| Objectives Configure, manage, and troubleshoot local user and group accounts. Configure, manage, and troubleshoot auditing. Configure, manage, and troubleshoot account settings. Configure, manage, and troubleshoot account policy. Configure, manage, and troubleshoot user and group rights. You will encounter two types of users in a Windows network: domain users and local users. You should have an Active Directory domain controller available to test how domain users interact with the computer as compared to how local users interact. The security applicable to user and group accounts begins with permissions and ends with auditing. Somewhere in the middle, the rules, or policies, of how the user can interoperate are also applied. Administrators must be able to determine which rights users should have and how they should be able to execute their rights to be productive, and which rights should be denied to protect data and resources.
Troubleshoot cache credentials. A cache is a storage area. Cached credentials are the rights that a user has stored on a local computer. When the computer accesses resources, it may use the credentials that have been cached. If the credentials change, the user will not have the expected access rights and errors occur.
Outline Introduction | 550 | Configuring, Managing, and Troubleshooting Local User and Group Accounts | 550 | Configuring and Managing Local Groups
| 555 | Configuring, Managing, and Troubleshooting Auditing
| 558 | Configuring, Managing, and Troubleshooting Account Settings
| 562 | Configuring, Managing, and Troubleshooting Account Policy
| 565 | Configuring, Managing, and Troubleshooting User and Group Rights
| 567 | Troubleshooting Cached Credentials
| 569 | Chapter Summary | 572 | Apply Your Knowledge | 573 |
Study Strategies To delve into account management concepts, you should have a small network consisting of one Windows XP Professional computer and one Windows Server 2003 Active Directory domain controller. In a standalone computer, open the Computer Management console and create a user account and two groups. Create a file and folder structure in which you can test various rights. Join the user to a group with one set of rights, and then log on and test which folders the user can access. Log off and repeat with the user as a member of another group. Compare your results with the first test by joining the computer to the domain. Test your access to domain resources by logging on to the computer as a local user. Test your access to local resources by logging on to the computer as a domain user. Join the domain user to a domain global group. Join the domain global group to one of the local groups you created. See whether the domain user was able to access the files to which the group was granted access. Consider how difficult user management would be if you used only local accounts. Use the Audit policies in Local Security Policy to implement auditing on the local computer. Log on to the computer as a local user account, create a file, rename a folder, and then view the Event Viewer to see which events triggered the audit policies. Log off and then log on to the computer as the domain user. Execute the same functions on the computer. View the Event Viewer to see which events triggered the audit policies. Cached credentials pose particular issues regarding security. To familiarize yourself with how cached credentials function, have a network with two computersa Windows XP Professional computer and a Windows 2003 Server, both configured as workgroup members of differently named workgroups. Log on as a local user on the Windows XP computer. Connect to a secured share of the server as a user with a different name and password. Disconnect from the share. Reconnect and see whether you are prompted again for logon information.
|
