70-270: MCSE Guide to Mic rosoft Windows XP Profess ional 1 Windows XP Professional User Accounts • Designed for use as a network client for: • Windows NT • Windows 2000 • Windows Server 2003 • Member of a workgroup • Standalone operating system
Jan 01, 2016
70-270: MCSE Guide to Microsoft Windows XP Professional
1
Windows XP Professional User Accounts
• Designed for use as a network client for:• Windows NT
• Windows 2000
• Windows Server 2003
• Member of a workgroup• Standalone operating system
70-270: MCSE Guide to Microsoft Windows XP Professional
2
Types of Windows XP Professional User Accounts
• Local user account• Exists on a single computer
• No domain access
• Domain user account• Exists throughout a domain
• Can be used on any domain member computer
70-270: MCSE Guide to Microsoft Windows XP Professional
3
How Accounts Interact with a Windows XP Professional System
• Standalone system, automatic logon• Standalone system• Workgroup member• Domain network client
70-270: MCSE Guide to Microsoft Windows XP Professional
4
Supporting More Than One User
• Multiple-user systems• Implemented through:
• Groups
• Resources
• Policies
• Profiles
70-270: MCSE Guide to Microsoft Windows XP Professional
5
Types of Logon
• Logon authentication has two purposes:• Maintain security
• Track computer usage
70-270: MCSE Guide to Microsoft Windows XP Professional
6
Windows Welcome Logon Method
• Completely new logon method• Designed for use on standalone or workgroup
member systems• List of user accounts with icons• Fast User Switching,
• Switch users without logoff
70-270: MCSE Guide to Microsoft Windows XP Professional
7
Classic Logon Method
• Press Ctrl+Alt+Delete to access WinLogon security dialog box
• Required for domain member systems
70-270: MCSE Guide to Microsoft Windows XP Professional
8
Logging On to Windows XP
• XP automatically creates accounts• Administrator
• Guest
70-270: MCSE Guide to Microsoft Windows XP Professional
9
Administrator
• Most powerful user account possible• Unlimited access and unrestricted privileges• Must be protected from misuse
• Complicated password should be used
• Should rename this account
70-270: MCSE Guide to Microsoft Windows XP Professional
10
Administrator (continued)
• Characteristics:• Cannot be deleted
• Cannot be locked out
• Can be disabled
• Can have a blank password (however, this is not recommended)
• Can be renamed (which is recommended)
• Cannot be removed from the Administrators local group
70-270: MCSE Guide to Microsoft Windows XP Professional
11
Guest
• One of the least privileged user accounts• Limited access to resources and computer activities• Should rename account• Member of the Everyone group• Recommended to leave the Guest account disabled
70-270: MCSE Guide to Microsoft Windows XP Professional
12
Guest (continued)
• Characteristics:• Cannot be deleted
• Can be locked out
• Can be disabled (it is disabled by default)
• Can have a blank password (it is blank by default)
• Can be renamed (which is recommended)
• Can be removed from the Guests local group
70-270: MCSE Guide to Microsoft Windows XP Professional
13
Naming Conventions
• Predetermined process for creating names on network or standalone system
• Should incorporate a scheme for:• User accounts
• Computers
• Directories
• Network shares
• Printers
• Servers
70-270: MCSE Guide to Microsoft Windows XP Professional
14
Managing Local User Accounts
• Two types:• Local representations of domain/network user accounts
• Created from scratch locally
• User Accounts applet• Used to create local representation
• Local Users and Groups snap-in• Used to create accounts from scratch
70-270: MCSE Guide to Microsoft Windows XP Professional
15
User Accounts Applet
• Users tab• Lists active users
• Add New User wizard to add users
• Advanced tab• Access to
• Password and passport management
• Advanced user management
• Secure logon settings
70-270: MCSE Guide to Microsoft Windows XP Professional
16
Local Users and Groups
• Create and manage local users• Console tree nodes:
• Users
• Groups
70-270: MCSE Guide to Microsoft Windows XP Professional
17
Planning Groups and System Groups
• Plan how to manage groups• Pair groups with resources for administrative control• Ongoing administrative task:
• Adding and removing users from groups
70-270: MCSE Guide to Microsoft Windows XP Professional
18
Working with Groups You’ve Made
• Must have a Windows NT, 2000, or Server 2003 in client/server environment
• Resource• Has local groups assigned to it
• Global user groups• Assigned to local resource groups
• Users• Assigned to global groups
70-270: MCSE Guide to Microsoft Windows XP Professional
19
Assigning users access to resources using groups
70-270: MCSE Guide to Microsoft Windows XP Professional
20
Working with Default Groups
• Administrators• Backup Operators• Guests• Network Configuration Operators• Power Users
70-270: MCSE Guide to Microsoft Windows XP Professional
21
Working with Default Groups (continued)
• Remote Desktop Users• Replicator• Users• HelpServicesGroup
70-270: MCSE Guide to Microsoft Windows XP Professional
22
Working with System Groups and Other Important Groups
• Built-in system-controlled groups• Preexisting groups• Cannot be edited• Used by system to control or place restrictions on
specific groups of users based on activities
70-270: MCSE Guide to Microsoft Windows XP Professional
23
Windows XP as a Domain Client
• Can serve as a client to an Active Directory domain• Centralized control of user accounts and overall
security• Resources centrally located • Management of access easier than a workgroup
network
70-270: MCSE Guide to Microsoft Windows XP Professional
24
User Profiles
• Collection of desktop and environmental configurations
• Computer maintains profile for each user• Material such as:
• Application data
• My Documents
• Cookies
• Etc.
70-270: MCSE Guide to Microsoft Windows XP Professional
25
Local Profiles
• Set of specifications and preferences • For an individual user• Stored on local machine
• Reside in the %username% subdirectory beneath the \Documents and Settings directory
• Set up by example • Saved on logout
70-270: MCSE Guide to Microsoft Windows XP Professional
26
Roaming Profiles
• Resides on a network server• Automatically downloaded to any system when user
logs on• Default path designation:
• \\computername\username
70-270: MCSE Guide to Microsoft Windows XP Professional
27
Troubleshooting Cached Credentials
• Automatically caches user’s credentials in the Registry • When domain logon or .NET Passport logon is performed
• Can be disabled:• Enable the group policy setting of Interactive logon
• Set the cachedlogonscount Registry value to 0
70-270: MCSE Guide to Microsoft Windows XP Professional
28
Files and Settings Transfer Wizard
• Move data files and personal desktop settings from another computer to new Windows XP Professional system
• Must have some sort of network connection between the two systems
• Transfer files from Windows 95, 98, SE, Me, NT, 2000, or XP systems
• Transfer process can take considerable time
70-270: MCSE Guide to Microsoft Windows XP Professional
29
User State Migration Tool (USMT)
• Supports migration to user data from Windows 9x, Windows NT Workstation 4.0, and Windows 2000 Professional to a Windows XP Professional system
• Able to transfer the same files and settings that the Files and Settings Transfer Wizard can
• Fully configurable and scriptable
70-270: MCSE Guide to Microsoft Windows XP Professional
30
User State Migration Tool (USMT) (continued)
• Two command-line utilities:• ScanState
• LoadState
• Read instructions and control parameters from INF files
• ScanState • Used to create a backup of the user data
• LoadState• Used to copy the data onto new target system