<p/> <BODY bgcolor="#ffffff" text="#000000"> <a class="libraryIndexlink" href="index.aspx?pid=31159&BookID=23931&PageIndex=54&Language=3">[Previous]</A> <a class="libraryIndexlink" href="index.aspx?pid=31159&BookID=23931&PageIndex=56&Language=3">[Next]</A><p/><A NAME="346"><H1>Lesson 1: Understanding User Accounts</H1></A> <p/>Microsoft Windows 2000 provides three different types of user accounts: local user accounts, domain user accounts, and built-in user accounts. A <i>local user account</i> allows a user to log on to a specific computer to gain access to resources on that computer. A <i>domain user account</i> allows a user to log on to the domain to gain access to network resources. A <i>built-in user account</i> allows a user to perform administrative tasks or to gain access to local or network resources.<p/><blockquote> <b>After this lesson, you will be able to</b> <ul> <p/><li>Describe the role and purpose of user accounts.</li><p/></ul> <p/><b>Estimated lesson time: 10 minutes</b><p/></blockquote><p/><A NAME="347"><H2>Local User Accounts</H2></A> <p/>Local user accounts allow users to log on at and gain access to resources only on the computer where you create the local user account. When you create a local user account, Windows 2000 creates the account <i>only</i> in that computer's security database, which is called the <i>local security database,</i> as shown in Figure 10.1. Windows 2000 doesn't replicate local user account information to any other computer. After the local user account exists, the computer uses its local security database to authenticate the local user account, which allows the user to log on to that computer.<p/><A HREF="'F10tk01x')"> <img src="/image/library/english/10219_F10tk01.JPG" width=404 height=311 border=0 > </A> <p/><!-- caption --><b>Figure 10.1</b> <i>Characteristics of local user accounts</i><!-- /caption --> <p/>If you have a workgroup that consists of five computers running Windows 2000 Professional and you create a local user account&#8212;for example, User1 on Computer1&#8212;you can log on to Computer1 only with the User1 account. If you need to be able to log on to all five of the computers in the workgroup as User1, you must create a local user account, User1, on each of the five computers. Furthermore, if you decide to change the password for User1, you must change the password for User1 on each of the five computers because each of these computers maintains its own local security database.<p/><blockquote><b>NOTE</b><HR> Do not create local user accounts on computers running Windows 2000 that are part of a domain because the domain doesn't recognize local user accounts. Therefore, the user is unable to gain access to resources in the domain and the domain administrator is unable to administer the local user account properties or assign access permissions for domain resources. </blockquote><p/><A NAME="348"><H2>Domain User Accounts</H2></A> <p/>Domain user accounts allow users to log on to the domain and gain access to resources anywhere on the network. The user provides his or her password and user name during the logon process. By using this information, Windows 2000 authenticates the user and then builds an access token that contains information about the user and security settings. The access token identifies the user to computers running Windows 2000 on which the user tries to gain access to resources. Windows 2000 provides the access token for the duration of the logon session.<p/><blockquote><b>NOTE</b><HR> You can have domain user accounts only if you have a domain. You can have a domain only if you have at least one computer running one of the Windows 2000 Server products that is configured as a domain controller, which has the directory services based on Active Directory techology installed. </blockquote><p/>You create a domain user account in the copy of the Active Directory database (the Directory) on a domain controller, as shown in Figure 10.2. The domain controller replicates the new user account information to all domain controllers in the domain. After Windows 2000 replicates the new user account information, all of the domain controllers in the domain tree can authenticate the user during the logon process.<p/><A HREF="'F10tk02x')"> <img src="/image/library/english/10219_F10tk02.JPG" width=404 height=323 border=0 > </A> <p/><!-- caption --><b>Figure 10.2</b> <i>Characteristics of domain user accounts</i><!-- /caption --> <p/><A NAME="349"><H2>Built-In User Accounts</H2></A> <p/>Windows 2000 automatically creates accounts called <i>built-in accounts.</i> Two commonly used built-in accounts are Administrator and Guest.<p/><A NAME="350"><H3>Administrator</H3></A> <p/>Use the built-in Administrator account to manage the overall computer. If your computer is part of a domain, use the built-in Administrator account to manage the domain configuration. Tasks done using the Administrator account include creating and modifying user accounts and groups, managing security policies, creating printers, and assigning permissions and rights to user accounts to gain access to resources.<p/>If you are the administrator, you should create a user account that you use to perform nonadministrative tasks. Log on by using the Administrator account only when you perform administrative tasks.<p/><blockquote><b>NOTE</b><HR> You can't delete the Administrator account. As a best practice, you should always rename the built-in Administrator account to provide a greater degree of security. Use a name that doesn't identify it as the Administrator account. This makes it difficult for unauthorized users to break into the Administrator account because they don't know which user account it is. </blockquote><p/><A NAME="351"><H3>Guest</H3></A> <p/>Use the built-in Guest account to give occasional users the ability to log on and gain access to resources. For example, an employee who needs access to resources for a short time can use the Guest account.<p/><blockquote><b>NOTE</b><HR> The Guest account is disabled by default. Enable the Guest account only in low-security networks and always assign it a password. You can rename the Guest account, but you can't delete it. </blockquote><p/><A NAME="352"><H2>Lesson Summary</H2></A> <p/>In this lesson, you learned that Microsoft Windows 2000 provides local user accounts and built-in user accounts. With a local user account, a user logs on to a specific computer to gain access to resources on that computer. With built-in user accounts, you can perform administrative tasks or gain access to resources.<p/>When you create a local user account, Windows 2000 creates the account only in that computer's security database, which is called the local security database. If you need to have access to multiple computers in your workgroup, you must create an account on each of the computers in the workgroup. You don't create built-in user accounts; Windows 2000 automatically creates them.<p/>You also learned that if your computer is part of a domain, Windows 2000 provides domain user accounts. With a domain user account, a user can log on to the domain to gain access to network resources. And built-in user accounts exist that are domain user accounts and are used to perform administrative tasks or gain access to network resources. When you create a domain user account, Windows 2000 creates the account in the copy of the Active Directory database (the Directory) on a domain controller. The domain controller then replicates the new user account information to all domain controllers in the domain, simplifying user account administration.<p/> - Microsoft Windows 1002000 Professional E2 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Microsoft Windows 1002000 Professional E2 [Electronic resources] - نسخه متنی

