<p/>
<A NAME="361"><H1>Lesson 4: Setting Properties for User Accounts</H1></A>
<p/>A set of default properties is associated with each local user account that you create. After you create a local user account, you can configure these account properties. A user's Properties dialog box has three tabs that contain information about each user account: the General tab, the Member Of tab, and the Profile tab.<p/>
<font class=Quote>After this lesson, you will be able to</font>
<p/>Set properties for user accounts.<p/>
<p/><font class=Quote>Estimated lesson time: 15 minutes</font><p/><p/><A NAME="362"><h2>The General Tab in a User Account's Properties</H2></A>
<p/>The General tab in the Properties dialog box for a user account (see Figure 10.5) allows you to set or edit all the fields from the New User dialog box, except for User Name, Password, and Confirm Password. It also provides one additional check box: Account Is Locked Out.<p/>
<p/><font class=Quote>Figure 10.5</font> The General tab of a user's Properties dialog box
<p/>You can't select the Account Is Locked Out check box because it is unavailable when the account is active and not locked out of the system. The system locks out a user if he or she exceeds the limit set on the number of failed logon attempts. This is a security feature to make it more difficult for an unauthorized user to break into the system. If an account has been locked out by the system, the Account Is Locked Out check box becomes available and an administrator can clear the check box to allow the user access to the system.<p/><A NAME="363"><h2>The Member Of Tab in a User Account's Properties</H2></A>
<p/>The Member Of tab in the Properties dialog box for a user account allows you to add the user account to or remove the user account from a group. For information on groups, see <a class="libraryIndexlink" href="index.aspx?pid=31159&BookID=23933&PageIndex=60&Language=3">Chapter 11</A>, "Setting Up and Managing Groups."<p/><A NAME="364"><h2>The Profile Tab in a User Account's Properties</H2></A>
<p/>The Profile tab in the Properties dialog box for a user account allows you to set a path for the user profile, logon script, and home folder (see Figure 10.6).<p/>
<p/><font class=Quote>Figure 10.6</font> The Profile tab of a user's Properties dialog box
<p/><A NAME="365"><h2>User Profile</h2></A>
<p/>A user profile is a collection of folders and data that stores the user's current desktop environment and application settings, as well as personal data. A user profile also contains all of the network connections that are established when a user logs on to a computer, such as Start-menu items and mapped drives to network servers. User profiles maintain consistency for users in their desktop environments by providing each user the same desktop environment that he or she had the last time that he or she logged on to the computer.<p/>Windows 2000 creates a user profile the first time that a user logs on at a computer. After the user logs on for the first time, Windows 2000 stores the user profile on that computer. This user profile is also known as a local user profile.<p/>User profiles operate in the following manner:<p/>
<p/>When a user logs on to a client computer running Windows 2000, the user always receives his or her individual desktop settings and connections, regardless of how many users share the same client computer.<p/>The first time that a user logs on to a client computer running Windows 2000, Windows 2000 creates a default user profile for the user and stores it in the system partition root\Documents and Settings\user_logon_name folder (typically C:\Documents and Settings\user_logon_name), where user_logon_name is the name the user enters when logging on to the system.<p/>A user profile contains the My Documents folder, which provides a place for users to store personal files. My Documents is the default location for the File Open and Save As commands. By default, Windows 2000 creates a My Documents icon on the user's desktop. This makes it easier for users to locate their personal documents.<p/>A user can change his or her user profile by changing desktop settings. For example, a user makes a new network connection or adds a file to My Documents. Then, when the user logs off, Windows 2000 incorporates the changes into the user profile. The next time the user logs on, the new network connection and the file are present.<p/>
<p/><font class=Quote>NOTE</font>
You should have users store their documents in My Documents rather than in home directories. Home directories are covered later in this chapter. Windows 2000 automatically sets up My Documents, and it is the default location for storing data for Microsoft applications.
