UsersNotes

UsersNotes

A good security practice is to rename the Administrator account. Make sure you also assign the Administrator account a complex password and protect this password carefully .

Do not use the Administrator account as your everyday user account if you are a network administrator. Instead, create an ordinary user account for yourself and use this account to check your email, work on documents, and so on. Use the Administrator account (or any account that belongs to the Domain Admins group ) only when performing network and system administration tasks that require this level of privilege.

Review permissions assigned to the Guest account (and Guests group) for shared network resources before enabling this account.

If you select multiple user accounts in an OU, you can simultaneously perform any of the following tasks on them:

Add members to a group

Delete account

Disable account

Enable account

Move account

Open home page

Send email

When you create a new domain user account, it is automatically added to the Domain Users built-in global group, regardless of whether the new user account is created in the default Users OU or in some other OU you created.

As a security precaution, you should disable a user account when the user is going to be absent for an extended periodfor example, on vacation. This is especially important for users who have some level of administrative access to network resources.

Make sure accounts for temporary employees have an expiration date.

Even if your ordinary users don't require the ability to roam, you may want to give your administrators this capability so they can perform administrative tasks from any machine in the network. On the other hand, in high-security environments you may want to restrict administrative logon to a few selected machines.

You don't need to make copies of mandatory profilesmultiple users can be assigned the same profile. If you do assign a single roaming profile to multiple users, make sure you configure the profile as mandatory. Otherwise, one user will change the wallpaper, and another user will complain about it!

Legacy (Windows NT/9X) applications may not be aware of the My Documents folders, in which case administrators may need to instruct users how to locate and store their work manually in their My Documents folders for these applications.

If roaming user profiles have been configured for your users, they may experience a delay when they log on or log off the network. This is caused by the contents of the My Documents folder being copied to and from the network file server where their roaming profiles are stored. Overall network performance can be degraded for other users as well when many megabytes of files are copied across the network. In a situation like this, implementing home folders might be a better way to store user files on the network.

See Also