ITSY Ch 6.4 Windows User Management
networking model
A generic term referring to any set of protocols and standards collected into a comprehensive grouping that, when followed by the devices in a network, allows all the devices to communicate. Examples include TCP/IP and OSI. defines how network components function and interact. Windows operating systems can use a stand-alone model, a workgroup network model, or a client-server network model.
Local User Accounts
A local user account can be created and used to sign in and access your Windows 10 computer instead of using a Microsoft account. When you use a local account, some features offered to Microsoft accounts are not available. These include Microsoft's OneDrive and synced settings. Local user account types include: Admin, and Standard User
Creating Local Account: Windows Settings App
To create a local account on a computer not joined to a domain: Right-click Start, select Settings, and then choose Accounts. Select Family & other users (or Other users if the computer is joined to a domain). Then select Add someone else to this PC. Follow the remaining steps to enter the name and password for the new user.
Creating Local Account: Computer Management
To create a local account: Right-click Start and then select Computer Management. From Computer Management, expand Local Users and Groups. Right-click Users and then select New User. Complete the required options and click Create. With this tool you are not required to use security questions. This method also gives you the ability to: Force users to change the password at the next sign-in Restrict the user from changing the password Allow the password to never expire Disable/enable an account
Local accounts can be created using various tools as follows:
Windows Settings App, Computer Management
Stand-Alone Model
With a stand-alone model, each Windows system functions independently of other systems. This means that you cannot transmit information directly from one host to another. The only way to transmit data between these systems is through a public network, such as the internet. In this model, the computers are not connected by a network.
Workgroup Network Model
A workgroup model is based on peer-to-peer networking. In the workgroup model: No hosts in a workgroup have a specific role. All hosts can function as both workstation and server. All hosts in a workgroup can both provide network services and consume network services. The hosts are linked together by some type of local network connection. Hosts in the same workgroup can access shared resources on other hosts. No specialized software is required. Some drawbacks of the workgroup network model include: Lack of scalability Lack of centralized configuration control Complexity of backing up data Lack of centralized authentication. To use resources on another computer, the same user account must be created on both systems. Lack of centrally applied security settings
To make a computer a member of a workgroup:
Access the System Configuration app. Right-click Start and then select System. From the right pane, select System info under Related settings. Under Computer name, Domain, and Workgroup settings, select Change settings. From the Computer Name tab, click Change. Next, enter the name of the desired workgroup and click OK.
Admin
Administrators have complete control of the system and can perform tasks such as: Change global settings Create/delete users Install applications Run applications in an elevated state Access all files on the system
Domain objects
All network resources, such as users, groups, computers, and printers are stored as objects in Active Directory.
Which of the following account types is a cloud-based identity and access management service that provides access to both internal and external resources?
Azure AD Azure Active Directory (Azure AD) is a cloud-based identity and access management service provided by Microsoft. It is similar to on-premises Active Directory except that Azure AD runs in Microsoft's Azure cloud. Administrator is a local user account that has complete control of a system. Domain accounts are created and stored in Active Directory on a domain controller server. This provides central management of users and groups. Microsoft accounts use a single sign-on system. This means that you can sign into different systems while maintaining the same user settings and password. A Microsoft account is a cloud-based Active Directory account type.
Azure Active Directory
Azure AD is Microsoft's cloud-based identity and access management service. It helps employees sign in and access resources.
Azure Active Directory Account Sign-In
Azure Active Directory (Azure AD) is a cloud-based identity and access management service provided by Microsoft. It is similar to on-premises Active Directory except that Azure AD runs in Microsoft's Azure cloud. With Azure AD, users can sign in and access both internal and external resources. Internal resources include such things as the applications on a corporate network. External resources includes such things as Microsoft Office 365 and other Software as a Service (SaaS) applications. As with on-premises Active Directory, to use Azure AD a user account must be created in Azure AD and the local computer must be joined to the Azure AD domain. To join a device to Azure Active Directory: Right-click Start and then go to Settings > Accounts. Select Access work or school and select Connect. Select Join this device to Azure Active Directory. Follow the remaining prompts to complete the process. After joining the computer to Azure AD, you sign in using the same steps as you would to sign into a local domain. The only difference is that you use the Azure AD domain.
You manage a group of 20 Windows workstations that are currently configured as a workgroup. You have been thinking about switching to an Active Directory configuration. Which advantages would there be to switching to Active Directory? (Select two.)