<p/>By opening the System program in Control Panel and clicking the User Profiles tab, an administrator can easily copy, delete, or change the type of a user profile. Changing the type for user profiles allows an administrator to change it from a local user profile, which sets up the user's desktop environment on a specific computer, to a roaming user profile. A roaming user profile is especially helpful in a domain environment, because it follows the user around, setting up the same desktop environment for the user no matter what computer the user logs on to in the domain.<p/>There is a third type of user profile, the mandatory user profile, which is a read-only roaming user profile. When the user logs off, Windows 2000 does not save any changes made during the session, so the next time the user logs on the profile is exactly the same as the last time the user logged on. You can create a mandatory user profile for a specific user or to be used with a group of users.<p/><font class=Quote>NOTE</font>
A hidden file called Ntuser.dat contains the section of the Windows 2000 system settings that applies to the individual user account and contains the user environment settings. Create a user account that you can use to create user profiles. Log on as the user you created, and configure all the desktop environment settings you want. Log on as administrator and locate the Ntuser.dat file in C:\Documents and Settings\user_logon_name. You make the profile a mandatory roaming user profile by changing its name to Ntuser.man. You can then copy this file to apply the mandatory user profile to any other user or group.<p/><A NAME="366"><h2>Logon Script</h2></A>
<p/>A logon script is a file you can create and assign to a user account to configure the user's working environment. For example, a login script can be used to establish network connections or start applications. Each time a user logs on, the assigned logon script is run.<p/><A NAME="367"><h2>Home Folder</h2></A>
<p/>In addition to the My Documents folder, Windows 2000 provides you with the means to create another location for users to store their personal documents. This additional location is the user's home folder. You can store a home folder on a client computer or in a shared folder on a file server. In fact, you can locate all users' home folders in a central location on a network server.<p/>Storing all home folders on a file server provides the following advantages:<p/>
<p/>Users can gain access to their home folders from any client computer on the network.<p/>The backing up and administration of user documents is centralized.<p/>The home folders are accessible from a client computer running any Microsoft operating system (including MS-DOS, Windows 95, Windows 98, and Windows 2000).<p/>
<p/><font class=Quote>NOTE</font>
Store home folders on an NTFS file system volume so that you can use NTFS permissions to secure user documents. If you store home folders on a FAT volume, you can restrict home folder access only by using shared folder permissions.
<p/>To create a home folder on a network file server, you must perform the following three tasks:<p/>
<p/>Create and share a folder in which to store all home folders on a network server. The home folder for each user will reside in this shared folder.<p/>For the shared folder, remove the default Full Control permission from the Everyone group and assign Full Control to the Users group. This ensures that only users with domain user accounts can gain access to the shared folder.<p/>Provide the path to the user's home folder in the shared home directory folder on the Profile tab of the Properties dialog box for the user account. Since the home folder is on a network server, click Connect and specify a drive letter to use to connect. In the To box, you would specify a UNC name—for example, \\server_name\shared_folder_name\user_logon_name. Type the username variable as the user's logon name to automatically name each user's home folder the user logon name (for example, type <font class=Quote>\\server_name\Users\%username%</font>).<p/>If you use the username variable to name a folder on an NTFS volume, the user is assigned the NTFS Full Control permission, and all other permissions are removed for the folder, including those for the Administrator account.<p/>
<p/>You can set User Account Properties by doing the following:<p/>
<p/>On the Administrative Tools menu, click Computer Management.<p/>Right-click the appropriate local user account, and then click Properties.<p/>Click the appropriate tab for the properties that you want to enter or change, and then enter values for each property.<p/>
<p/>
<p/><A NAME="368"><h2>Practice: Modifying User Account Properties</H2></A>
<p/>In this practice, you will modify user account properties. Then you will test them.<p/><A NAME="369"><h2>Exercise 1: Testing Account Properties</h2></A>
