• objectives

•Understand why user and groups are required

•Understand what groups are and how they are
created.
•Know how to make a user account
•Creating users and groups in windows server
 Users & Groups
 Local Users and Groups is a tool you can use to manage local users and
groups in Windows XP.
 Local Users and Groups is an important security feature because you can limit
the ability of users and groups to perform certain actions by assigning them
rights and permissions.
 What is right and permission
• A right authorizes a user to perform certain actions on a
computer, such as backing up files and folders or shutting
down a computer.
• A permission is a rule associated with an object (usually a
file, folder, or printer) and it regulates which users can
have access to the object and in what manner.
 Users

 Users displays the two built-in user accounts, Administrator and Guest, as
well as any user accounts you create. The built-in user accounts are created
automatically when you install Windows 2000 or Windows XP.

 Administrator account.
 Guest account.
 Administrator account

 The Administrator account is the one you use when you first set up a workstation or
member server. You use this account before you create an account for yourself.
 The Administrator account is a member of the Administrators group on the
workstation or member server.

 The Administrator account can never be deleted, disabled, or removed from the
Administrators local group, ensuring that you never lock yourself out of the
computer by deleting or disabling all the administrative accounts. This feature sets
the Administrator account apart from other members of the Administrators local
group.
 Administrators Can:
 Create, modify, and access local user accounts
 Install new hardware and software
 Upgrade the operating system
 Back up the system and files
 Claim ownership of files that have become
damaged
 Do anything a Power User can
 Guest account

 The Guest account is used by people who do not have an actual account on the
computer. A user whose account is disabled (but not deleted) can also use the Guest
account. The Guest account does not require a password. The Guest account is
disabled by default, but you can enable it.

 You can set rights and permissions for the Guest account just like any user account.
By default, the Guest account is a member of the built-in Guests group, which
allows a user to log on to a workstation or member server. Additional rights, as well
as any permissions, must be granted to the Guests group by a member of the
Administrators group.
 Guests Can:
 Log in and out
 Run installed applications
 Navigate through the file system
 Shut down the system
 User Options

 To create a new user account

 To disable or activate a user account
 To change the password for a user
 To delete a user account
 To modify a user account
 To rename a user account
Video for users
 Groups

A group is a collection of user accounts. Groups simplify administration

by allowing you to assign permissions and rights to a group of users rather
Than to each user account individually. In Microsoft Windows XP
Professional, you will find a number of default local groups on your system,
which can perform the following default functions as outlined.
 Groups

 Administrators: Members of the Administrators group have the largest

amount of default permissions and the ability to change their own
permissions.
 Backup Operators: Members of the Backup Operators group can back up and
restore files on the computer, regardless of any permissions that protect those
files. But they cannot change security settings.
 Power Users: Members of the Power Users group can create user accounts.
They can create local groups and remove users from local groups they have
created. They can also remove users from the Power Users, Users, and Guests
groups.
 Groups
 Users: Members of the Users group can perform most common tasks, such as
running applications, using local and network printers, and shutting down
and locking the workstation. Users can create local groups, but can modify
only the local groups that they created.
 Guests: The Guests group allows occasional or one-time users to log on to a
workstation's built-in Guest account and be granted limited abilities. Members
of the Guests group can also shut down the system on a workstation.
 Replicator: Replicator group supports directory replication functions. The only
member of the Replicator group should be a domain user account used to log
on the Replicator services of the domain controller. Do not add the user
accounts of actual users to this group.
 Default security settings
 Before modifying any security settings, it is important to take into
consideration the default settings.

 There are three fundamental levels of security granted to users. These are
granted to end users through membership in the Users, Power Users, or
Administrators groups.
 Default security settings
Administrators
 Only trusted personnel should be members of this group.
 Install the operating system and components .
 Install Service Packs and Windows Packs.
 Upgrade & repair the operating system.
 Configure critical operating system parameters (such as password policy, access
control, audit policy, and so on).
 •Take ownership of files that have become inaccessible.
 •Manage the security.
 •Back up and restore the system.
 Default security settings
Power Users
The Power Users group primarily provides backward compatibility for running non-
certified applications. Members of the Power Users group have more permissions than
members of the Users group and fewer than members of the Administrators group.
 Install programs that do not modify operating system files or install system services.
 Customize system wide resources including printers, date, time, power options, and other
Control Panel resources.
 Create and manage local user accounts and groups.
 Stop and start system services which are not started by default.
 Power Users do not have permission to add themselves to the Administrators group.
 Default security settings
Users
 The Users group is the most secure, because the default permissions allotted to this
group do not allow members to modify operating system settings or other users' data.
 The Users group provides the most secure environment in which to run programs.
On a volume formatted with NTFS, the default security settings on a newly installed
system.
 Users cannot modify system wide registry settings, operating system files, or program
files. Users can create local groups, but can manage only the local groups that they
created. They can run certified Windows XP Professional programs that have been
installed or deployed by administrators.
 Users have Full Control over all of their own data files and their own portion of the
registry (HKEY_CURRENT_USER).
 Default security settings

Backup Operators
o Members of the Backup Operators group can back up and restore files on
o the computer, regardless of any permissions that protect those files.
o Backing up and restoring data files and system files requires permissions to
read and write those files. The same default permissions granted to Backup
Operators that allow them to back up and restore files also make it possible
for them to use the group's permissions for other purposes, such as reading
another user's files.
 Default security settings
Special Groups
 Several additional groups are automatically created by Windows XP Professional.
 Interactive. This group contains the user who is currently logged on to the
computer. During an upgrade to Windows 2000 or Windows XP Professional,
members of the Interactive group will also be added to the Power Users group, so
that legacy applications will continue to function as they did before the upgrade.
 Network. This group contains all users who are currently accessing the system over
the network.
 Terminal Server User. When Terminal Servers are installed in application serving
mode, this group contains any users who are currently logged on to the system
using Terminal Server.
 Groups Options

 To create a new local group

 To add a member to a group
 To delete a local group
Video for Groups