This document discusses user account policies in Windows Server 2003. It describes the three types of user accounts: local accounts for individual computers, domain accounts that provide access to network resources, and built-in accounts for administrative tasks. Groups are collections of user accounts that simplify administration by allowing permissions to be assigned to multiple users at once. The document also outlines how group policies are applied and inherited through organizational units to configure settings for users and computers.

1. User Account Policy
A user account is a record that consists of all the
information that defines a user to
Microsoft Windows Server 2003. This includes the
user name and password required
for the user to log on, the groups in which the user
account has membership, and the
rights and permissions the user has for using the
computer and network and accessing
their resources.

2.  User Account Types
 Windows Server 2003 provides three types of
user accounts:
 1 .local user accounts
 2 .domain user accounts
 3 .built-in user accounts.

3.  local user account:- a user logs on to a specific
computer to gain access to resources on that
computer.
 domain user account:- a user can log on to a
domain to gain access to network resources.
 Built−in user accounts:- are created automatically
by Windows Server 2003 for the purpose of
performing administrative tasks or to gain access to
network resources. (e.g Administrator ,Guest

4.  A group is a collection of user accounts.
Groups simplify administration by allowing
 you to assign permissions and rights to a
group of users rather than having to assign
 permissions to each individual user account.

5.  Group Policy
 Group policies are collections of user and computer
configuration settings that specify how programs,
network resources, and the operating system work for
users and computers in an organization.
 Local GPOs:-
 One local GPO is stored on each computer whether or
not the computer is part of an Active Directory
environment or a networked environment. A local GPO
affects only the computer on which it is stored.
 Nonlocal GPOs:-
 Nonlocal GPOs are created in Active Directory, By
default, when Active Directory directory service is set
up, two nonlocal GPOs are created:

6.  Default Domain Policy This GPO is linked to
the domain , and it affects all users and
computers in the domain (including
computers that are domain controllers)
 Default Domain Controllers Policy This
GPO is linked to the Domain Controllers OU,
and it generally affects only domain
controllers, because computer accounts for
domain controllers are kept exclusively in the
Domain Controllers OU.

7.  How Group Policy Is Applied
 Local GPO.
 Site GPOs
 Domain GPOs
 OU GPOs

8.  Group Policy Inheritance
 Group Policy is passed down from parent to child containers
within a domain. Group Policy is inherited in the following ways:
 If a policy setting is configured (set to Enabled or Disabled) for a
parent OU, and the same policy setting is not already configured
for its child OUs, the child OUs inherit the parent’s policy setting.
 If a policy setting is configured (set to Enabled or Disabled) for a
parent OU, and the same policy setting is configured for a child
OU, the child OU’s Group Policy setting overrides the setting
inherited from the parent OU.