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Sitemap

    Cover

    LOC Page

    About This Book

    Chapter 1 -- Introduction to Windows 2000

    Lesson 1: Overview of the Windows 2000 Platform

    Lesson 2: Windows 2000 Professional

    Lesson 3: Windows 2000 Workgroups and Domains

    Lesson 4: Logging On to Windows 2000

    Lesson 5: The Windows Security Dialog Box

    Review

    Chapter 2 -- Installing Windows 2000 Professional

    Lesson 1: Getting Started

    Lesson 2: Installing Windows 2000 from a CD-ROM

    Lesson 3: Installing Windows 2000 over the Network

    Lesson 4: Troubleshooting Windows 2000 Setup

    Review

    Chapter 3 -- Using Microsoft Management Console and Task Scheduler

    Lesson 1: Introducing the Microsoft Management Console

    Lesson 2: Using Consoles

    Lesson 3: Using Task Scheduler

    Review

    Chapter 4 -- Using Windows Control Panel

    Lesson 1: Configuring Hardware Settings

    Lesson 2: Configuring the Display

    Lesson 3: Configuring Operating System Settings

    Lesson 4: Installing Hardware Automatically

    Lesson 5: Installing Hardware Manually

    Lesson 6: Configuring and Troubleshooting the Desktop Environment

    Review

    Chapter 5 -- Using the Registry

    Lesson 1: Understanding the Registry

    Lesson 2: Using Registry Editor

    Review

    Chapter 6 -- Managing Disks

    Lesson 1: Introduction to Disk Management

    Lesson 2: Common Disk Management Tasks

    Review

    Chapter 7 -- Installing and Configuring Network Protocols

    Lesson 1: TCP/IP

    Lesson 2: NWLink

    Lesson 3: Other Protocols Supported by Windows 2000

    Lesson 4: Network Bindings

    Review

    Chapter 8 -- Using the DNS Service

    Lesson 1: Understanding DNS

    Lesson 2: Understanding Name Resolution

    Lesson 3: Configuring a DNS Client

    Review

    Chapter 9 -- Introducing Active Directory Directory Services

    Lesson 1: Understanding Active Directory Directory Services

    Lesson 2: Active Directory Structure and Replication

    Lesson 3: Understanding Active Directory Concepts

    Review

    Chapter 10 -- Setting Up and Managing User Accounts

    Lesson 1: Understanding User Accounts

    Lesson 2: Planning New User Accounts

    Lesson 3: Creating User Accounts

    Lesson 4: Setting Properties for User Accounts

    Review

    Chapter 11 -- Setting Up and Managing Groups

    Lesson 1: Implementing Local Groups

    Lesson 2: Implementing Built-In Local Groups

    Review

    Chapter 12 -- Setting Up and Configuring Network Printers

    Lesson 1: Introducing Windows 2000 Printing

    Lesson 2: Setting Up Network Printers

    Lesson 3: Connecting to Network Printers

    Lesson 4: Configuring Network Printers

    Lesson 5: Troubleshooting Network Printers

    Review

    Chapter 13 -- Administering Network Printers

    Lesson 1: Understanding Printer Administration

    Lesson 2: Managing Printers

    Lesson 3: Managing Documents

    Lesson 4: Administering Printers Using a Web Browser

    Lesson 5: Troubleshooting Common Printing Problems

    Review

    Chapter 14 -- Securing Resouces with NTFS Permissions

    Lesson 1: Understanding NTFS Permissions

    Lesson 2: Applying NTFS Permissions

    Lesson 3: Assigning NTFS Permissions

    Lesson 4: Assigning Special Access Permissions

    Lesson 5: Copying and Moving Files and Folders

    Lesson 6: Solving Permissions Problems

    Review

    Chapter 15 -- Administering Shared Folders

    Lesson 1: Understanding Shared Folders

    Lesson 2: Planning Shared Folders

