Chapter 6

Peer-to-Peer, Domain-based

2 types of networks

Widnows 7- 14 built in groups

Administrators. Backup Operators. Cryptographic Operators. Distributed COM User. Event Log Readers. Guests. IIS_IUSRS. Network Configuration Operators. Performance Log Users. Performance Monitor Users. Power Users. Remote Desktop Users. Replicator. Users.

Faster User Switching

Allows multiple users to have applications running in the backround at the same time. one user can be actively using the computer at a time

Advanced User Account applet

Available only by starting it from the command line. (hint: AUA applet)

C:\users\%USERNAME%

By default, profiles are stored in _____________________

User Profile

Collection of desktop and environment configurations for a specific user or group of users.

Domain

Computers in the ________ share the user accounts on the domain controller

Creating a user can be done from:

Control Panel. Local Users and Groups MMC snap-in. Advanced User Accounts applet.

4 general user tasks you can perform

Create a new user. Delete a user. Rename a user. Set a user password.

Administrator Account

Derives its privileges from being a member of the local Administrators group. has complete access to the system.

Standard User Account

Derives its privileges from being a member of the local users group. cannot compromise the security or stability of Windows 7.

Public Profile

Different from other profiles because it is not a complete profile.

Once

Domain-based networks require a user account only needs to be created _______

SAM database

Each computer maintains a separate list of users and groups in its own ________ _______

Default ratings

Early Childhood (EC), Everyone (E), Everyone 10+ (E10+), Teen (T), Mature (M), Adults Only (AO).

Editing the Default User Profile Without using Sysprep

Edit the registry settings in the default profile, Modify individual settings or import registry keys exported from an already configured profile, Update specific files in the default user profile

3 common naming conventions

First name. First name and last initial. First name and last name.

Stops the automatic logon form occurring

Holding down the Shift key during the boot process

Groups

Members of _____ have access to all resources that the _____ have been given permissions to access

Start Menu

Modifying the _____ ______ is as simple as creating folders and shortcuts. Users all have a personal version that is stored in their profile.

Administrator

Most actions that are triggered by an _______ do not result in a prompt from User Account Control

roaming user profiles

Most mandatory profiles are implemented as roaming user profiles

7 characteristics of the Administrator account

Not visible on the logon screen. has a blank password by default cannot be deleted cannot be locked out due to incorrect logon attempts cannot be removed for local administrators group. can be disabled. can be renamed.

Profile tab

Often used in corporate environments for domain-level accounts. Profile path specifies location of profile for this user.

Guest

One of the least privilged user accounts in Windows. Has extremely limited access to resources and ocmputer activities

automated mechanism

Peer-to-peer networks have no _______ _______ to synchronize user accounts and passwords between computers

Mandatory profile

Profile that cannot be modified

Secure Logon

Protects your copmuter from viruses and spyware that may attempt to steal your password. whn the computer is a domain client, then secure logon is required.

User account

Required for individuals to log on to Windows 7 and use resources on the computer. Has attributes that describe user and control access.

Windows 7- 3 logon Configurations

Standalone. Workgroup member. Domain client.

exists

To access shares or printers on a remote computer, you must log on as a user that ________ on the remote computer

NTUSER.DAT to NTUSER.MAN

To change a profile to mandatory profile you rename the file ____________ to _____________

Roaming Profiles

Useful when a corporation uses Outlook and Exchange for an e-mail system.

Security Accounts Manager database SAM

User accounts are stored in this. Within SAM database, each user account is assigned a security Identifier (SID)

Local User Accounts

User accounts created in Windows 7, Exists only on the local computer.

Initial Account

User created during installation is givin administrative privileges.

4 Naming Conventions Restriction imposed by Windows 7

User logon names must be unique. user logon names must be 20 characters or less. user logon names are not case sensitive. user logon names cannot contain invalid characters.

are not saved

Users can make changes to their desktop settings while they are logged on as the Mandatory Profile, but the changes ______ ______ _____

User Accounts applet

Users can perform basic administration for their accounts using this interface

Default Profile

When new user profiles are created this is what they are off the bat

Default user profile

Windows 7 copies the ______ ______ ______ to create a profile for the new user.

