Mary Help College

Managing Users, Computers, Hardware and Networking Service

and Groups

By Mohammed H.
Managing Users and Groups
• You have to create user accounts on each server when someone joins
your organization and remove those accounts when someone leaves.
• Users have to provide a user name and password each time someone
accesses resources on a different server. When it’s time to change
users’ passwords, users must do so on each server

2
 Introduction to the user
Account
• A user Account provides a user with the ability to
log on to the domain to gain access to network
resources or to log on to a computer to gain
access to resource on that computer

3
 CONT…
Types of User Account

1. Local user accounts

2. Domain user accounts

3. Built-in user account

4
 1. Local User Accounts

• Is an account that allows users to log on at and gain access

to resource on only the computer where you create the local
user account
• Do not create local user account on computer that require
access to Domain resources, because the domain does not
recognize local user account properties or assign access
permissions for domain resources unless he or she connects
to the local computer using the Action menu on the computer
management console

5
Use of Local User Accounts
• Provide access to resources on the local computer

• Are created in the local security database

Similarly certain built in local groups are:

Administrators,
Users, Guests, and
Backup operators.

6
 2. Domain User Accounts

• Domain user accounts allow users to log on to the domain

and gain access to resources anywhere on the network.

The user provides his or her user name and password

during the logon process.

• You create a domain user account in a container or an

organizational unit(OU)in the copy of the active Directory

Database(called the Directory) on a domain controller

7
 Use of Domain user
accounts
• Provide access to network resources

• Provide the access token for authentication

• Are created in Active Directory on a domain controller

The example of certain built in domain groups are:
Account Operators,
Administrators,
Backup Operators,
Network Configuration Operators,
Performance Monitor Users, and
Users.
8
 3. Built-In User Accounts

• Is an account which is created

automatically creates accounts called
built-in accounts.
• Two commonly used built-in accounts
are Administrator and Guest

9
 User Profiles
• The system creates a user profile the first time that
a user logs on to a computer.
• At following logons, the system loads the user's
profile, and then other system components
configure the user's environment according to the
information in the profile.

10
 Types of User Profiles

1. Local User Profiles

2. Roaming User Profiles

3. Mandatory User Profiles

4. Temporary User Profiles

11
 1. Local User Profiles

• A local user profile is created the first time

that a user logs on to a computer.
• The profile is stored on the computer's
local hard disk.
• Changes made to the local user profile are
specific to the user and to the computer on
which the changes are made.
12
 2. Roaming User Profiles
• A roaming user profile is a copy of the local profile
that is copied to, and stored on, a server share.
• This profile is downloaded to any computer that a
user logs onto on a network. Changes made to a
roaming user profile are synchronized with the
server copy of the profile when the user logs off.
• The advantage of roaming user profiles is that
users do not need to create a profile on each
computer they use on a network.
network
13
 3. Mandatory User Profiles

• A mandatory user profile is a type of profile

that administrators can use to specify
settings for users.
• Only system administrators can make
changes to mandatory user profiles.
Changes made by users to desktop settings
are lost when the user logs off.
14
 4. Temporary User Profiles
• A temporary profile is issued each time that an
error condition prevents the user's profile from
loading. Temporary profiles are deleted at the
end of each session, and changes made by the
user to desktop settings and files are lost when
the user logs off. Temporary profiles are only
available on computers running Windows 2000
and later.
15
Managing Users, Computers, and Groups

• Creating and Managing Groups

– what groups are and why they are used
• A group is a collection of user and/or computer accounts,
contacts, and other groups that are managed as a single
object. The users and computers that belong to the group
are known as group members
• process of assigning permissions and rights to a large
number of user and computer accounts at the same time,
resulting in these groups’ members having inherited (or
implicit) permissions from the group.

16
 Cont…

Creating and Managing Groups

• A set of default groups, known as local groups, is created
during the installation of Windows Server 2003
• Computers that are part of an Active Directory domain
environment also have a set of default groups; however,
these default groups are objects that reside within the Active
Directory database structure

17
 Cont…
When using groups in Active Directory, the following
three major benefits are provided:
• A Security groups allow network administrators to simplify and
reduce administrative requirements by assigning permissions and
rights for a shared resource (think printer or file share) to the
group rather than to each individual user that requires access. In
this way, all users (and groups) that are members of the group
receive the configured permissions and rights through inheritance

18
 Cont…
Cont…
• Security groups allow network administrators efficiently delegate
administrative responsibilities for performing specific tasks in Active
Directory
• Security and distribution groups allow network administrators to
quickly create email distribution groups by assigning an e-mail address
to the group itself.All members of that group that are mailbox-enabled
will receive e-mail that is sent to the group’s e-mail address.This is an
added ability of security groups and the only usage for distribution
groups
19
 Group Types
• There are two types of groups available for use in both workgroup
and domain environments
– Distribution Groups are used for distributing messages to
group members. Distribution groups are used with e-mail
applications, such as Microsoft Exchange, to send e-mail to all
members of a group in a quick and efficient manner by sending
an e-mail to the group e-mail address
• cannot be listed on the Discretionary Access Control Lists
(DACLs) that are used by Windows to control access to
resources.
 Cont…
• Security Groups can be used for the distribution of e-mail as
described for distribution groups, but can also be listed on
DACLs, thus allowing them to control access to resources.
Security groups can be used to assign user rights to group
members
 Group Scopes
• Unlike group types, which are fairly simple to understand,
group scopes can be frustrating to those new to working with
Windows Server 2003 and Active Directory. The scope of the
group identifies the extent to which the group is applied
throughout the domain tree or forest. There are three group
scopes:
 Group Scope Types
• There are three group scopes:
• Universal Groups can include other groups and user/computer accounts from
any domain in the domain tree or forest. Permissions for any domain in the
domain tree or forest can be assigned to universal groups.
• Global Groups can include other groups and user/computer accounts from
only the domain in which the group is defined. Permissions for any domain in
the forest can be assigned to global groups.
• Domain Local groups can include other groups and user/computer accounts
from Windows Server 2003,Windows 2000 Server,and Windows NT
domains.Permissions for only the domain in which the group is defined can be
assigned to domain local groups.
 Dynamic Host Configuration of Protocol
(DHCP)

• DHCP needs to be assign IP dynamically for

client by server computer.

Advantage

• To be absence repeated of Address or host

number as well as need to ordered users

24