Thursday, 4 April 2013

Windows Server 2003 Networking - 8



Creating a New User

To create a new domain user account in Windows Server 2003, follow these steps:
1. Choose StartAdministrative ToolsActive Directory Users And Computers.

This fires up the Active Directory Users And Computer management console, as shown in Figure 2-1.





2. Right-click the domain that you want to add the user to and then choose NewUser.

This summons the New User Wizard, as shown in Figure 2-2.


3. Type the user’s first name, middle initial, and last name.
As you type the name, the New User Wizard automatically fills in the Full Name field.

4. Change the Full Name field if you want it to appear differently than proposed.
For example, you may want to reverse the first and last names so the last name appears first.

5. Type the user logon name.
This name must be unique within the domain. Pick a naming scheme to follow when creating user logon names. For example, use the first letter of the first name followed by the complete last name, the complete first name followed by the first letter of the last name, or any other scheme that suits your fancy.

6. Click Next.
The second page of the New User Wizard appears, as shown in Figure 2-3.



Figure 2-3:
Setting the user’s password.

7. Type the password twice.
You’re asked to type the password twice, so type it correctly. If you don’t type it identically in both boxes,  you’re asked to correct your mistake.

8. Specify the password options that you want to apply.
The following password options are available:
User must change password at next logon.
User cannot change password.
Password never expires.
Account is disabled.

9. Click Next.


You’re taken to the final page of the New User Wizard, as shown in Figure 2-4.

10. Verify that the information is correct and then click Finish to create the account.
If the account information is not correct, click the Back button and correct the error. You’re done! Now you can customize the user’s account settings. At a minimum, you’ll probably want to add the user to one or more roups. You may also want to add contact information for the user or set up other account options.



Setting User Properties

After you’ve created a user account, you can set additional properties for the user by right-clicking the new user and choosing Properties. This brings up the User Properties dialog box, which has about a million tabs that you
can use to set various properties for the user. Figure 2-5 shows the General tab, which lists basic information about the user, such as the user’s name, office location, phone number, and so on. The following sections describe some of the administrative tasks that you can perform via the various tabs of the User Properties dialog box.



Changing the user’s contact information

Several tabs of the User Properties dialog box contain contact information for the user. In particular:
Address: Lets you change the user’s street address, post-office box, city, state, ZIP code, and so on.
Telephones: Lets you specify the user’s phone numbers.
Organization: Lets you record the user’s job title and the name of his or her boss.



Figure 2-5:
The General tab.


Setting account options

The Account tab of the User Properties dialog box, as shown in Figure 2-6, features a variety of interesting options that you can set for the user. From this dialog box, you can change the user’s logon name. In addition, you can change the password options that you set when you created the account and set an expiration date for the account.
The following account options are available in the Account Options listbox:
User must change password at next logon: This option, which is selected by default, allows you to create a one-time-only password that can get the user started with the network. The first time the user logs on to the network, he or she is asked to change the password.
User cannot change password: Use this option if you don’t want to allow users to change their passwords. (Obviously, you can’t use this option and the previous one at the same time.)
Password never expires: Use this option if you want to bypass the password expiration policy for this user so that the user will never have to change his or her password.
Store password using reversible encryption: This option stores passwords using an encryption scheme that hackers can easily break, so you should avoid it like the plague.





Figure 2-6:

The Account tab.

Account is disabled: This option allows you to create an account that you don’t yet need. As long as the account remains disabled, the user won’t be able to log on. See the section “Disabling and Enabling User Accounts,” later in this chapter, to find out how to enable a disabled account.
Smart card is required for interactive logon: If the user’s computer has a smart card reader to automatically read security cards, check this option to require the user to use it.
Account is trusted for delegation: This option indicates that the account is trustworthy and can set up delegations. This is an advanced feature that’s usually reserved for Administrator accounts.
Account is sensitive and cannot be delegated: Prevents other users from impersonating this account.
Use DES encryption types for this account: Beefs up the encryption for applications that require extra  ecurity.
Do not require Kerberos preauthentication: Select this option if you use a different implementation of the Kerberos protocol.

