70-290: MCSE Manual for Dealing with a Microsoft Windows Server 2003 Environment Part 3: Making and Overseeing Client Ac.


76 views
Uploaded on:
Category: Product / Service
Description
Design and alter client records utilizing diverse routines ... Essential device for making and overseeing records is Active Directory Users and Computers ...
Transcripts
Slide 1

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts

Slide 2

Objectives Understand the reason for client accounts Understand the client confirmation process Understand and arrange neighborhood, meandering, and obligatory client profiles Configure and adjust client accounts utilizing distinctive strategies Troubleshoot client record and verification issues 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 3

Introduction to User Accounts A client record is an Active Directory object Represents data that characterizes a client with access to network (first name, last name, secret key, and so on.) Required for anybody utilizing assets on system Assists as a part of organization and security Must take after authoritative principles 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 4

User Account Properties Primary instrument for making and overseeing records is Active Directory Users and Computers Active Directory is extensible so extra tabs might be added to property pages Major record properties that can be set include: General Address Account Profile Sessions 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 5

Activity 3-1: Reviewing User Account Properties Objective is to r eview properties of client records through fundamental tabs of Active Directory Users and Computers Start  Administrative Tools  Active Directory Users and Computers  Users  AdminXX account  Properties Explore tabs and qualities as coordinated 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 6

The Account Tab of Properties 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 7

User Authentication The procedure by which a client\'s personality is accepted Used to give or deny access to network assets From a customer working framework Name, watchword, asset required In Active Directory environment Domain controller validates In a workgroup Local SAM database verifies 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 8

Authentication Methods Two primary procedures Interactive verification User account data is supplied at log on Network validation User\'s accreditations are affirmed for system access 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 9

Interactive Authentication The procedure by which a client gives a client name and watchword for validation For area logon, qualifications contrasted with unified Active Directory database For nearby logon, certifications contrasted with neighborhood SAM database In space situations, clients typically don\'t have nearby records 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 10

Network Authentication The procedure by which a system administration affirms the recognize of a client For a client who sign on to area, system confirmation is straightforward Credentials from intuitive confirmation legitimate for system assets A client who sign on to neighborhood PC will be incited to sign on to network asset independently 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 11

Authentication Protocols Windows Server 2003 backings two fundamental confirmation conventions: Kerberos rendition 5 (Kerberos v5) NT LAN Manager (NTLM) Kerberos v5 is essential convention for Active Directory situations yet is not bolstered on all customer frameworks NTLM is essential convention for more seasoned Microsoft working frameworks 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 12

Kerberos v5 Primary verification convention utilized as a part of Active Directory area situations Supported by Windows 2000, Windows XP, Windows Server 2003 Protocol took after: Log on solicitation went to Key Distribution Center (KDC), a Windows Server 2003 space controller KDC confirms client and, if substantial, issues a ticket-giving ticket (TGT) to customer framework 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 13

Kerberos v5 (proceeded) When customer asks for a system asset, it shows the TGT to KDC issues an administration ticket to customer Client presents administration ticket to host server for system asset Every area controller in Active Directory environment holds part of KDC Not all customers tail this convention 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 14

NTLM A test reaction convention Used with working frameworks running Windows NT 4.0 or prior or with Windows 2000 or Server 2003 when important Protocol took after: User sign in, customer ascertains cryptographic hash of secret word Client sends client name to space controller 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 15

NTLM (proceeded with) Domain controller produces arbitrary test and sends it to customer Client encodes challenge with hash of secret key and sends to space controller Domain controller figures anticipated that esteem would be come back from customer and looks at to genuine worth After fruitful confirmation, area controller creates a token for client for system access 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 16

User Profiles A gathering of settings particular to a specific client Stored locally as a matter of course Do not take after client signing on to various PCs Can make a wandering profile Does take after client signing on to various PCs Administrator can make a compulsory profile User can\'t modify it 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 17

User Profile Folders and Contents 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 18

Local Profiles New profiles are made from Default User profile envelope User can change nearby profile and changes are put away exceptionally to that client Administrator can oversee different components of profile Change Type Delete Copy To 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 19

Activity 3-2: Testing Local Profile Settings Objective is to design and test a neighborhood client profile Start  Administrative Tools  Active Directory Users and Computers  Users  New  User Follow headings to make another client profile Explore and arrange properties Test by signing in as new client 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 20

Roaming Profiles Roaming profiles Allow a profile to be put away on a focal server and take after the client Provide point of interest of a solitary concentrated area (accommodating for reinforcement) Configured from Profiles page of Active Directory Users and Computers Changing a profile from neighborhood to meandering requires care – ought to duplicate initial 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 21

Activity 3-3: Configuring and Testing a Roaming Profile Objective: To design and test a wandering client profile Create a mutual organizer, duplicate a nearby profile to envelope, and design properties of client record to utilize wandering envelope Follow bearings in book to make, design, and test the new meandering profile 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 22

Mandatory Profiles Local and meandering profiles permit clients to roll out perpetual improvements Mandatory profiles permit changes just for a solitary session Local and wandering profiles can both be arranged as obligatory ntuser.dat  ntuser.man 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 23

Activity 3-4: Configuring a Mandatory Profile Objective: To design and test a required client profile Start  My Computer Follow headings to make already made test profile compulsory by renaming document Test that no lasting changes can be made by client 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 24

Creating and Managing User Accounts Standard device is Active Directory Users and Computers Also various summon line devices and utilities 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 25

Active Directory Users and Computers Available from Administrative Tools menu Can be added to a Microsoft Management Console Can be keep running from charge line (dsa.msc) Graphical apparatus Can include, alter, move, erase, hunt down client records Can arrange numerous articles all the while 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 26

Activity 3-5: Creating User Accounts Using Active Directory Users and Computers Objective: Use Active Directory Users and Computers to make client accounts Start  Administrative Tools  Active Directory Users and Computers Follow headings to make various new client accounts 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 27

User Account Templates A client record that is pre-designed with regular settings Can be replicated to make new client accounts with pre-characterized settings New record is then arranged with definite individual settings 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 28

Activity 3-6: Creating a User Account Template Objective: Create a client account layout and utilize the format to make another client account Start  Administrative Tools  Active Directory Users and Computers Create another client account layout Use a variable that will consequently populate the profile way with the name of client record Follow headings to make and investigate another client account from layout 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Slide 29

Command Line Utilities Some executives favor working from

Recommended
View more...