Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

Log On

To log on to Active Directory
using your username, password, and
domain name, do this:

Ctrl+Alt+Delete enter your username in the User Name box enter your password choose your domain from the Log On To box OK

To log on to Active Directory using your user logon name or UPN, do
this:

Ctrl+Alt+Delete enter your UPN in the User Name box enter your password OK

When you enter your UPN in the User Name box, the Log On To box grays
out since you are already specifying your domain.

To log on to Active Directory using your downlevel logon name, do
this:

Ctrl+Alt+Delete enter

DOMAIN\username in the User Name box enter your password OK

Here,

DOMAIN is the downlevel name of your
domain. Again, when you enter

DOMAIN\username in
the User Name box, the Log On To box grays out since you are already
specifying your domain.

Log Off

Ctrl+Alt+Delete Log Off

Logging off closes any
foreground applications that are running
on your machine but leaves the operating system and network services
running. This means that other users on the network can still access
resources on the machine if they are shared on the network.

Disable Display of Last Logged-On User

By default, when a user logs
off from a WS2003 computer and
then another user presses Ctrl+Alt+Delete on the same machine, the
username of the first user is automatically displayed in the User
Name box. In high-security environments, this behavior is not
desirable, and you can prevent this from happening using Group
Policy. On a standalone server, do this:

Start Run gpedit.msc OK Computer Configuration Windows Settings Security Settings Local Policies Security Options Interactive logon: Do not display last user name Define this policy setting Enabled

In a domain environment, do it this way:

Active Directory Users and Computers right-click on a domain or OU Properties Group Policy New specify a name select new GPO Edit Configuration Windows Settings Security Settings Local Policies Security Options Interactive logon: Do not display last user name Define this policy setting Enabled

Enable Verbose Logon Messages

You can cause Windows to

display verbose status messages during
logon, logoff, startup, and shutdown. This can sometimes be a
valuable troubleshooting technique when startup, shutdown, or logon
problems occur. On a standalone server, do this:

Start Run gpedit.msc OK Computer Configuration Administrative Templates System Verbose vs normal status messages Enabled

In a domain environment, do it this way:

Active Directory Users and Computers right-click on a domain or OU Properties Group Policy New specify a name select new GPO Edit Computer Configuration Administrative Templates System Verbose vs normal status messages Enabled

This enables verbose messages for all computers in the specified
domain or OU.

Enable Automatic Logon

Start Run regedt32 Enter

Find the following registry
key:

HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

Open the entry named DefaultUserName and type the UPN or downlevel
logon name for the user and click OK. Then open the entry named
DefaultPassword and type the password for the user and click OK. If
the DefaultPassword entry is not present in this registry key, create
it first by Edit new String Value
DefaultPassword Enter

Open the entry named AutoAdminLogon and type the value 1 and click
OK. If the AutoAdminLogon entry is not present in this registry key,
create it first by Edit new String Value
AutoAdminLogon Enter

Close Registry Editor and reboot your computer, and the specified
user should now automatically log on.

You can temporarily bypass automatic logon by holding down Shift after Windows boots.

Enable or Disable Secondary Logon

Secondary logon is
enabled
by default in WS2003, but you can disable it on a standalone machine
by:

Computer Management Services and Applications Services Secondary Logon Properties General Stop Startup type Manual

You can reenable secondary logon by:

Computer Management Services and Applications Services Secondary Logon Properties General Startup type Automatic Start

Use Secondary Logon

To start a program using secondary logon, find the icon, shortcut, or
executable for the program and:

Right-click on program Run as The following user specify username and password

You can also use secondary logon in a command prompt session; see
runas in Chapter 5 for more
information.

Change Your Password

Ctrl+Alt+Delete Change Password

You must know your old

password
before you can specify a new one.

Reset Password for a User Account

Active Directory Users and Computers right-click on a user Reset Password

Specify the new password,

then
select "User must change password at next
logon" if you want users to manage their own
passwords. You may have to reset a user's password
if the user has forgotten it or if the password has expired before
the user has had a chance to change it.