UEU-co logo

ch03lev1sec8.html


Previous Page Next Page

Managing Local User Accounts and Groups

When you install Windows Server 2008 on a computer (as discussed in Hour 2, “Installing and Configuring Windows Server 2008”), an Administrator account is automatically created (you had to provide the password for the account before you could log in for the first time). This account is used to configure and administer the server. It is considered a local account. (However, after you install Active Directory Domain Services on the server, this account also has domain access privileges.)

You can create additional local user accounts that have varying degrees of access to the settings and service on the local machine. This is in contrast to the domain user accounts that you will create in Hour 8, “Understanding and Configuring Active Directory Domain Services.” These types of accounts are designed to allow users to access different resources throughout the domain.

So, in a nutshell, local user accounts on a server are designed for people who will help maintain and administer the server. Local groups also exist on the local server and can be used to provide different access levels to your local users.

By the Way

Creating local users and groups on Windows Server 2008—such as a member—is really no different than creating local users on a shared office computer running an operating system such as Windows Vista. You are creating the local accounts so that these users can access local resources on the computer.

You can create local user accounts by using the Server Manager on the local computer. To open the Server Manager window and access the user and group tools, follow these steps:

1. Select the Start menu, point at Administrative Tools, and then select Server Manager. The Server Manager window opens.

2. Expand the Configuration node in the tree and then expand the Local Users and Groups node. To view the current local users, click the Users folder.

The default local user accounts are Administrator and Guest. The Guest account is disabled by default.

Adding Local Users

You can add local users directly from the Server Manager. To add a local user to the computer with the list of local users showing, follow these steps:

1. Click the More Actions link in the Actions pane of the Server Manager. Select New User from the shortcut menu. The New User dialog box appears (see Figure 3.14).

Figure 3.14. Set the username and password for the new local user.

2. Enter a username, a full name, a description, and a password for the new account. You can also use the check boxes to set the following password options:

  • User Must Change Password at Next Logon
  • User Cannot Change Password
  • Password Never Expires
  • Account Is Disabled
3. After entering the various parameters, click the Create button. You can add other local user accounts if you want. Then click Close to close the dialog box. The new user (or users) appears in the user list in the Server Manager window.

The new user can now log on to the local computer. After you create a user, you can edit any settings related to the user, such as renaming the user and changing the user’s password.

Local User Groups

On Windows Server 2008, computer local groups are typically used to impart certain access levels to the local users on the computer. For example, adding a local user to the Administrators group (a default group) grants that user all the administrative privileges on the local machine. This is also how you can create security equivalences for multiple users.

When you click the Groups folder in the Server Manager tree, a list of all the default local groups (this is before you make the computer a domain controller) appears in the Details pane (see Figure 3.15). The built-in groups provide special access levels and capabilities that make it easier to assign a user certain privileges without making the user a local administrator. The number of local groups shown depends on the services that you have installed. For example, if you have installed DHCP on the local computer, a DHCP Administrators group is added to the default group list.

Figure 3.15. Default local groups can be used to provide access levels to local users.

[View full size image]

To add users to a local group, follow these steps:

1. Right-click a particular group (let’s say you want to add users to the Administrators Group). Then select Add to Group from the shortcut menu. The group’s Properties dialog box appears (see Figure 3.16). The current user members of the groups are listed.

Figure 3.16. You can add local users to your local groups.

2. To add users to the group, click the Add button. The Select Users dialog box opens. Type the usernames that you want to add to the group in the Enter the Object Names box, and then click OK. The username (or names) is added to the group’s list. Click OK to close the dialog box.

You can also create local groups, if you want. It probably makes sense to take advantage of the different access levels provided by the built-in local groups before you go to the trouble of creating special local groups.

To add a new group, right-click the Groups folder and then select New Group. The New Group dialog box opens. Enter a name for the new group. To complete the process, click the Create button. Your new group appears in the group list.

Remember that local users and groups are designed for the local server environment. Domain user accounts and groups are a different animal; they are discussed in detail in Hours 8 and 9, respectively.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited