Adding a User Account

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

from Chapter 5, Windows NT Administrator's Pocket Consultant by William R. Stanek.

You need to create a user account for each user that wants to use your network resources. User accounts are created in User Manager. Generally, there are two ways to create new accounts:

  • Create a completely new user account Create a completely new account by selecting New User from the User menu. This opens the New User dialog box shown in Figure 5-4, on the following page. When you create a new account, the default system settings are used.

  • Base the new account on an existing account Select the user account you want to copy in the User Manager window, then select the Copy option of the User menu. This opens the Copy Of dialog box, which is essentially the same as the New User dialog box. However, when you create a copy of an account, the new account gets most of its environment settings from the existing account. For more information on copying accounts, see Chapter 6.

After you enter all the information for the account, click Add to create the account. Each of the fields in the dialog box are used as follows:

  • Username The name for the user account. This name should follow the conventions for your user name policy.

  • Full Name The full name of the user, such as William R. Stanek. Keep in mind that the full name may be used by some system utilities. Because of this, you should use a consistent naming convention for full names.

    Cc722460.05wnta04(en-us,TechNet.10).gif

    Figure 5-4: The New User dialog box allows you to set basic account properties. If you want to set advanced properties, you'll need to use the buttons at the bottom of the dialog box. When you are finished creating the account, click the Add button.

  • Description A description of the user. Normally you'd enter the user's job title, such as Webmaster. You could also enter the user's job title and department.

  • Password The password for the account. This password should follow the conventions of your password policy.

  • Confirm Password A field to ensure that you assign the account password correctly. Simply reenter the password to confirm it.

  • User Must Change Password at Next Logon If selected, the user must change the password upon logon. This check box is selected by default for all new users.

  • User Cannot Change Password If checked, the user cannot change the password.

  • Password Never Expires If selected, the password for this account never expires. This setting overrides the domain account policy. Generally, it is not a good idea to set a password so it doesn't expire because this defeats the purpose of having passwords in the first place.

  • Account Disabled If checked, the account is disabled and cannot be used. Use this field to temporarily prevent anyone from using an account.

  • Account Locked Out If checked, the account is locked by the system because the user broke the general account policy for bad logon attempts. You can unlock the account by unchecking the check box. This field is not visible when you create new users. It is, however, visible, but shaded, on existing users.

You'll also find a row of buttons at the bottom of the New User dialog box. These buttons open dialog boxes that let you set advanced properties for user accounts. These dialog boxes are discussed later in the chapter.

Adding a Group Account

Group accounts are used to manage privileges for multiple users. In User Manager, the currently defined groups are shown in the lower section of the main window. As discussed in Chapter 4, Windows NT supports both local and global group types. While local groups are valid only for a single computer, global groups are valid throughout a Windows NT domain.

Tip In User Manager, you can easily tell the difference between a global group and a local group. The icon for global groups shows a globe in the background. The icon for local groups shows a computer in the background.

Group accounts names are not case-sensitive and can be up to 20 characters long. Illegal characters for group names are the same as those for user names and include:

" / \ [ ] : ; | = , + * ? < >

As you set out to create group accounts, remember that you create group accounts for similar types of users. Following this, the types of groups you may want to create include the following:

  • Groups for departments within the organization Generally, users who work in the same department need access to similar resources. Because of this, you can create groups that are organized by department, such as Business Development, Sales, Marketing, or Engineering.

  • Groups for users of specific applications Often, users will need access to an application and resources related to the application. If you create application-specific groups, you can be sure that users get proper access to the necessary resources and application files.

  • Groups for roles within the company Groups could also be organized by the user's role within the company. For example, executives probably need access to different resources than supervisors and general users. Thus, by creating groups based on roles within the company, you can ensure that proper access is given to the users that need it.

Creating a Local Group

Local groups can include local users, domain users, and global groups from the current domain as well as local users, domain users, and global groups from other trusted domains. To create a local group, do the following:

Cc722460.05wnta05(en-us,TechNet.10).gif

Figure 5-5: The New Local Group dialog box allows you to add a new local group to the workstation or server.

  1. Start User Manager. Highlight any group in the bottom pane of User Manager. Select New Local Group from the User menu. This opens the New Local Group dialog box shown in Figure 5-5.

    Note: Windows NT includes the name(s) of the currently selected user(s) in the Members list box. You can use this feature to preselect users who should be members of the new local group. In Figure 5-5, Administrator was selected prior to opening the New Local Group dialog box.

    Note: By default, Windows NT includes the name of the currently selected user in the Members list box. Because of this, a completely new group may have an initial group member.

  2. After you enter a name and description of the group, use the Add button to add names to the group. This opens the Add Users and Groups window shown in Figure 5-6. You can now add members to the group. The fields of this dialog box can be used as follows:

    • List Names From To access account names from other domains, click on the List Names From the drop-down list box. You should now see a list that shows the current domain, trusted domains, and other computers that you can access. An asterisk following a domain or computer name indicates that the global groups of that domain or computer can be listed in the Names list box. If no asterisk is displayed, local groups cannot be displayed for that domain or computer.