Centralized configuration control, Centralized authentication Installing an Active Directory database provides several advantages, including: Improved scalability Centralized configuration control Reduced data backup complexity Centralized authentication Centrally applied security settings Active Directory also includes some drawbacks, for example: Increased cost Specialized hardware and software needs Increased planning time for implementation
You are consulting a small startup company that needs to know which kind of Windows computer network model they should implement. The company intends to start small with only 12 employees, but they plan to double or triple in size within 12 months. The company founders want to make sure they are prepared for growth. Which networking model should they implement?
Client-server This startup company should invest in a client-server network if they want to be prepared to double or triple in size within 12 months. A client-server network that uses Active Directory as a centralized database to manage network resources is the most scalable networking model. The workgroup (peer-to-peer) networking model would be less expensive and easier to set up for a dozen employees, but it would become too difficult to manage when the company increases in size. The standalone networking model would not connect the company's computers to each other. Employees would not be able to share any resources, such as printers or data storage. Wired and wireless networks are not networking models. These network configurations provide connectivity between computers and can be used for any of the networking models. A public network, such as the internet, would be the only way computers using the standalone networking model could communicate with each other.
Which of the following are networking models that can be used with the Windows operating system? (Select two.)
Client-server, Workgroup The following networking models can be used with the Windows operating system: Workgroup - computers that are physically connected to a wired or wireless network can be set up as a simple peer-to-peer network, which Microsoft refers to as a workgroup. Computers that are part of a workgroup are both workstations and servers. A workgroup is easy to set up, but it can become very difficult to manage if the number of computers exceeds 10 to 15. Client-server - in a client-server network, which Microsoft refers to as a domain, computers are joined to a network domain that uses an Active Directory database to contain user accounts and network security policies. Organizational units are logical containers in Active Directory that are used to hold and organize network resources. A domain controller is a server that holds a copy of the Active Directory database. Active Directory is a centralized database that contains user account and security information.
Active Directory
Developed by Microsoft, Active Directory is a centralized database that contains user accounts and security information. It is included in most Windows Server operating systems as a set of processes and services.
Organizational unit (OU)
In Active Directory, an organizational unit is a way to organize such things as users, groups, computers, etc. It is also referred to as a container object.
Domain Account Sign-In
In addition to local and Microsoft account sign-ins, you can also sign into a Windows system using a domain account. Domain accounts are created and stored in Active Directory on a domain controller server. This provides central management of users and group. When using a domain user account to sign into your system, the username and password entered are sent to the domain controller. The domain controller then checks to see if the username and password submitted match the credentials it has for that particular user. If they do match, it sends a message back to the local system verifying the credentials, and the user is allowed to sign into the system. Before a user can sign in using a domain account, the domain user account must have already been created in Active Directory and the computer must have been joined to the desired domain. To sign in using a domain account, you need to specify the domain to which you want to sign into. If this is the first time you are signing into the domain, or you want to make sure you are signing into the correct domain, select Other user from the sign-in screen. From this dialog, a known domain will be shown. If the domain shown is the one you want to use, enter the username and password in the applicable fields. However, if the domain listed is not correct, you can change domains by specifying the correct domain in the username field using the syntax of domain\username. For example, to sign into the ACME domain using the Admin account, in the username field you would type AMCE\Admin. As soon as you type the backslash, the name of the domain is shown in the Sign in to area.
Client-Server Network Model
In the client-server model, each host has a specific role in the network. Servers provide services such as file storage, user management, security configuration, and printing. Clients request services from servers. The client-server model is known as domain networking in a Windows environment. Some key domain networking facts include the following: Domain networking uses the concept of security principals. These are entities such as users, computers, and resources. A Windows domain is a collection of security principals that share a central authentication database known as Active Directory (AD). The Active Directory database is located on one or more servers in the domain. The servers running the Active Directory database are called domain controllers (DCs). Hosts must run a supported version of the Windows operating system to join a domain. The distinguished name of the domain is composed of the domain name along with the top-level domain name from DNS. Domains are much more efficient and scalable than workgroups due to a centralized management structure and function. Objects represent resources such as users, computers, and printers. Objects are used to define security attributes such as access, availability, and use limitations within the domain. Objects can be organized in container objects. An organizational unit (OU) is a type of container object used to logically organize network resources and simplify administration. Some drawbacks of the client-server network model include increases in the following areas: Cost to implement due to specialized hardware and software requirements Planning time required for implementation Complexity of implementation Knowledge required to manage the implementation
John, a user, is attempting to install an application but receives an error that he has insufficient privileges. Which of the following is the MOST likely cause?
John has a local standard user account. If John is receiving an error that he has insufficient privileges to install an application, the most likely cause is that he has a local standard user account. Standard users have limited permissions. For example, standard users: Can use applications (but they cannot install them) Can change some settings that apply only to them Cannot run applications in an elevated state John is not a local administrator, as he would not receive an error message in that case. The application is a valid Windows application, otherwise the installation would not be able to start. Logging in with a Microsoft account would not give John the privileges to install an application.