<p/>In this exercise, you will again test the User Must Change Password At Next Logon property that you configured when you created users in the previous Practice. You will then set the User Cannot Change Password Account property on User1 and the Account Is Disabled property on User2, and then test these account properties.<p/><font class=Quote>To test User Must Change Password At Next Logon Property</font><p/>
<p/>If a user is currently logged on to your computer, log that user off.<p/>Log on to the system as User3. Remember to use this user's password: User3.<p/>Windows 2000 displays a Logon Message dialog box indicating that you are required to change your password at first logon.<p/>Click OK.<p/>Windows 2000 displays a Change Password dialog box. Notice that the password you just typed is in the Old Password box.<p/>Type <font class=Quote>password</font> in both the New Password box and in the Confirm New Password box.<p/>Click OK.<p/>Windows 2000 displays a Change Password dialog box indicating that your password has been changed.<p/>Click OK.<p/>
<A NAME="370"><h2>Exercise 2: Setting User Account Properties</h2></A>
<p/>In this exercise, you will set and then test the User Cannot Change Password property.<p/><font class=Quote>To set the User Cannot Change Password Property</font><p/>
<p/>Log off as User3.<p/>Log on as Administrator.<p/>Start Computer Management from the Administrative Tools menu.<p/>Expand Local Users And Groups, and then click Users.<p/>Windows 2000 displays the users in the details pane.<p/>Right-click User1 and then click Properties.<p/>The User1 Properties dialog box appears.<p/>Select User Cannot Change Password.<p/>The User Cannot Change Password check box should contain a check mark, indicating that it is selected. Notice that the User Must Change Password At Next Logon check box is now unavailable.<p/>Click OK to close the User1 Properties dialog box.<p/>Right-click User2, and then select Properties.<p/>The User2 Properties dialog box appears.<p/>Select Account Is Disabled.<p/>The Account Is Disabled check box should contain a check mark, indicating that it is selected.<p/>Click OK to close the User2 Properties dialog box, close Computer Management, and then log off the computer.<p/>
<p/><font class=Quote>To test User Account Properties</font><p/>
<p/>Log on as User1 with a password of password.<p/>Press Ctrl+Alt+Delete.<p/>Windows 2000 displays the Windows Security dialog box.<p/>Click Change Password.<p/>The Change Password dialog box appears.<p/>Type <font class=Quote>password</font> in the Old Password box, and then type <font class=Quote>User1</font> in the New Password and the Confirm New Password boxes.<p/>Click OK.<p/>A Change Password dialog box appears indicating that you do not have permission to change your password.<p/>Click OK.<p/>Click Cancel to close the Change Password dialog box.<p/>Log off as User1 and then log on as User2 with no password.<p/>A Logon Message dialog box appears, indicating that your account has been disabled.<p/>Click OK to close the Logon Message dialog box.<p/>
<A NAME="371"><h2>Lesson Summary</H2></A>
<p/>In this lesson, you learned that a set of default properties is associated with each local user account that you create. These properties include whether users can change their own password, whether users are required to change their password at the next logon, and whether the account is disabled. The Computer Management snap-in allows you to easily configure or modify these account properties.<p/>In the practice portion of this lesson, you were able to configure account properties, including prohibiting users from changing their passwords and disabling a user account. Finally, you tested these properties to verify that they worked as expected.<p/> - Microsoft Windows 1002000 Professional [Electronic resources] نسخه متنی
A set of default properties is associated with each local user account that you create. After you create a local user account, you can configure these account properties. A user's Properties dialog box has three tabs that contain information about each user account: the General tab, the Member Of tab, and the Profile tab. After this lesson, you will be able to
Set properties for user accounts. Estimated lesson time: 15 minutes
The General tab in the Properties dialog box for a user account (see Figure 10.5) allows you to set or edit all the fields from the New User dialog box, except for User Name, Password, and Confirm Password. It also provides one additional check box: Account Is Locked Out. Figure 10.5 The General tab of a user's Properties dialog box You can't select the Account Is Locked Out check box because it is unavailable when the account is active and not locked out of the system. The system locks out a user if he or she exceeds the limit set on the number of failed logon attempts. This is a security feature to make it more difficult for an unauthorized user to break into the system. If an account has been locked out by the system, the Account Is Locked Out check box becomes available and an administrator can clear the check box to allow the user access to the system.