Specifying logon hours

You can restrict the hours during which the user is allowed to log on to the system by clicking the Logon Hours button from the Account tab of the User Properties dialog box.


 This brings up the dialog box shown in Figure 2-7. Initially, the Logon Hours dialog box is set to allow the user to log on at any time of day or night. To change the hours that you want the user to have access, click a day and time or a range of days and times and choose either Logon Permitted or Logon Denied.

Restricting access to certain computers

Normally, a user can use his or her user account to log on to any computer that’s a part of the user’s domain. However, you can restrict a user to certain computers by clicking the Logon To button in the Account tab of the
User Properties dialog box.



 This brings up the Logon Workstations dialog box, as shown in Figure 2-8.
To restrict the user to certain computers, select the radio button labeled “The following computers.” Then, for each computer you want to allow the user to log on from, type the computer’s name in the text box and click Add. If you make a mistake, you can select the incorrect computer name and click Edit to change the name or click Remove to delete the name.


Setting the user’s profile information

The Profile tab, shown in Figure 2-9, lets you configure the user’s profile information. This dialog box lets you configure three bits of information related to the user’s profile:
Profile path: This field specifies the location of the user’s roaming profile.
Logon script: The name of the user’s logon script. Logon scripts are a carryover from the early versions of  Windows NT server, which relied on logon scripts to configure the user’s computer when the user logged on. You can still use logon scripts, but profiles are the preferred way to specify the user’s logon configuration.
Home folder: This is where you specify the default storage location for the user.

The Profile tab lets you specify the location of an existing profile for the
user, but it doesn’t actually let you set up the profile.


Figure 2-9


Resetting User Passwords

By some estimates, the single most time-consuming task of most network administrators is resetting user passwords. It’s easy to just think users are forgetful idiots, but put yourself in their shoes. We insist that they set their password to something incomprehensible, such as 94kD82leL384K, that they change it a week later to something more unmemorable, such as dJUQ63DWd8331, and that they don’t write it down. Then we get mad when they forget their passwords.
So when a user calls and says he or she forgot his or her password, the least we can do is be cheerful when we reset if for them. After all, they’ve probably already spent 15 minutes trying to remember it before they finally gave up and admitted failure.
Here’s the procedure to reset the password for a user domain account:
1. Log on as an administrator.
You have to have administrator privileges in order to perform this procedure.
2. Choose StartAdministrative ToolsActive Directory Users And Computers.
The Active Directory Users and Computer management console appears.
3. Click Users in the console tree.
4. In the Details pane, right-click the user who forgot his or her password and choose Reset Password.
5. Type the new password in both password boxes.
You have to type the password twice to ensure that you type it correctly.
6. If desired, check the User Must Change Password At Next Logon option.
If you check this option, the password that you assign will work for only one logon. As soon as the user logs on,  he or she will be required to change the password.
7. Click OK.
That’s all there is to it! The user’s password is now reset.

Disabling and Enabling User Accounts

If you want to temporarily prevent a user from accessing the network, you can disable his or her account. Then,  you can enable the account later , when you’re ready to restore the user to full access.
Here’s the procedure:
1. Log on as an administrator.
You have to have administrator privileges to perform this procedure.
2. Choose StartAdministrative ToolsActive Directory Users And Computers.
The Active Directory Users And Computer management console appears.
3. Click Users in the console tree.
4. In the Details pane, right-click the user that you want to enable or disable. Then, choose either Enable Account or Disable Account to enable or disable the user.

Deleting a User

Deleting a user account is surprisingly easy. Just follow these steps:
1. Log on as an administrator.
You have to have administrator privileges in order to perform this procedure.
2. Choose StartAdministrative ToolsActive Directory Users And Computers.
The Active Directory Users And Computer management console appears.
3. Click Users in the console tree.
4. In the details pane, right-click the user that you want to delete and choose Delete.
Windows will ask whether you really want to delete the user, just in case you’re kidding.
5. Click Yes.
Poof! The user is history.
on

No comments:

Post a Comment

If you have any doubt please let me know..

Subscribe to: Post Comments (Atom)