Managing User Accounts,

Passwords and Logon

Chapter 5

powered by dj

Chapter Objectives

Work with User Accounts

Set a logon Passwords

Manage logon process

Configure Parental Control

Explain User Privileges

Configure User Access Control

Work with User account Control (UAC)

powered by dj

Recall

Screen resolution is measured in pixels, where each pixel represents a tiny lighted dot on the screen

The Instant search is used to search any application instantly. The application can be opened from the categorized list

Windows Aero is a more visually dynamic feature of Windows Vista

Sidebars is displays at the right side of the monitor. It contains some mini program called Gadgets

Tablet PCs are mobile PCs. It uses a pen device to enter data rather then keyboard

powered by dj

Working with User Account

Establish a relationship between a user and a computer, network or an information service

Consist of username and password

Provides Windows with the information about a particular user and the files and folders that can be accessed by that user

Allow the user to make the appropriate changes to suit their personal preferences

powered by dj

Practical Activity: Demonstrate the procedure to create a new user account through User Accounts options of Control Panel and Computer management tool. (20 min)

powered by dj

Types of User Accounts

Standard Accounts – It is required and used for everyday computing experience

Administrator Accounts – Member of the Administrators group are classified as administrator accounts

Guest Account – It is used and created for users who need temporary access to the computer or network of computers

powered by dj

Practical Activity: Demonstrate the procedure to change the account name and type. (10 min)

powered by dj

Implementing User Accounts on a Shared Computer Controlling Logins

Except one account change all other user accounts to standard accounts

Protecting all accounts with passwords

Restricting logon times

Restricting access to certain files and folders

powered by dj

Practical Activity: Demonstrate the procedure to enable and disable the Guest Account through User Accounts option of Control Panel. Demonstrate the procedure to delete an unknown account. (15 min)

powered by dj

Implementing User Accounts on a Shared Computer Restricting the amount of disk space available for

each user

Turning on the Guest account only when necessary

powered by dj

Practical Activity: Demonstrate the procedure to enable and disable the Guest Account through User Accounts option of Control Panel. Demonstrate the procedure to delete an unknown account. (15 min)

powered by dj

Setting a Logon Password

It acts as a defensive mechanism against unauthorized access to your files and folders

Guideline to create a secure password: Use at least eight characters

Use a mixture of numbers, punctuations, special characters, uppercase letters and lowercase letters

Avoid using your name or your username

Use random sequences instead of straight words, or intersperse numbers and punctuation between words

powered by dj

Practical Activity: Demonstrate the procedure to set, change and remove a password. (15 min)

powered by dj

Recovering from a Lost Password

Use when you may not remember your password

Tools for password Recovery:

Password hint

Password Reset Disk

powered by dj

Practical Activity: Demonstrate the procedure to create a password reset disk. Ask the students to perform the procedure to use a password reset disk. (15 min)

powered by dj

Enforcing Secure Password Practices

Use passwords which are difficult to crack by intruders

Change the password periodically

Set password policies to enforce password history, maximum password age, minimum password age, minimum password length, password meeting complexity requirements and store password using reversible encryption for all users in the domain

powered by dj

Practical Activity: Demonstrate the procedure to set password policies for minimum password length and password with complexity. (10 min)

powered by dj

Managing Logon Process

There is no difference in the logon experience when a user logs in to a domain, workgroup or a network

Skip the Ctrl+Alt+Delete Requirement to Logon

Bypassing Logon screen

Logging Off, Switching Users or Locking your computer

powered by dj

Practical Activity: Demonstrate the procedure to skip the Ctrl+Alt+Delete requirement and to set auto logon for a user. (4 min)

powered by dj

Parental Control

It protect children and young adult from certain websites, play games or accessing certain materials on the Internet

Parental controls can be configured for standard user accounts, administrators as well as for domain user accounts

powered by dj

Practical Activity: Demonstrate the procedure to configure Parental Controls. (10 min)

powered by dj

Parental Control

Parental Control features:

Restricting Access to Websites

Restricting Logon Hours

Controlling Access to Games

Blocking Specific Programs

Monitoring User Activities

powered by dj

Practical Activity: Demonstrate the procedure to restrict access to websites and logon hours. Demonstrate the procedure to control access to games and block access to specific programs (25min).

powered by dj

Dealing with User Account Control (UAC)

Restricts unauthorized changes

Task performed into two different groups

Standard

Administrator

The default user account is also known as Admin Approval mode

Application requires full administrator access

powered by dj

Practical Activity: Demonstrate the procedure to configure UAC settings. Ask the students to perform the procedure to change the elevation prompting behavior for standard users and disable the UAC. Ask the students to perform the procedure to disable secure desktop.(10 min)

powered by dj

Configuring User Access Control using Local Security Policies I

Admin Approval mode for Built-in Administrator Account

Behavior of elevation prompt in Admin Approval mode Prompt For Consent

Prompt For Credentials

Elevate Without Prompting

Behavior of the elevation prompt for standard users Prompt For Credentials

Automatically Deny Elevation Requests

powered by dj

Practical Activity: Demonstrate the procedure to troubleshoot UAC. (5 min)

powered by dj

Configuring User Access Control using Local Security Policies I

Detect application installations and prompt for elevation Enabled

Disabled

Only elevate executables that are signed and validated

Enabled

Disabled

Only elevate UIAccess applications that are installed in secure locations

powered by dj

Configuring User Access Control using Local Security Policies II Run all applications in Admin Approval mode

Control Switch to the Secure Desktop when prompting for elevation

Virtualized file and registry write failures to per- user locations

powered by dj

Running User Accounts as Standard User

Increases the security level by allowing administrator accounts as standard users

If the UAC is not used still a user who is logged as an administrator can install software without receiving a prompt or warning

Windows vista offer Admin Approval Mode

The Admin Approval mode requires administrator’s credentials to approve installations

powered by dj

Elevating User Privileges

UAC provides the user with an option to perform an administrator task

The four types of accounts are:

Built-in Administrator account

Administrator account

Standard Account

Built-in Guest account

powered by dj

User group and profile Group is a collection of users, computers or contact

Used for security in which it allows accessing the granted rights and permissions

User profile is a collection of settings that make the computer look and work the way user wants

The Groups folder is placed in Local Users and Groups Microsoft Management Console

The user rights are assigned in the local security policy

powered by dj

Practical Activity: Demonstrate the procedure to create a Local group. (5 min)

powered by dj

Summary I

User Accounts are required to establish a relationship between a user and a computer, network or an information service

User accounts settings can be changed by a user as and when required

Guest account is allotted to temporary users. This particular account is used to logon to the system without providing a password

The secured settings ensure protecting users data from unintentional deletions, changes as well as theft

powered by dj

Summary II

The Local security policy can be used to directly modify Account and local policies, Public key policies and IP security policy for your local computer

Setting a logon password to a user account is mandatory as it acts as a defensive mechanism against unauthorized access to your files and folders

You can set a password by pressing Ctrl+Alt+Delete which displays a screen wherein you can click Change password and then set the appropriate password

powered by dj

Summary III

Incase, you forget your password you can create a password reset disk which can be made only for a local or a stand alone computer. It cannot be created if your computer is joined to a domain

You can have only one password reset disk for a user account

Password history, minimum password age, minimum password age, length, complexity requirements and saving password with reversible encryption can be set as per requirements

powered by dj

Summary IV

The Ctrl+Alt+Delete and the logon screens can be bypassed if a user is bothered by it

User Account Control (UAC) is a technology and security feature which offers better security to a standard user while using Windows

The logon hours, access to games, blocking specific programs, monitoring user activities can be taken care of as and when required by using the Parental Control option

powered by dj