Working with Users and Working with Users and Groups Groups Lesson 5
Jan 05, 2016
Working with Users Working with Users and Groupsand Groups
Lesson 5
Skills MatrixSkills Matrix
Technology Skill Objective Domain Objective #
Introducing User Account Control
Configure and troubleshoot User Account Control
3.1
Understanding User Account Control
Configure and troubleshoot User Account Control
3.1
Understanding Recommended UAC Practices
Configure user accounts to run as standard users
3.1
Skills MatrixSkills Matrix
Technology Skill Objective Domain Objective #
Performing Administrative Tasks with a Standard User Account
Elevate user privileges 3.1
Configuring User Account Control
• Use local security policies to configure User Account Control• Disable Secure Desktop
3.1
Chapter 5Chapter 5
Understanding Local and Domain Users
Workgroups
Domains
Chapter 5Chapter 5
Local User Accounts
5
Chapter 5Chapter 5
Domain User Accounts
6
Chapter 5Chapter 5
Introducing Built-In Local Users
Administrator
New User Account
Guest
Chapter 5Chapter 5
Understanding Groups
8
Chapter 5Chapter 5
A collection of user accounts on a local computer
Assign permissions to resources on that computer
Created in the local security database
Understanding Local Groups
9
Chapter 5Chapter 5
Using Built-In Local Groups
Administrators
Backup Operators
Power Users
Guests
Remote Desktop Users
Users
Chapter 5Chapter 5
Introducing Special Identities
Everyone
Interactive
Network
Anonymous Logon
Authenticated Users
Creator Owner
Dialup
Chapter 5Chapter 5
Creating and Managing Users and Groups
User Accounts control panel
Local Users And Groups MMC snap-in
Chapter 5Chapter 5
Creating a New User Account -User Accounts Control Panel
Intended for users with less experience
Simplified interface
Limited access
Cannot create or manage groups
Chapter 5Chapter 5
Creating a New User Account –Local Users and Groups Snap-in
Gives more access to user account properties
Allows you to create and manage groups
Chapter 5Chapter 5
Creating a Local Group
Chapter 5Chapter 5
User Profile Types
Local user profile
Roaming user profile
Mandatory user profile
Chapter 5Chapter 5
User Account Control (UAC)
Because many users logon to the system using Administrative Accounts (leaving the system vulnerable to malware attacks) Microsoft implemented UAC
Administrative accounts are required to confirm when they want to perform tasks that require administrative access
Chapter 5Chapter 5
Configuring UAC Local Security Policies
You can configure the UAC Local Security Policy in Administrative Tools > Local Security Policy > Scroll down to the User Account Control policies
Chapter 5Chapter 5
Configuring Password Policies
Chapter 5Chapter 5
You Learned
The user account is the fundamental unit of identity in the Windows operating systems.
A group is an identifying token that Windows uses to represent a collection of users.
Chapter 5Chapter 5
You Learned (cont.)
A workgroup is a collection of computers that are all peers. A peer network is one in which every computer can function as both a server, by sharing its resources with other computers, and a client, by accessing the shared resources on other computers.
A domain is a collection of computers that all utilize a central directory service for authentication and authorization.
Chapter 5Chapter 5
You Learned (cont.)
Windows Vista includes a number of built-in local groups that are already equipped with the permissions and rights needed to perform certain tasks.
A special identity is essentially a placeholder for a collection of users with a similar characteristic.
Chapter 5Chapter 5
You Learned (cont.)
Windows Vista provides two separate interfaces for creating and managing local user accounts: the User Accounts control panel and the Local Users And Group snap-in for the Microsoft Management Console (MMC).
A roaming user profile is simply a copy of a local user profile that is stored on a network share so that the user can access it from any computer on the network.
Chapter 5Chapter 5
You Learned (cont.)
A mandatory user profile is simply a read-only roaming user profile.
On a Windows Vista computer running User Account Control (UAC), a standard user still receives a standard user token, but an administrative user receives two tokens: one for standard user access and one for administrative user access.
Chapter 5Chapter 5
You Learned (cont.)
When a standard user attempts to perform a task that requires administrative privileges, the system displays a credential prompt, requesting that the user supply the name and password for an account with administrative privileges.
Chapter 5Chapter 5
You Learned (cont.)
When an administrator attempts to perform a task that requires administrative access, the system switches the account from the standard user token to the administrative token. This is known as Admin Approval Mode.
Chapter 5Chapter 5
You Learned (cont.)
Before the system permits the user to employ the administrative token, it requires the human user to confirm that he or she is actually trying to perform an administrative task. To do this, the system generates an elevation prompt.
Chapter 5Chapter 5
You Learned (cont.)
The secure desktop is an alternative to the interactive user desktop that Windows normally displays. When Vista generates an elevation or credential prompt, it switches to the secure desktop, suppressing the operation of all other desktop controls and permitting only Windows processes to interact with the prompt.
Chapter 5Chapter 5
You Learned (cont.)
User Account Control is enabled by default in all Windows Vista installations, but it is possible to configure several of its properties, or even disable it completely, using Local Security Policy.