    Lesson 3: Sharing Folders

    Lesson 4: Combining Shared Folder Permissions and NTFS Permissions

    Review

    Chapter 16 -- Auditing Resources and Events

    Lesson 1: Understanding Auditing

    Lesson 2: Planning an Audit Policy

    Lesson 3: Implementing an Audit Policy

    Lesson 4: Using Event Viewer

    Review

    Chapter 17 -- Configuring Group Policy and Local Security Policy

    Lesson 1: Configuring Account Policies

    Lesson 2: Configuring Security Options

    Review

    Chapter 18 -- Managing Data Storage

    Lesson 1: Managing NTFS Compression

    Lesson 2: Managing Disk Quotas

    Lesson 3: Increasing Security with EFS

    Lesson 4: Using Disk Defragmenter

    Review

    Chapter 19 -- Backing Up and Restoring Data

    Lesson 1: Understanding How to Back Up and Restore Data

    Lesson 2: Backing Up Data

    Lesson 3: Restoring Data

    Lesson 4: Changing Windows Default Backup Options

    Review

    Chapter 20 -- Monitoring Access to Network Resources

    Lesson 1: Monitoring Network Resources

    Lesson 2: Monitoring Access to Shared Folders

    Lesson 3: Sharing a Folder Using the Shared Folders Snap-In

    Lesson 4: Monitoring Network Users

    Review

    Chapter 21 -- Configuring Remote Access

    Lesson 1: Understanding the New Authentication Protocols in Windows 2000

    Lesson 2: Configuring Inbound Connections

    Lesson 3: Configuring Outbound Connections

    Review

    Chapter 22 - The Windows 2000 Boot Process

    Lesson 1: The Boot Process

    Lesson 2: Control Sets in the Registry

    Lesson 3: Advanced Boot Options

    Lesson 4: The Boot.ini File

    Lesson 5: Using the Recovery Console

    Review

    Chapter 23 -- Deploying Windows 2000

    Lesson 1: Automating Installations

    Lesson 2: Using Disk Duplication to Deploy Windows 2000

    Lesson 3: Performing Remote Installations

    Lesson 4: Upgrading Previous Versions of Windows to Windows 2000

    Lesson 5: Installing Service Packs

    Review

    Chapter 24 -- Configuring Windows 2000 for Mobile Computers

    Lesson 1: Using Offline Folders and Files

    Lesson 2: Configuring Power Options

    Review

    Chapter 25 -- Implementing, Managing, and Troubleshooting Hardware Devices and Drivers

    Lesson 1: Using Device Manager and System Information

    Lesson 2: Configuring, Monitoring, and Troubleshooting Driver Signing

    Lesson 3: Configuring Computers with Multiple Processors and Monitoring System Performance

    Lesson 4: Installing, Managing, and Troubleshooting Devices

    Review

    Appendix A -- Questions and Answers

    Appendix B -- Creating Setup Boot Disks

    Appendix C -- Understanding the DHCP Service

    Appendix D -- Managing Backup Tapes

    Glossary

    A

    B

    C

    D

    E

    F

    G

    H

    I

    J

    K

    L

    M

    N

    O

    P

    R

    S

    T

    U

    V

    W

    Z

    About This Electronic Book

    About Microsoft Press

    • توضیحات
    افزودن یادداشت جدید






    [Previous] [Next]

    Lesson 1: Understanding User Accounts


    Microsoft Windows 2000 provides three different types of user accounts: local user accounts, domain user accounts, and built-in user accounts. A local user account allows a user to log on to a specific computer to gain access to resources on that computer. A domain user account allows a user to log on to the domain to gain access to network resources. A built-in user account allows a user to perform administrative tasks or to gain access to local or network resources.