20

Windows 7 has a limit of ________ connections

Administrative

_______options with a shield beside them are restricted to administrative users.

local computer

a roaming profile is copied to the ________ _______

cached

after credentials are _____ locally, you can log on to a computer using a domain user account. even when the domain cannot be contacted

Local Users and Groups MMC Snap-In

allows you to create and manage both user accounts and groups. Other user options can be configured in the properties of the user account.

Game Controls

are used to limit access to games. you can block games based on the game rating.

Groups

are used to simplify the process of assigning security rights and permissions.

C:/users

by default, each user has a spearate profile stored in __________

7 characteristics of a Guest account

cannot be deleted. cannot be locked out. is disabled by default. has a blank password by default. can be renamed. is a member of the Guest group by default. is a member of the Everyone group.

Domain Controller

central server responsible for maintaining user accounts and computer accounts

Software

changes triggered by ______ do result in a prompt from User Account Control

Start Menu

collection of folders and shortcuts to applications.

Tasks performed with parental controls

configure time limits. control game playing. allow and block programs.

Peer-to-peer

consists of multiple windows computers that share information.

Time Limits

control when a user is able to log on and use the computer. Allow you to restrict logons to certain time of the day.

to configure the default profile

create new local user with administrative privileges, log on as the designated local user, modify the new user's profile as desired, create an answer file with CopyProfile parameters set to true, Run Sysprep with /generalize option, Image the computer and deploy the image

Home folder

defines a default location for saving files.

Logon script box

defines a script that is run each time during logon

Public Profile

does not include an NTUSER.DAT file and consequently does not include any registry settings

Small networks

even ____ _____ benefit from resouces with meaningful names

Secure Logon

increases security on your computer by forcing you to press Ctrl+Alt+Delete before logging on

Guest

intended for occasional use by low-security users.

Initial Account

is different from administrator account in that it: is visble on the logon scree. does not have a blank password by default. can be deleted. can be locked out due to incorrect logon attempts. can be removed from the administrators group.

Members Of tab

lists groups of which the user account is a member. any rights and permissions assigned to these groups are also given to the user account.

Windows Welcome

logon method used by standalone computers and workgroup members authenticates user by using local SAM database

parental controls

method for controlling how Windows 7 is used by specific user accounts, the account must be Standard user accounts

Administrator

most powerful local user account possible. Has unlimited access and unrestricted privileges to every aspect of Windows

Network

no computer on the _______ serves as a central authoritative source of user information.

synchronizing

no concerns about _______ passwords between multiple accounts on a domain-based network.

Pass-through authentication

simplest authentication method for users. remote computer has a user account with the exact same name and password as the local machine.

User Accounts applet

simplified interface for user management. in Control Panel.

Automatic Logon

somtimes it is desirable for the computer to automatically log on as a specific user - each time it is started. is configured on the Users tab of the User Accounts applet.

Naming convention

standard process for creating names on a network or standalone computer.

Roaming profile

stored in a network location rather than on the local hard drive. setting move the user from computer to computer on the network

Profile folders and information

there are many folders and information in Profile. such as: Desktop, Documents, Downloads, Favorites, Links, Local Settings, Music, My Documents, NetHood, Pictures, PrintHood, Recent, Saved Games, Searches, SendTo, Start Menu, Templates, Videos, NTUSER.DAT, NTUSER.DAT.LOG, NTUSER.DAT{guid}.TM.blf, NTUSERDAT{guid}.TMContainerxxxxxx.regtransms, ntuser.ini

Domain Admins

they allows centralized administration

Administrator

this account is disabled by default in Windows 7

Domain Admins

this group becomes a member of the local Administrators group (domain-based)

Domain User

this group becomes a member of the local user group (domain-based) to allow all usres in the domain to log on to Windows 7

netplwiz

to start the Advanced User Accounts applet from a command line, us the ___________ command.

Windows Explorer

use __________ ________ to access and modify the contents of the start menu

Domain-based

user accounts for ________ _____ networks are much easier to manage

networked environment

user logon and authorization is very different in a __________ _________

when you view the properties of a group, there is only a single tab

which provides a description of the group and a list of the group members. you can add and remove users from the group here.

to participate in a domain

windows 7 computers are joined to the domain

Block Programs

you can restrict users to running only approved applications. you can manually add programs to the list of approved applications.

To configure a roaming profile

you must edit the user account to point the profile directory at a network location

Cached credentials

your authentication credentials are automatically cached in Windows 7. this is important for mobile computers that are not always conneted to the domain.