Creating User Accounts

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

User accounts are required for authentication. Assign users the appropriate permissions to access resources by creating user accounts in Active Directory and adding the accounts to the appropriate groups. Adding accounts to security groups and applying access control settings to resources allows users to utilize their authenticated identity to access resources, and facilitates account management.

It is best to grant users and groups access to only those resources that are required for them to complete their job tasks. In this way, if any user account is compromised by a malicious user, he or she has limited access to resources, and therefore can cause only minimal damage.

For more information about user accounts and security groups, see "Designing a Resource Authorization Strategy" in this book.

Note

  • Do not allow users to share accounts or passwords or to use weak passwords. Shared accounts and weak passwords compromise the security of your environment. For more information about creating password policies, see "Creating a Strong Password Policy" later in this chapter.

Creating user accounts involves creating a plan for user account management in your organization.