Client account A type of distinguishing proof for a client on a Windows Server 2003 system.


86 views
Uploaded on:
Category: Music / Dance
Description
Lesson 5: Administering User Accounts. At the point when the client needs to get to an asset, the OS ... To make accounts physically, you utilize the Active Directory Users and Computers console ...
Transcripts
Slide 1

(Skill 1) Planning Strategies for Creating User Accounts User account A type of distinguishing proof for a client on a Windows Server 2003 system Used to manufacture the client ticket (otherwise called a TGT, or Ticket Granting Ticket) Contains a rundown of the Security IDs (SIDs) connected with the client record and all gatherings to which that client record is a part Used to demonstrate that the client record is substantial and to build session tickets

Slide 2

(Skill 1) Planning Strategies for Creating User Accounts (2) When the client needs to get to an asset, the OS sends the client ticket to the space controller with an uncommon Kerberos ask for The session ticket is displayed to the particular PC controlling the assets as a type of ID The asset server thinks about the SIDs in the token or ticket to a Discretionary Access Control List (DACL) on the asset

Slide 3

(Skill 1) Planning Strategies for Creating User Accounts (3) DACLs are made out of Access Control Entries (ACEs) Each ACE contains the SID for a client record or aggregate and the consents connected to it Through this component, an asset figures out what level of access every client record ought to have, and gives an entrance token to the client for the client\'s particular access level

Slide 4

(Skill 1) Planning Strategies for Creating User Accounts (4) You can make client accounts physically or by composing scripts To make accounts physically, you utilize the Active Directory Users and Computers console To script a client account, you should be acquainted with no less than one scripting dialect, for example, VBScript or JScript

Slide 5

(Skill 1) Planning Strategies for Creating User Accounts (5) It is imperative to arrange your client accounts before you really make them Parameters you have to consider while arranging Naming traditions Password necessities Account choices

Slide 6

(Skill 1) Planning Strategies for Creating User Accounts (6) Naming traditions A decent naming tradition makes it simple for clients to recollect their logon names Also accommodates cases in which two clients have the same name Password prerequisites Each client record will normally be appointed a secret key Passwords avoid unapproved access to an area or a PC

Slide 7

(Skill 1) Planning Strategies for Creating User Accounts (7) Account choices It is additionally essential to consider certain properties before you make client accounts Log On To choice indicates the PCs to which a client can sign on Logon Hours segment permits you to determine which hours of the day and days of the week a client can sign on Account Expires segment permits you to predefine when a client record will lapse

Slide 8

(Skill 1) Figure 5-1 Setting client account properties

Slide 9

(Skill 1) Planning Strategies for Creating User Accounts (9) Active Directory Services Interfaces (ADSI) You can utilize ADSI to make scripts ADSI is a completely programmable mechanization object accessible for heads You can likewise make client accounts in clusters from a .csv or a .ldif record utilizing the Csvde.exe or Ldifde.exe utilities

Slide 10

(Skill 2) Creating a Local User Account Local client records Are made so clients can sign on just to a particular PC and access the assets on just that PC all together for a client utilizing a neighborhood client record to get to assets on different PCs, a nearby client account must be made with the same name and watchword on all PCs that the client needs to get to This is on account of nearby client records are put away just in the PC\'s neighborhood security database

Slide 11

(Skill 2) Creating a Local User Account (2) Local client records Are not recreated to area controllers When a client sign on to a PC, the working framework utilizes its nearby security database to confirm the neighborhood client account Similarly, when a client endeavors to get to a workgroup asset, the PC giving the asset utilizes its neighborhood accounts database to verify the client account

Slide 12

(Skill 2) Creating a Local User Account (3) Local client accounts If you make a neighborhood client account on a PC that obliges access to area assets, the client can\'t get to the assets in the area unless an indistinguishable area client record is made In this circumstance, the space does not perceive nearby client accounts Furthermore, the area chairman can\'t oversee nearby client account properties or allot access authorizations to the client for space assets utilizing the nearby PC

Slide 13

(Skill 2) Creating a Local User Account (4) Local client accounts If you have authoritative rights, you can utilize the Local Users and Groups snap in the Computer Management console From this console, you can make, erase, or debilitate nearby client accounts on a neighborhood PC

