Users, Computers, and Groups : Managing Users, Computers and Groups in Windows Server 2003 can be performed by using built-in consoles and command line utilities. The following chapter will give you insight on how to manage these administrative tasks within your organization.
Getting Ready Questions:
1 In Windows Server 2003, how can one access the location for user profile storage?
2. In a Server 2003 Active Directory environment, do legacy operating systems (such as Windows 95 or Windows 98) now have computer accounts?
3. What does the acronym AGGUDLP stand for?
4. What is the difference between disabling and resetting an account?
5. What is considered a minimum password length for a strong password implementation?
Getting Ready Answers:
1. In Server 2003, the location for user profiles storage can now be accessed by right-clicking on My Computer and choosing the "Advanced" option, then "User Profiles" from the System Properties box.
2. Computer accounts are still not assigned to older legacy operating systems such as Windows 95 or Windows 98 machines in a Server 2003 domain. These operating systems still operate as participants in,rather than members of, the domain.
3. The acronym AGGUDLP stands for:
• Accounts are members of
• Global groups, which in native mode can be members of other
• Global groups, which in native mode can be members of
• Universal groups, which are in turn members of
• Domain Local groups, which are the group scope that is granted resource access
• Permissions.
4. Disabling an account renders it unusable. Resetting the account causes it to synchronize to bring it up-to-date.
5. A minimum length of seven characters is considered for password strength. It is also a good idea to have the passwords meet strong password requirements.
Manage user profiles: Microsoft Windows Server 2003 uses user profiles to give Network Administrators the ability to create and maintain user desktop settings. User profiles are used to automatically establish desktop settings for any user logging into a client machine. A good example of this feature's use would be as follows. If more than one user uses the same computer at various times of the day, such as morning and afternoon shifts, user profiles will allow the two users to have their own customized desktop settings, such as shortcuts, mail settings, video resolution etc.This feature can also be used to create mandatory user profiles. Mandatory user profiles are used to allow clients the ability to change desktop settings while they are using the computer, but once the user has logged off of the system the changes which were made to the desktop are lost. Microsoft Windows Server 2003 has added additional functionality for improved use of user profiles. Some of these improved features are listed below:
• The location for user profiles storage can now be accessed by right clicking on My Computer and choosing the Advanced option, then User Profiles from the System Properties box.
• Additional Group Policy functionality.
• From the Group Policy Microsoft Management Console (MMC), you can now access User Profile policies.
• The administrator can now prevent users who have roaming profiles configured from obtaining their roaming profile on a specific computer. This means that the profile loaded on that specific computer would be local only.
• Domain Administrators are now allowed to obtain full control over the profile directory that belongs to a user. In Windows 2000, by default, the Administrator had no file access right. The section below covers the differences between the Local User, Roaming User, Mandatory User and Temporary user profiles used in Windows Server 2003.
Local user profiles: Local user profiles are profiles that are created the first time a user logs onto a computer. This profiles is not a roaming profiles, which is stored on a server and is accessed by a user, no matter what machine is logged onto; rather they are stored locally on the computer hard drive. Changes made to this profile while a user is logged onto a machine are specific to that computer and will not "roam" with the client. Roaming user profiles: Roaming user profiles are created by a domain administrator and stored server-side. Any changes in shortcuts, mail settings, display settings, etc. are updated to the profile located on the server. From any machine on the domain that a client logs onto, this profile will be available for their use. Roaming Profiles cannot support encrypted files.
Creating a Roaming user profile:
Creating a roaming user profile is accomplished by following two steps-create a test profile and then copy the test profile to the network server. Use the steps below to create a test profile.
1. Before you begin, make certain you are logged onto the machine as an Administrator.
2. Click on Start, choose Administrative Tools and select Computer Management.
3. Click on Local Users and Groups, and then select Users.
4. Right-click on Users, then choose New User. Enter a name and password for the user.
5. Use the mouse to clear the User must change password at next logon box.
6. Select the Create option and then choose close.
7. Log off of the computer and then log back on as the user name that was previously created in this step. A local user profile has now been created and the next steps are to configure the environment
(desktop settings, shortcuts, appearance) and then copy to the network server.
8. From the server that will store the network profiles, create a folder such as the following: etwork_server\profiles\username.
9. Click on Start choose Control Panel and select System.
10. Choose the Advanced tab and select Settings (located in System Properties under User Profiles).
11. Choose the Profile under the Profiles Stored on this computer option and select the Copy To option.
12. Enter the Path to the profile, which was created in Step 8.
13. Select the Change under the Permitted to Use option.
14. Enter the Name of the user account created in step 4, then select OK.
15. Click OK, then OK, then OK again.
16. Open the Computer Management console by clicking on Start then choosing Administrative Tools.
17. Open the Local Users and Groups console and double-click on the Users button.
18. Find the user account that was created in Step 4 and select the Profile option.
19. Enter the Network Profile Path in the profile path box.
20. Click OK.
21. Close the Computer Management console.
Jada Brock-Soldavini is author of book InsideScoop to Windows Server 2003 Certification Examination 70-290 Managing and Maintaining a Microsoft Windows ServerTM 2003 Environment. Jada works for the State of Georgia as a Network Services Administrator. She has co-authored or contributed to other numerous works pertaining to Microsoft Windows technologies. In her spare time she enjoys cooking, writing and reading anything that pertains to Network and Security technology. To buy my book, please visit www.totalrecallpress.com.
Article Rating (5 stars):
- Article Word Count: 1023
- |
- Total Views: 481
- |
- permalink