Creating User and Group Accounts

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

from Chapter 5, Windows NT Administrator's Pocket Consultant by William R. Stanek.

A key part of your job as an administrator is to create user accounts, and in this chapter you'll learn how to do that.

User accounts allow Microsoft Windows NT to track and manage information about users, including permissions and privileges. When you create user accounts, you use the Windows NT administration tools. The primary account administration tool is the User Manager, which comes in two versions:

  • The Windows NT Workstation version, User Manager (MUSRMGR.EXE), is designed to administer accounts on a single computer.

  • The Windows NT Server version, User Manager for Domains (USRMGR.EXE), is designed to administer accounts throughout a Windows NT domain.

For details on getting started with User Manager, see Chapter 4, "Understanding User and Group Accounts." Note that for ease of reference this chapter uses the term User Manager to refer to both User Manager and User Manager for Domains (unless otherwise noted).

User Account Setup and Organization

Account setup and organization are the most important aspects of account creation. Without appropriate policies in place, you could quickly find that you need to rework all the user accounts in your company. So before you create accounts, determine the policies you want to use for setup and organization.

User Name Policies

A key policy you'll need to set is the naming scheme for accounts. In Windows NT, user names must follow these rules:

  • Local user names must be unique on a workstation.

  • Global user names must be unique throughout a domain.

  • User names must be no more than 20 characters in length.

  • User names cannot contain certain characters. Invalid characters include:

    " / \ [ ] : ; | = , + * ? < >

    User names can contain all other special characters, including spaces, periods, dashes, and underscores. But it's generally not a good idea to use spaces in account names. On some non-Windows NT systems, such as UNIX, spaces aren't valid in user names and the user may have difficulty accessing these systems.

Note: Although Windows NT stores user names in the case you enter, user names are not case-sensitive. For example, you can access the Administrator account with the user name Administrator or administrator. Thus, user names are case-aware but not case-sensitive.

You'll find that most small organizations tend to assign account names that use the first or last name of the user. But you can have several Toms, Dicks, and Harrys in a company of any size. So rather than having to rework your account naming scheme when you run into problems, select a good naming scheme now and make sure other administrators use it. For naming accounts, you should use a consistent procedure that

  1. Allows your user base to grow and limits the possibility of name conflicts.

  2. Ensures that your accounts have secure names that aren't easily exploited.

If you follow these guidelines, the types of naming schemes you may want to use include:

  • User's first name and last initial You take the user's first name and combine it with the first letter of the last name to create the account name. For William Stanek, you would use williams or bills. This naming scheme is not practical for large organizations.

  • User's first initial and last name You take the user's first initial and combine it with the last name to create the account name. For William Stanek, you would use wstanek. This naming scheme is not practical for large organizations, either.

  • User's first initial, middle initial, and last name You combine the user's first initial, middle initial, and last name to create the account name. For William R. Stanek, you would use wrstanek.

  • User's first initial, middle initial, and first five characters of the last name You combine the user's first initial, middle initial, and the first five characters of the last name to create the account name. For William R. Stanek, you would use wrstane.

  • User's first name and last name You combine the user's first and last name. To separate the names, you could use the underscore character ( _ ) or hyphen (-). For William Stanek, you could use william_ stanek or william-stanek.

Password and Account Policies

Windows NT accounts use passwords to authenticate access to network resources. A password is a case-sensitive string that can contain up to 14 User names can contain all other special characters, including spaces, periods, dashes, and underscores. But it's generally not a good idea to use spaces in account names. On some non-Windows NT systems, such as UNIX, spaces aren't valid in user names and the user may have difficulty accessing these systems.

Note: Although Windows NT stores user names in the case you enter, user names are not case-sensitive. For example, you can access the Administrator account with the user name Administrator or administrator. Thus, user names are case-aware but not case-sensitive.

You'll find that most small organizations tend to assign account names that use the first or last name of the user. But you can have several Toms, Dicks, and Harrys in a company of any size. So rather than having to rework your account naming scheme when you run into problems, select a good naming scheme now and make sure other administrators use it. For naming accounts, you should use a consistent procedure that

  1. Allows your user base to grow and limits the possibility of name conflicts.

  2. Ensures that your accounts have secure names that aren't easily exploited.

If you follow these guidelines, the types of naming schemes you may want to use include:

  • User's first name and last initial You take the user's first name and combine it with the first letter of the last name to create the account name. For William Stanek, you would use williams or bills. This naming scheme is not practical for large organizations.

  • User's first initial and last name You take the user's first initial and combine it with the last name to create the account name. For William Stanek, you would use wstanek. This naming scheme is not practical for large organizations, either.

  • User's first initial, middle initial, and last name You combine the user's first initial, middle initial, and last name to create the account name. For William R. Stanek, you would use wrstanek.

  • User's first initial, middle initial, and first five characters of the last name You combine the user's first initial, middle initial, and the first five characters of the last name to create the account name. For William R. Stanek, you would use wrstane.

  • User's first name and last name You combine the user's first and last name. To separate the names, you could use the underscore character ( _ ) or hyphen (-). For William Stanek, you could use william_ stanek or william-stanek.

from Windows NT Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.

Link
Click to order