The Member Of tab in the Properties dialog box for a user account allows you to add the user account to or remove the user account from a group. For information on groups, see Chapter 11, "Setting Up and Managing Groups."
The Profile tab in the Properties dialog box for a user account allows you to set a path for the user profile, logon script, and home folder (see Figure 10.6). Figure 10.6 The Profile tab of a user's Properties dialog box
A user profile is a collection of folders and data that stores the user's current desktop environment and application settings, as well as personal data. A user profile also contains all of the network connections that are established when a user logs on to a computer, such as Start-menu items and mapped drives to network servers. User profiles maintain consistency for users in their desktop environments by providing each user the same desktop environment that he or she had the last time that he or she logged on to the computer.Windows 2000 creates a user profile the first time that a user logs on at a computer. After the user logs on for the first time, Windows 2000 stores the user profile on that computer. This user profile is also known as a local user profile.User profiles operate in the following manner: When a user logs on to a client computer running Windows 2000, the user always receives his or her individual desktop settings and connections, regardless of how many users share the same client computer.The first time that a user logs on to a client computer running Windows 2000, Windows 2000 creates a default user profile for the user and stores it in the system partition root\Documents and Settings\user_logon_name folder (typically C:\Documents and Settings\user_logon_name), where user_logon_name is the name the user enters when logging on to the system.A user profile contains the My Documents folder, which provides a place for users to store personal files. My Documents is the default location for the File Open and Save As commands. By default, Windows 2000 creates a My Documents icon on the user's desktop. This makes it easier for users to locate their personal documents.A user can change his or her user profile by changing desktop settings. For example, a user makes a new network connection or adds a file to My Documents. Then, when the user logs off, Windows 2000 incorporates the changes into the user profile. The next time the user logs on, the new network connection and the file are present. NOTE You should have users store their documents in My Documents rather than in home directories. Home directories are covered later in this chapter. Windows 2000 automatically sets up My Documents, and it is the default location for storing data for Microsoft applications. By opening the System program in Control Panel and clicking the User Profiles tab, an administrator can easily copy, delete, or change the type of a user profile. Changing the type for user profiles allows an administrator to change it from a local user profile, which sets up the user's desktop environment on a specific computer, to a roaming user profile. A roaming user profile is especially helpful in a domain environment, because it follows the user around, setting up the same desktop environment for the user no matter what computer the user logs on to in the domain.There is a third type of user profile, the mandatory user profile, which is a read-only roaming user profile. When the user logs off, Windows 2000 does not save any changes made during the session, so the next time the user logs on the profile is exactly the same as the last time the user logged on. You can create a mandatory user profile for a specific user or to be used with a group of users.NOTE A hidden file called Ntuser.dat contains the section of the Windows 2000 system settings that applies to the individual user account and contains the user environment settings. Create a user account that you can use to create user profiles. Log on as the user you created, and configure all the desktop environment settings you want. Log on as administrator and locate the Ntuser.dat file in C:\Documents and Settings\user_logon_name. You make the profile a mandatory roaming user profile by changing its name to Ntuser.man. You can then copy this file to apply the mandatory user profile to any other user or group.
A logon script is a file you can create and assign to a user account to configure the user's working environment. For example, a login script can be used to establish network connections or start applications. Each time a user logs on, the assigned logon script is run.