    After this lesson, you will be able to

    • Describe the role and purpose of user accounts.


    Estimated lesson time: 10 minutes

    Local User Accounts


    Local user accounts allow users to log on at and gain access to resources only on the computer where you create the local user account. When you create a local user account, Windows 2000 creates the account only in that computer's security database, which is called the local security database, as shown in Figure 10.1. Windows 2000 doesn't replicate local user account information to any other computer. After the local user account exists, the computer uses its local security database to authenticate the local user account, which allows the user to log on to that computer.


    Figure 10.1 Characteristics of local user accounts

    If you have a workgroup that consists of five computers running Windows 2000 Professional and you create a local user account—for example, User1 on Computer1—you can log on to Computer1 only with the User1 account. If you need to be able to log on to all five of the computers in the workgroup as User1, you must create a local user account, User1, on each of the five computers. Furthermore, if you decide to change the password for User1, you must change the password for User1 on each of the five computers because each of these computers maintains its own local security database.

    NOTE

    Do not create local user accounts on computers running Windows 2000 that are part of a domain because the domain doesn't recognize local user accounts. Therefore, the user is unable to gain access to resources in the domain and the domain administrator is unable to administer the local user account properties or assign access permissions for domain resources.

    Domain User Accounts


    Domain user accounts allow users to log on to the domain and gain access to resources anywhere on the network. The user provides his or her password and user name during the logon process. By using this information, Windows 2000 authenticates the user and then builds an access token that contains information about the user and security settings. The access token identifies the user to computers running Windows 2000 on which the user tries to gain access to resources. Windows 2000 provides the access token for the duration of the logon session.

    NOTE

    You can have domain user accounts only if you have a domain. You can have a domain only if you have at least one computer running one of the Windows 2000 Server products that is configured as a domain controller, which has the directory services based on Active Directory techology installed.

    You create a domain user account in the copy of the Active Directory database (the Directory) on a domain controller, as shown in Figure 10.2. The domain controller replicates the new user account information to all domain controllers in the domain. After Windows 2000 replicates the new user account information, all of the domain controllers in the domain tree can authenticate the user during the logon process.


    Figure 10.2 Characteristics of domain user accounts

    Built-In User Accounts


    Windows 2000 automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest.

    Administrator


    Use the built-in Administrator account to manage the overall computer. If your computer is part of a domain, use the built-in Administrator account to manage the domain configuration. Tasks done using the Administrator account include creating and modifying user accounts and groups, managing security policies, creating printers, and assigning permissions and rights to user accounts to gain access to resources.

    If you are the administrator, you should create a user account that you use to perform nonadministrative tasks. Log on by using the Administrator account only when you perform administrative tasks.

    NOTE

    You can't delete the Administrator account. As a best practice, you should always rename the built-in Administrator account to provide a greater degree of security. Use a name that doesn't identify it as the Administrator account. This makes it difficult for unauthorized users to break into the Administrator account because they don't know which user account it is.

    Guest


    Use the built-in Guest account to give occasional users the ability to log on and gain access to resources. For example, an employee who needs access to resources for a short time can use the Guest account.

    NOTE

    The Guest account is disabled by default. Enable the Guest account only in low-security networks and always assign it a password. You can rename the Guest account, but you can't delete it.

    Lesson Summary


    In this lesson, you learned that Microsoft Windows 2000 provides local user accounts and built-in user accounts. With a local user account, a user logs on to a specific computer to gain access to resources on that computer. With built-in user accounts, you can perform administrative tasks or gain access to resources.

    When you create a local user account, Windows 2000 creates the account only in that computer's security database, which is called the local security database. If you need to have access to multiple computers in your workgroup, you must create an account on each of the computers in the workgroup. You don't create built-in user accounts; Windows 2000 automatically creates them.

    You also learned that if your computer is part of a domain, Windows 2000 provides domain user accounts. With a domain user account, a user can log on to the domain to gain access to network resources. And built-in user accounts exist that are domain user accounts and are used to perform administrative tasks or gain access to network resources. When you create a domain user account, Windows 2000 creates the account in the copy of the Active Directory database (the Directory) on a domain controller. The domain controller then replicates the new user account information to all domain controllers in the domain, simplifying user account administration.

    / 156