Lecture 2 & 3: User Management

 Reading:
 Windows: W2KER 4.1, 4.4, 4.5, 4.6; Ch. 6
 Linux: ESA Chapter 6 (also Steve Fritt's
document starting on page 62.)
 Common Ground
 Windows Specifics
 Linux Specifics
Common Ground
 What is a user to you?
 Social (What are some
 Technical differences in these?)
 Location of information (host or centralized)
 Home directory
 Opportunities for pre-login scripting/
initialization
 Notion of classes/categories/profiles of users
 Passwords
 “Object” identifiers (SID, UID, GID)
Windows Specifics
 Domain Controllers
 Active Directory
 Windows user/group setup:
 Local vs. Domain

 GUI vs. Command line (manage via MMC

vs. “net user”, “addusers”, etc.)

 Groups: primarily useful for administration
 Windows groups: complex (stick to domain
groups for now)
Windows Specifics
 Where are passwords stored?
 Local?
 Network?

 What makes a password “acceptable” to a

Windows system?
Windows Specifics (cont.)
 Windows logon:
 Computer logon

 Interactive user logon

 Network user logon

 Service logon

 Profiles (controls the user desktop environment)

 Local profiles

 Roaming profiles

 Mandatory profiles
Windows Specifics (cont.)
 Group policies – Computer or user based;
flow down from Site, to Domain, to OU
 Example settings:
 User security

 Application installation

 Boot

 Logon

 Logoff

 Shutdown

 Various “look-and-feel”
Windows Specifics (cont.)
 Group Policy Container (GPC)
 The AD portion of a GPO is called the Group
Policy Container
 Group Policy Template (GPT)
 The portion of a GPO that is stored as folders
and files in SYSVOL
 The GPT is where the majority of actual

settings are stored when you edit a GPO

Windows Specifics (cont.)
 While most policy settings are stored in the
GPT, some policy areas use both the GPC
and GPT, others use only the GPC and some
don’t use either the GPC or GPT.
 Windows Scripting Host and ADSI: Take a
look at Windows 2000 User Management or
Windows 2000 Power Toolkit (in Safari, or
Microsoft).
Windows User/GP/Profile Exercise
 Let’s look at the MMC
 Users
 Groups
 Computer accounts
 Group Policy
 View Group Policy Settings with RSoP

 Let’s look at a Default Profile

Up Next
 Before next regular class
 Homeworks
 HW1 - due
 HW2 - assigned

 Next class
 Linux User Management
Linux Specifics
 NIS (Discussed later)
 Linux user/group setup:
 Local vs. Network

 GUI vs. Command line vs. editing files

(Red Hat User Manager vs.

“useradd”, “addusers”, etc. vs. edit
/etc/passwd)
Linux Specifics
 Where are passwords stored?
 Network?
 Local?

 Where is group information stored?

 What makes a password “acceptable” to a

Linux system?
Linux Specifics (cont.)
 /etc/passwd: username, passwd, uid, gid,
GECOS, home directory, login shell/program
 GECOS contains general information about the
user. The exact type of information depends on
the UNIX variant, but for example it may contain
real name and phone number.
 /etc/group: name, passwd, gid, user list
 Groups: Avoid user private groups (UPG) as it is
RedHat-specific. Why tie yourself to a vendor if
you don't have to?
 /etc/shadow: (days in terms of days since
Jan 1, 1970)
Linux Specifics (cont.)
 Shadow file format
 username

 encrypted passwd

 date password was last changed

 days before PW may be changed (minlife)

 days after which PW must be changed

(maxlife)
 days before password expires to warn user

 days after password expires to disable

account
 day that account expires and is disabled

 Reserved (i.e., nothing useful)

Linux Specifics (cont.)
 Shell environments
 /etc/shells - Contains the pathname of every
shell available on your system; Some daemons
disallow access to users with unlisted shells
 /etc/skel - The home directory for each new user
is initialized with files from the /etc/skel directory;
The SA can use /etc/skel to provide a default
environment for users
 .profile - Stores settings executed at login (default
path, umask, terminal type, etc.)
 .env - Stores settings executed at shell session
start (may update path, modify your prompt, set
command aliases, etc.)
 X customization
Linux Specifics (cont.)
 NIS (Network Information Service)
 Distributed database that allows one

configuration to be used for many

computers
 Assumes a high degree of trust (so can be

insecure)
 LDAP (Lightweight Directory Access Protocol
– not just Linux)
 Allows for quick location of information

 Can provide enterprise-level user

authentication
 Can provide access control
Linux User/Profile Exercise
 Let’s look at the important files
 passwd
 group
 shadow
 /etc/shells
 /etc/skel
 .profile
 .env
Up Next
 Before next regular class
 Homeworks
 HW2 - due
 HW3 - assigned

 Next class
 System Architecture