Slide 14

(Skill 2) Figure 5-2 Local security database

Slide 15

(Skill 2) Figure 5-3 Creating a nearby client account

Slide 16

(Skill 3) Creating a Domain User Account You utilize an area client record to sign on to an area and access system assets You can make an area client account in an OU on an area controller The space controller then imitates the new client account data to all other space controllers in the space After replication, all area controllers in the area will have the capacity to validate the client

Slide 17

(Skill 3) Creating a Domain User Account (2) what\'s more, all trusting areas can now permit the client record to access their assets You utilize the Active Directory Users and Computers console to make space client accounts

Slide 18

(Skill 3) Creating a Domain User Account (3) Logon process A client gives a logon name and secret key (or embeds a brilliant card and gives a PIN) Windows Server 2003 utilizations this data to confirm the client and construct a client ticket that contains the client\'s ID and security settings The motivation behind the client ticket is to recognize the client account to assemble session tickets, which are then used to distinguish the client to the area part PCs An entrance token is produced to permit the client particular levels of access

Slide 19

(Skill 3) Creating a Domain User Account (4) Active Directory space names are typically the full DNS name of the area For in reverse similarity, every area likewise has a pre-Windows 2000 name that is utilized by PCs running pre-Windows 2000 working frameworks This name can be utilized to sign on to a Windows 2000 or Windows Server 2003 area from PCs running Windows 2000 or XP working frameworks

Slide 20

(Skill 3) Figure 5-4 Domain client account

Slide 21

(Skill 3) Figure 5-5 Creating a space client account

Slide 22

(Skill 3) Figure 5-6 Setting a secret key for another space client account

Slide 23

(Skill 3) Creating a Domain User Account (5) Built-in client records are made as a matter of course amid the establishment of Windows Server 2003 Administrator worked in client account Used to perform regulatory undertakings Creating and overseeing client accounts Setting account properties Assigning consents to client records to get to assets Used to access system assets

Slide 24

(Skill 3) Creating a Domain User Account (6) Built-in Guest account Used to give clients access to assets for a brief timeframe Is incapacitated naturally

Slide 25

(Skill 3) Figure 5-7 Summary screen for another space client account

Slide 26

(Skill 4) Setting User Account Properties Every client account you make has an arrangement of default properties you can design Including individual data, logon settings, dial-in settings, and Terminal Services settings for a client The individual properties you characterize for an area client record are valuable when leading client seeks in view of certain data

Slide 27

(Skill 4) Setting User Account Properties (2) Logon settings are utilized to determine the logon hours for a client Dial-in settings for a client record are utilized to indicate if and how a client can make a dial-association from a remote area Terminal Services properties give the capacity to associate with a server from a remote area

Slide 28

(Skill 4) Setting User Account Properties (4) You can spare a ton of time by rounding out the basic fields shared between client accounts in a "layout" record A format record is a crippled record that is utilized as a model for making different records After rounding out the fitting fields, you can right-tap the record and select Copy to make another record with the greater part of your pre-characterized handle officially filled in

Slide 29

(Skill 4) Figure 5-9 Setting client account properties

Slide 30

(Skill 4) Figure 5-10 Specifying logon hours for a client account

Slide 31

(Skill 5) Introducing User Profiles A client profile is an accumulation of information User\'s own information Desktop settings Printer associations Network associations User profiles give a predictable desktop environment every time a client sign on to the PC

Slide 32

(Skill 5) Introducing User Profiles (2) User profiles empower numerous clients to work from the same PC or a solitary client to work from various PCs on a system without changing any of the settings User profiles can be put away on a server so clients can utilize them on any PC running Microsoft Windows NT 4.0 or later They additionally store the application settings for applications that conform to Microsoft\'s product improvement rules

Slide 33

(Skill 5) Introducing User Profiles (3) User profiles are put away in the Documents and Settings envelope, of course, with the sole exemption of servers and customers updated from Windows NT or Windows 9x, in which case they are put away in a \Profiles organizer

Slide 34

(Skill 5) Introducing User Profiles (4) There are three sorts of client profiles Local client profiles Roaming client profiles Mandatory client profiles

Slide 35

(Skill 5) Introducing User Profiles (5) Local client profiles Is restricted to the PC you sign on

Recommended
View more...