
• If you qualify to use and deploy nonexportable cryptography, you
can obtain the Encryption Pack CD from Microsoft and use it to
convert Windows 2000 to support nonexportable, strong
cryptography technology. This CD is not exportable. The Microsoft
Enhanced Cryptographic Provider for Windows 2000 is available on
this CD. Instructions on how to use the CD are provided with the
CD.
90
91. When my virus check program runs, it cannot check all the files on
my hard disk and I get "Access Denied" error messages.
• Your virus check program can only read
files that have been encrypted by you. If
other users have encrypted files on your
hard disk, access to these files is denied to
the virus check program. To perform a virus
check for files that have been encrypted by
other users, the other users must log on and
run the virus check program.
91