70-270: MCSE Guide to Microsoft Windows XP Professional

1

Windows XP Professional User Accounts

• Designed for use as a network client for:• Windows NT

• Windows 2000

• Windows Server 2003

• Member of a workgroup• Standalone operating system

70-270: MCSE Guide to Microsoft Windows XP Professional

2

Types of Windows XP Professional User Accounts

• Local user account• Exists on a single computer

• No domain access

• Domain user account• Exists throughout a domain

• Can be used on any domain member computer

70-270: MCSE Guide to Microsoft Windows XP Professional

3

How Accounts Interact with a Windows XP Professional System

• Standalone system, automatic logon• Standalone system• Workgroup member• Domain network client

70-270: MCSE Guide to Microsoft Windows XP Professional

4

Supporting More Than One User

• Multiple-user systems• Implemented through:

• Groups

• Resources

• Policies

• Profiles

70-270: MCSE Guide to Microsoft Windows XP Professional

5

Types of Logon

• Logon authentication has two purposes:• Maintain security

• Track computer usage

70-270: MCSE Guide to Microsoft Windows XP Professional

6

Windows Welcome Logon Method

• Completely new logon method• Designed for use on standalone or workgroup

member systems• List of user accounts with icons• Fast User Switching,

• Switch users without logoff

70-270: MCSE Guide to Microsoft Windows XP Professional

7

Classic Logon Method

• Press Ctrl+Alt+Delete to access WinLogon security dialog box

• Required for domain member systems

70-270: MCSE Guide to Microsoft Windows XP Professional

8

Logging On to Windows XP

• XP automatically creates accounts• Administrator

• Guest

70-270: MCSE Guide to Microsoft Windows XP Professional

9

Administrator

• Most powerful user account possible• Unlimited access and unrestricted privileges• Must be protected from misuse

• Complicated password should be used

• Should rename this account

70-270: MCSE Guide to Microsoft Windows XP Professional

10

Administrator (continued)

• Characteristics:• Cannot be deleted

• Cannot be locked out

• Can be disabled

• Can have a blank password (however, this is not recommended)

• Can be renamed (which is recommended)

• Cannot be removed from the Administrators local group

70-270: MCSE Guide to Microsoft Windows XP Professional

11

Guest

• One of the least privileged user accounts• Limited access to resources and computer activities• Should rename account• Member of the Everyone group• Recommended to leave the Guest account disabled

70-270: MCSE Guide to Microsoft Windows XP Professional

12

Guest (continued)

• Characteristics:• Cannot be deleted

• Can be locked out

• Can be disabled (it is disabled by default)

• Can have a blank password (it is blank by default)

• Can be renamed (which is recommended)

• Can be removed from the Guests local group

70-270: MCSE Guide to Microsoft Windows XP Professional

13

Naming Conventions

• Predetermined process for creating names on network or standalone system

• Should incorporate a scheme for:• User accounts

• Computers

• Directories

• Network shares

• Printers

• Servers

70-270: MCSE Guide to Microsoft Windows XP Professional

14

Managing Local User Accounts

• Two types:• Local representations of domain/network user accounts

• Created from scratch locally

• User Accounts applet• Used to create local representation

• Local Users and Groups snap-in• Used to create accounts from scratch

70-270: MCSE Guide to Microsoft Windows XP Professional

15

User Accounts Applet

• Users tab• Lists active users

• Add New User wizard to add users

• Advanced tab• Access to

• Password and passport management

• Advanced user management

• Secure logon settings

70-270: MCSE Guide to Microsoft Windows XP Professional

16

Local Users and Groups

• Create and manage local users• Console tree nodes:

• Users

• Groups

70-270: MCSE Guide to Microsoft Windows XP Professional

17

Planning Groups and System Groups

• Plan how to manage groups• Pair groups with resources for administrative control• Ongoing administrative task:

• Adding and removing users from groups

70-270: MCSE Guide to Microsoft Windows XP Professional

18

Working with Groups You’ve Made

• Must have a Windows NT, 2000, or Server 2003 in client/server environment

• Resource• Has local groups assigned to it

• Global user groups• Assigned to local resource groups

• Users• Assigned to global groups

70-270: MCSE Guide to Microsoft Windows XP Professional

19

Assigning users access to resources using groups

70-270: MCSE Guide to Microsoft Windows XP Professional

20

Working with Default Groups

• Administrators• Backup Operators• Guests• Network Configuration Operators• Power Users

70-270: MCSE Guide to Microsoft Windows XP Professional

21

Working with Default Groups (continued)

• Remote Desktop Users• Replicator• Users• HelpServicesGroup

70-270: MCSE Guide to Microsoft Windows XP Professional

22

Working with System Groups and Other Important Groups

• Built-in system-controlled groups• Preexisting groups• Cannot be edited• Used by system to control or place restrictions on

specific groups of users based on activities

70-270: MCSE Guide to Microsoft Windows XP Professional

23

Windows XP as a Domain Client

• Can serve as a client to an Active Directory domain• Centralized control of user accounts and overall

security• Resources centrally located • Management of access easier than a workgroup

network

70-270: MCSE Guide to Microsoft Windows XP Professional

24

User Profiles

• Collection of desktop and environmental configurations

• Computer maintains profile for each user• Material such as:

• Application data

• My Documents

• Cookies

• Etc.

70-270: MCSE Guide to Microsoft Windows XP Professional

25

Local Profiles

• Set of specifications and preferences • For an individual user• Stored on local machine

• Reside in the %username% subdirectory beneath the \Documents and Settings directory

• Set up by example • Saved on logout

70-270: MCSE Guide to Microsoft Windows XP Professional

26

Roaming Profiles

• Resides on a network server• Automatically downloaded to any system when user

logs on• Default path designation:

• \\computername\username

70-270: MCSE Guide to Microsoft Windows XP Professional

27

Troubleshooting Cached Credentials

• Automatically caches user’s credentials in the Registry • When domain logon or .NET Passport logon is performed

• Can be disabled:• Enable the group policy setting of Interactive logon

• Set the cachedlogonscount Registry value to 0

70-270: MCSE Guide to Microsoft Windows XP Professional

28

Files and Settings Transfer Wizard

• Move data files and personal desktop settings from another computer to new Windows XP Professional system

• Must have some sort of network connection between the two systems

• Transfer files from Windows 95, 98, SE, Me, NT, 2000, or XP systems

• Transfer process can take considerable time

70-270: MCSE Guide to Microsoft Windows XP Professional

29

User State Migration Tool (USMT)

• Supports migration to user data from Windows 9x, Windows NT Workstation 4.0, and Windows 2000 Professional to a Windows XP Professional system

• Able to transfer the same files and settings that the Files and Settings Transfer Wizard can

• Fully configurable and scriptable

70-270: MCSE Guide to Microsoft Windows XP Professional

30

User State Migration Tool (USMT) (continued)

• Two command-line utilities:• ScanState

• LoadState

• Read instructions and control parameters from INF files

• ScanState • Used to create a backup of the user data

• LoadState• Used to copy the data onto new target system