Every user who accesses a network must have a user account. User accounts let you control who can access the network and who can't. In addition, user accounts let you specify which network resources each user can use. Without user accounts on your network, all your resources are open to anyone who casually drops by your network.
User accounts are one of the basic tools for managing a Windows server. As a network administrator, you spend a large percentage of your time dealing with user accounts-creating new ones, deleting expired ones, resetting passwords for forgetful users, granting new access rights, and so on. Before I get into the specific procedures of creating and managing user accounts, this section presents an overview of user accounts and how they work.
A local account is a user account that is stored on a particular computer and applies to only that computer. Typically, each computer on your network has a local account for each person who uses that computer.
In contrast, a domain account is a user account that is stored by Active Directory and can be accessed from any computer that's a part of the domain. Domain accounts are centrally managed. This chapter deals primarily with setting up and maintaining domain accounts.
Every user account has a number of important account properties that specify the characteristics of the account. The three most important account properties are
Username: A unique name that identifies the account. The user must enter her username when logging on to the network.
REMEMBER | The username is public information. Other network users can (and often, should) find out your username. |
Password: A secret word needed to access the account.
Tip | You can set up Windows to enforce password policies, such as |
The minimum length of the password
Whether the password must contain both letters and numerals
How frequently the user must change the password
Group membership: Indicates the group or groups to which the user account belongs. Group memberships are the key to granting access rights to users so that they can
Access network resources, such as file shares or printers
Perform network tasks, such as creating new user accounts or backing up the server
Tip | Groups are a handy way to send e-mail to multiple users. For example, if all users in your marketing department are members of a group named Marketing, you send them all an e-mail by addressing the mail to the Marketing group. |
Many other account properties record information about the user, such as her contact information and whether she's allowed to access the system only at certain times or from certain computers. I describe the most important of these features in later sections of this chapter.