In addition to the My Documents folder, Windows 2000 provides you with the means to create another location for users to store their personal documents. This additional location is the user's home folder. You can store a home folder on a client computer or in a shared folder on a file server. In fact, you can locate all users' home folders in a central location on a network server.Storing all home folders on a file server provides the following advantages: Users can gain access to their home folders from any client computer on the network.The backing up and administration of user documents is centralized.The home folders are accessible from a client computer running any Microsoft operating system (including MS-DOS, Windows 95, Windows 98, and Windows 2000). NOTE Store home folders on an NTFS file system volume so that you can use NTFS permissions to secure user documents. If you store home folders on a FAT volume, you can restrict home folder access only by using shared folder permissions. To create a home folder on a network file server, you must perform the following three tasks: Create and share a folder in which to store all home folders on a network server. The home folder for each user will reside in this shared folder.For the shared folder, remove the default Full Control permission from the Everyone group and assign Full Control to the Users group. This ensures that only users with domain user accounts can gain access to the shared folder.Provide the path to the user's home folder in the shared home directory folder on the Profile tab of the Properties dialog box for the user account. Since the home folder is on a network server, click Connect and specify a drive letter to use to connect. In the To box, you would specify a UNC name—for example, \\server_name\shared_folder_name\user_logon_name. Type the username variable as the user's logon name to automatically name each user's home folder the user logon name (for example, type \\server_name\Users\%username%).If you use the username variable to name a folder on an NTFS volume, the user is assigned the NTFS Full Control permission, and all other permissions are removed for the folder, including those for the Administrator account. You can set User Account Properties by doing the following: On the Administrative Tools menu, click Computer Management.Right-click the appropriate local user account, and then click Properties.Click the appropriate tab for the properties that you want to enter or change, and then enter values for each property.
In this exercise, you will again test the User Must Change Password At Next Logon property that you configured when you created users in the previous Practice. You will then set the User Cannot Change Password Account property on User1 and the Account Is Disabled property on User2, and then test these account properties.To test User Must Change Password At Next Logon Property If a user is currently logged on to your computer, log that user off.Log on to the system as User3. Remember to use this user's password: User3.Windows 2000 displays a Logon Message dialog box indicating that you are required to change your password at first logon.Click OK.Windows 2000 displays a Change Password dialog box. Notice that the password you just typed is in the Old Password box.Type password in both the New Password box and in the Confirm New Password box.Click OK.Windows 2000 displays a Change Password dialog box indicating that your password has been changed.Click OK.
In this exercise, you will set and then test the User Cannot Change Password property.To set the User Cannot Change Password Property Log off as User3.Log on as Administrator.Start Computer Management from the Administrative Tools menu.Expand Local Users And Groups, and then click Users.Windows 2000 displays the users in the details pane.Right-click User1 and then click Properties.The User1 Properties dialog box appears.Select User Cannot Change Password.The User Cannot Change Password check box should contain a check mark, indicating that it is selected. Notice that the User Must Change Password At Next Logon check box is now unavailable.Click OK to close the User1 Properties dialog box.Right-click User2, and then select Properties.The User2 Properties dialog box appears.Select Account Is Disabled.The Account Is Disabled check box should contain a check mark, indicating that it is selected.Click OK to close the User2 Properties dialog box, close Computer Management, and then log off the computer. To test User Account Properties Log on as User1 with a password of password.Press Ctrl+Alt+Delete.Windows 2000 displays the Windows Security dialog box.Click Change Password.The Change Password dialog box appears.Type password in the Old Password box, and then type User1 in the New Password and the Confirm New Password boxes.Click OK.A Change Password dialog box appears indicating that you do not have permission to change your password.Click OK.Click Cancel to close the Change Password dialog box.Log off as User1 and then log on as User2 with no password.A Logon Message dialog box appears, indicating that your account has been disabled.Click OK to close the Logon Message dialog box.
In this lesson, you learned that a set of default properties is associated with each local user account that you create. These properties include whether users can change their own password, whether users are required to change their password at the next logon, and whether the account is disabled. The Computer Management snap-in allows you to easily configure or modify these account properties.In the practice portion of this lesson, you were able to configure account properties, including prohibiting users from changing their passwords and disabling a user account. Finally, you tested these properties to verify that they worked as expected.
لطفا منتظر باشید ...
