•Understand why user and groups arerequired•Understand what groups are and how theyare created.•Know how to make a user account•Creating users and groups in windowsserver
Local Users and Groups is a tool you can use to manage local users and groups in Windows XP. Local Users and Groups is an important security feature because you can limit the ability of users and groups to perform certain actions by assigning them rights and permissions.
Users displays the two built-in user accounts, Administrator and Guest, as well as any user accounts you create. The built-in user accounts are created automatically when you install Windows 2000 or Windows XP. Administrator account. Guest account.
The Administrator account is the one you use when you first set up a workstation or member server. You use this account before you create an account for yourself. The Administrator account is a member of the Administrators group on the workstation or member server. The Administrator account can never be deleted, disabled, or removed from the Administrators local group, ensuring that you never lock yourself out of the computer by
Administrators Can: Create, modify, and access local user accounts Install new hardware and software Upgrade the operating system Back up the system and files Claim ownership of files that have become damaged Do anything a Power User can
The Guest account is used by people who do not have an actual account on the computer. A user whose account is disabled (but not deleted) can also use the Guest account. The Guest account does not require a password. The Guest account is disabled by default, but you can enable it. You can set rights and permissions for the Guest account just like any user account. By default, the Guest account is a member of the built-in Guests group, which allows a user to log on to a workstation or member server. Additional rights,
Guests Can: Log in and out Run installed applications Navigate through the file system Shut down the system
To create a new user account To disable or activate a user account To change the password for a user To delete a user account To modify a user account To rename a user account
A group is a collection of user accounts. Groups simplify administrationby allowing you to assign permissions and rights to a group of users ratherThan to each user account individually. In Microsoft Windows XPProfessional, you will find a number of default local groups on your system,which can perform the following default functions as outlined.
Administrators: Members of the Administrators group have the largest amount of default permissions and the ability to change their own permissions. Backup Operators: Members of the Backup Operators group can back up and restore files on the computer, regardless of any permissions that protect those files. But they cannot change security settings. Power Users: Members of the Power Users group can create user accounts. They can
Users: Members of the Users group can perform most common tasks, such as running applications, using local and network printers, and shutting down and locking the workstation. Users can create local groups, but can modify only the local groups that they created. Guests: The Guests group allows occasional or one-time users to log on to a workstations built-in Guest account and be granted limited abilities. Members of the Guests group can also shut down the system on a workstation. Replicator: Replicator group supports
Before modifying any security settings, it is important to take into consideration the default settings. There are three fundamental levels of security granted to users. These are granted to end users through membership in the Users, Power Users, or Administrators groups.
Administrators Only trusted personnel should be members of this group. Install the operating system and components . Install Service Packs and Windows Packs. Upgrade & repair the operating system. Configure critical operating system parameters (such as password policy, access control, audit policy, and so on). •Take ownership of files that have become inaccessible. •Manage the security.
Power Users The Power Users group primarily provides backward compatibility for running non- certified applications. Members of the Power Users group have more permissions than members of the Users group and fewer than members of the Administrators group. Install programs that do not modify operating system files or install system services. Customize system wide resources including printers, date, time, power options, and other Control Panel resources. Create and manage local user accounts and groups. Stop and start system services which are not
Users The Users group is the most secure, because the default permissions allotted to this group do not allow members to modify operating system settings or other users data. The Users group provides the most secure environment in which to run programs. On a volume formatted with NTFS, the default security settings on a newly installed system. Users cannot modify system wide registry settings, operating system files, or program files. Users can create local groups, but can manage only the local groups that they created. They can run certified Windows XP Professional programs that have been installed or deployed by administrators.
Backup Operatorso Members of the Backup Operators group can back up and restore files ono the computer, regardless of any permissions that protect those files.o Backing up and restoring data files and system files requires permissions to read and write those files. The same default permissions granted to Backup Operators that allow them to back up and restore files also make it possible for them to use the groups permissions for other purposes, such as
Special Groups Several additional groups are automatically created by Windows XP Professional. Interactive. This group contains the user who is currently logged on to the computer. During an upgrade to Windows 2000 or Windows XP Professional, members of the Interactive group will also be added to the Power Users group, so that legacy applications will continue to function as they did before the upgrade. Network. This group contains all users who are currently accessing the system over the network. Terminal Server User. When Terminal Servers
To create a new local group To add a member to a group To delete a local group