Mary, a user, is attempting to access her OneDrive from within Windows and is unable to. Which of the following would be the MOST likely cause?
Mary needs to log in with a Microsoft account. Microsoft accounts use a single sign-on system. This means that you can sign into different systems while maintaining the same user settings and password. You can even access your favorites websites. Microsoft accounts also provide synchronized access to other Microsoft services, such as Office 365, Outlook, Skype, OneDrive, Xbox Live, Bing, and Microsoft Store. A local user account can be created and used to sign in and access a Windows 10 computer instead of using a Microsoft account. When a local account is used, some features offered to Microsoft accounts are not available. These include Microsoft's OneDrive and synced settings. Azure Active Directory (Azure AD) is a cloud-based identity and access management service provided by Microsoft. It is similar to on-premises Active Directory except that Azure AD runs in Microsoft's Azure cloud.
Which of the following account types uses a single sign-on system that lets you access Windows, Office 365, Xbox Live, and more?
Microsoft Microsoft accounts use a single sign-on system. This means that you can sign into different systems while maintaining the same user settings and password. You can even access your favorites websites. Microsoft accounts also provide synchronized access to other Microsoft services, such as Office 365, Outlook, Skype, OneDrive, Xbox Live, Bing, and Microsoft Store. Administrator is a local user account that has complete control of a system. Domain accounts are created and stored in Active Directory on a domain controller server. This provides central management of users and groups. Azure Active Directory (Azure AD) is a cloud-based identity and access management service provided by Microsoft. It is similar to on-premises Active Directory except that Azure AD runs in Microsoft's Azure cloud.
Microsoft Account Sign-In
Microsoft accounts can be created using an existing email address or by signing up for a Microsoft email address. You can also use a phone number instead of an email address. If your Windows system was originally configured to sign in using a local account, you can switch to a Microsoft account by doing the following: Select the Start menu and go to Settings > Accounts > Your info. Select Sign in with a Microsoft account instead. (Note: if you see Sign in with a local account instead, you're already using your Microsoft account.) Follow the prompts to switch to your Microsoft account. If needed, you can create a Microsoft account at this time. To switch from a Microsoft account back to a local account, right-click Start and go to Settings > Accounts > Your info. Then select Sign in with a local account instead and follow the prompts.
You are configuring a small workgroup. You open System Properties on each computer that will be part of the workgroup. Click the System Properties options you can use to configure each computer's workgroup association. (Select two. Each option is part of a complete solution.)
Network ID, Change
You are a contract support specialist managing the computers in a small office. You see that all the computers are only using local user accounts. Which of the following models could this office be using? (Select two.)
Standalone, Workgroups The standalone and workgroup models can only use local user accounts for storing usernames and passwords. Active Directory is used to create client-server networks where domains are used to organize network resources. On these networks, user account information is stored in a centralized database on a network server. Azure AD is similar to Active Directory, but the domain is hosted on Microsoft servers in the cloud. This is where user account information would also be stored.
Standard User
Standard users have limited permission. For example, standard users can: Use applications (but they cannot install them) Change some settings that apply only to them Standard users cannot run applications in an elevated state.
Workgroup Membership
When working in an environment where multiple computers are connected on a network, one method of sharing resources between computers is to use a workgroup. A workgroup is Microsoft's implementation of peer-to-peer networking. Although using domains is the preferred method, workgroups can be useful in small environments of about two to eight computers. Anything larger than that begins to be an administrative challenge. When using workgroups, consider the following: Workgroups provide only sign-in security. No username or password is required to join a workgroup. Computers that belong to the same workgroup can share resources only if they are on the same segment. Workgroups have no centralized authentication. This means that for a user to access a remote system, the same username and password must be created on the remote system. Otherwise, each user would need to know the username and password on the remote system. If a domain is not used, the computer is a member of the workgroup named Workgroup by default.
Which networking model is based on peer-to-peer networking?
Workgroup A workgroup model is based on peer-to-peer networking. In the workgroup model: No hosts in a workgroup have a specific role. All hosts can function as both workstation and server. All hosts in a workgroup can provide network services or consume network services. Hosts are linked together by some type of local network connection. Hosts in the same workgroup can access shared resources on other hosts. No specialized software is required. In a standalone model, each Windows system functions independently of other systems. In the client-server model, each host has a specific role in the network. Servers provide services such as file storage, user management, security configuration, and printing. Clients request services from servers.