11 managing users and groups chapter 13. chapter 13: managing users and groups2 overview configure...
Post on 22-Dec-2015
239 views
TRANSCRIPT
Chapter 13: MANAGING USERS AND GROUPS 2
OVERVIEW
Configure and manage user accounts
Manage user account properties
Manage user and group rights
Configure user account policy
Manage and troubleshoot cached credentials
Chapter 13: MANAGING USERS AND GROUPS 3
USER ACCOUNTS
Identify users to the system and to each other
Used to grant access to resources
Collect information about users
Chapter 13: MANAGING USERS AND GROUPS 4
GROUPS
Collections of user accounts
Simplify access to resources
Can be used for security and messaging (Active Directory)
Chapter 13: MANAGING USERS AND GROUPS 5
BUILT-IN USER ACCOUNTS
Configured during setup
Used for administration or guest access
Can be renamed but not deleted
Chapter 13: MANAGING USERS AND GROUPS 6
BUILT-IN GROUPS
Created during setup
Designed for specific use or administrative roles
User accounts can be added as members
Built-in user accounts cannot be removed
Chapter 13: MANAGING USERS AND GROUPS 7
IMPLICIT GROUPS
Membership can change dynamically
Do not appear in user administration tools
Used to grant permissions based on circumstances
Chapter 13: MANAGING USERS AND GROUPS 8
SERVICE ACCOUNTS
Grant services access to system resources
Include built-in and user-defined accounts
Require special accommodations
Chapter 13: MANAGING USERS AND GROUPS 9
DOMAIN ACCOUNTS AND GROUPS
Include built-in and user-defined accounts and groups
Provide logon and resource access to local system
Can be placed into local groups
Chapter 13: MANAGING USERS AND GROUPS 16
PASSWORD COMPLEXITY
Create passphrases
Use uppercase, lowercase, and nonalphanumeric characters
Consider enforcing complexity with Group Policy
Chapter 13: MANAGING USERS AND GROUPS 22
USER MANAGEMENT BEST PRACTICES
Give administrators a limited account for nonadministrative use
Limit the number of users in the Administrators group
Rename or disable the Administrator account
Rename and leave the Guest account disabled
Observe the principle of least privilege
Chapter 13: MANAGING USERS AND GROUPS 26
CACHED CREDENTIALS
Cache users’ logon information for offline authentication
User must log on to the domain at least once
Can be disabled to force logons to use domain
Chapter 13: MANAGING USERS AND GROUPS 28
TROUBLESHOOTING CACHED CREDENTIALS
Cached credentials are out of date
User does not have credentials cached
Cached credentials are disabled on a notebook computer