      Note: Only domains that have specifically been designated as trusted are available in the List Names From drop-down menu.

      Cc722460.05wnta06(en-us,TechNet.10).gif

      Figure 5-6: Add members to the group using the Add Users and Groups dialog box. Note that the Names field shows the Domain name as well as the account name. This ensures you can tell the ZETA\GIJOE account from GAMMA\GIJOE account.

    • Names The Names list box shows the available accounts of the currently selected domain or computer. For a domain, user accounts and global group accounts are shown. For a computer, only user accounts are shown.

    • Add Add selected names to the Add Names list.

    • Members Shows the members of a global group. When you select a global group in the Names list box, you can use this button to show group members. You can then select individual members of the group and add them to the Add Names list.

    • Search Allows you to search for a user or group name.

    • Add Names The list of users and groups to add to the local group.

  3. After you select the account names to add to the group, click OK. The New Local Group dialog box should now show these accounts as members of the group. If you made a mistake, select a name and remove it with the Remove button.

  4. Choose OK when you are finished adding or removing group members.

Creating a Global Group

Global groups can only include user accounts. To create a global group, do the following:

  1. Start User Manager. Highlight any group in the bottom pane of User Manager. Select New Global Group from the User menu. This opens the New Global Group dialog box shown in Figure 5-7, on the following page.

    Cc722460.05wnta07(en-us,TechNet.10).gif

    Figure 5-7: The New Global Group dialog box allows you to add a new local group to the workstation or server.

    Note: As with new local groups, if you preselect users who should be members of the group, they'll be added to the group automatically. In Figure 5-7, Administrator was selected prior to opening the dialog box.

  2. Enter a name and description of the group. The remaining fields in this dialog box are used as follows:

    • Members Shows the current members of the group.

    • Not Members Shows users that are not currently members of the group.

    • Add Adds a user to the Members list. To add users, select a name in the Not Members list, then click on the Add button.

    • Remove Removes a user from the Members list. To remove users, select a name in the Members list, then click on the Remove button.

  3. After you select the account names to add to the group, click OK.

Handling Group Membership

The Group Memberships dialog box allows you to configure which groups a user is a member of. Click on the Groups button to access this dialog box from the New User, User Properties, and Copy Of dialog boxes.

Figure 5-8 shows the Group Memberships dialog box. Note that normally the current user you're working with is shown at the top of the dialog box and the primary group of the user is shown at the bottom. In this example, however, the user name is blank because this is a new account. Additionally, because all new domain users are members of the group Domain Users, the Primary group is specified as Domain users.

Cc722460.05wnta08(en-us,TechNet.10).gif

Figure 5-8: The Group Memberships dialog box shows which groups a user is a member of.

Making a User a Member of a Group

The Member Of list box shows which groups a user belongs to. The Not Member Of list box shows which groups the user doesn't belong to. To make a user a member of a group, do one of the following:

  • Select the group name in the Not Member Of list box and click Add.

  • Double-click on the group name in the Not Member Of list box.

Windows NT also lets you select multiple group names. To do this, use one of these techniques:

  • Select multiple groups individually in the Not Member Of list box Hold down the Ctrl key and click the left mouse button on each group you want to select, then click the Add button.

  • Select a range of groups in the Not Member Of list box Hold down the Shift key and select the first group, then click on the last group in the range. Then click the Add button.

Removing a User from a Group

The Member Of list box shows which groups a user belongs to. If you want to remove a group membership:

  • Select the group name in the Member Of list box and click Remove.

  • Double-click on the group name in the Not Member Of list box.

Using the Ctrl and Shift keys, you can remove users from multiple groups by doing the following:

  • Select multiple groups individually in the Member Of list box Hold down the Ctrl key and click the left mouse button on each group you want to select, then click the Remove button.

  • Select a range of groups in the Member Of list box Hold the Shift key and select the first group, then click on the last group in the range. Then click the Remove button.

Setting the Primary Group for a User

Primary groups are used by users who access Windows NT through services for Macintosh and for POSIX applications that log on to Windows NT systems. When a Macintosh user or POSIX application creates files or directories on a Windows NT system, the primary group is assigned to these files or directories. All user accounts must have a primary group regardless of whether the accounts access Windows NT systems through

Macintosh or POSIX. This group must be a global group, such as the global group Domain User. To set the primary group, do the following:

  1. Select a global group in the Member Of list box.

  2. Click Set.

All users must be a member of at least one primary group. You cannot revoke membership in a primary group without first assigning the user to another primary group. To do this, complete the following steps:

  1. Select a global group in the Member Of list box, and then click Set.

  2. In the Member Of list box, double-click on the former primary group to revoke membership.

from Windows NT Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.

Link
Click to order