Chapter Summary

When you administer a network that has several computers shared by several users, you need to manage user accounts. When you have servers with some form of directory service, such as Windows Server 2003 with Active Directory, these user accounts are located on the network and a user can log on to any computer, using a single user account. When Windows XP Professional computers are configured as standalone members of a workgroup, each computer contains its own user database with local user accounts and groups.

When you grant rights for users to access resources, the best practices are to grant the rights to a group and place the user accounts in the group, even if there is only a single user requiring the rights. This simplifies duplicating access rights for other users in the future. Rights are granted on the Security tab of any file, folder, printer, or other permission-based object.

Auditing is configured in two steps for object access. The first is to enable the audit policy in Local Security Policy, and the second is to configure the permission-based object's Advanced security options on the Audit tab.

Group policies manage Windows XP Professional configuration settings. Active Directory containers can contain Group Policy objects (GPOs) that apply to the Windows XP computers and users that they contain. When configured as a stand-alone member of a workgroup, the Local Computer Policies apply to the computer.

Windows XP Professional caches logon credentials to improve logon performance. In addition, credentials for multiple network systems can be stored in Windows XP to enable a single sign-on. Cached credentials can cause a breach in security and errors with resource access.