Local Users and Groups

Others 2020-03-16 19:04:51 views: null

1. User Account

Each user must have an account in order to use this account to log on to the computer, access to resources within the computer, or log on to the resource domain, use the domain to access the account.

l account and password naming rules

Naming the account name is as follows:

Account name must be unique and is not case sensitive.

Can contain up to 20 uppercase and lowercase characters and numbers, can be input up to 20 characters, but recognizes only the first 20 characters.

You can not use the reserved word characters: " ? ∧ [] :; | =, + * <> @.

It can be a combination of characters and numbers.

Not the same as the group name.

l password naming rules are as follows:

You must assign a password administrator account to prevent unauthorized use.

Password length between 8-128.

The password can use uppercase and lowercase letters, numbers, and other legal characters.

2. User Account Types

( 1) local user accounts

Local user account is created in the local security account database SAM, the only locally significant. SAM database file path \ windows \ system32 \ config \ sam . Users can use a local user account to log on the computer where the account, but this account is only able to access this resource in the computer. If you want to access resources in another computer, you must enter a user name and password for other accounts within the computer.

( 2) the domain user account

Domain user accounts stored in the domain controller within the Active Directory database. When a user logs on, all domain controllers in the domain can check the user account name and password are correct. It will be described in detail in later chapters.

( 3) built-in account

When the Windows Server 2003 installation, automatically creates some built-in account, you can view from your computer interface to manage these accounts. Which, Administrator (System Administrator) and Guest (customers) are more common two built-in account.

3. The concept of group

Group refers to a local computer or active directory objects, including the user, contacts, computers, and other groups. In Windows Server 2003, to manage user and group access to the computer through shared resources. If giving a group permission to access a resource, this group of users will automatically have the permission. Introducing the concept of the group is to facilitate access to the same range of user account management.

4 . Type group

Like user accounts, according to workgroup mode and domain mode Windows Server 2003 server, the group was divided into groups and domain local groups.

Local groups: Create a local group account. These groups account information is stored in the local Security Accounts Database ( within SAM). Local groups can only be used on the local machine. There are two types of local groups: Group systems and built-in user-created group.

Domain groups: group account information is stored in the active directory database, these groups can be used on computers throughout the domain. Domain groups can be divided into groups and distributed security group.

5 . Account set policies

By "local security policy" may increase your computer's security. Way "Local Security Policy" → user can be set through the "Start" → "Administrative Tools."

(1)  Password Policy

Click on the "Password Policy", you can find a number of password-related policies in the figure to the right, these policies can be set by double-clicking.

Password Complexity Requirements: If the setting is enabled user passwords should meet the following requirements: a minimum password length of 6 characters; password has at least the following capital English characters (AZ), lowercase characters (az), Arabic numerals (0-9) , non-alphanumeric characters (! For example:, $, #, or%) 4 characters of three kinds; password can not contain user account name in three or more than three characters, when you change your password or create a password, will force these embodiments complexity requirements. Recommendation: Enable users.

Minimum password length: determining the minimum number of characters for the password, the value set in between 0-14. If the value is set to 0, the user is allowed to use a blank password. Recommendation: The value is set to 8 characters.

Maximum password age: to determine the number of days it can be used before requiring the user to change the password. The set value may be between 0-999; if it is set to 0, the password will never expire. If the value is set too low, it may give users the trouble; if set too high or disabled, hackers will have more time to crack passwords. Recommendation: Set of 42 days.

Password minimum period of: determining the number of days before a user can change a new password must be maintained. The setting and "Enforce password history" set with the use of the number of times users can not quickly reset the password required. The value may be set between 0-999; if it is set to 0, the user can immediately change the new password. The recommended value is 2 days.

Enforce password history: the user can determine the number of reuse must use a unique new passwords before the old password. The set value may be between 0 and 24; if it is set to 0, enforce password history is disabled. For most organizations, this value should be set to 24 passwords.

(2)  Account Lockout Policy

Account Lockout Policy Reset account lockout counter including, account lockout duration, account lockout value of the three settings mode.

Account lockout value: to set in after the user logs on several times fails, the user is locked, not unlocked before the user can not re-use the login account, this value can be between 0-999. If set to 0, it means that the account will never be locked.

Lock Time Account: an account is used to set the duration of the lock, is automatically released after a time, the value range of 0-99999 minutes, if set to 0, indicating that the account will be permanently locked, will not be automatically released, this time must be made The system administrator manually lifted.

Reset account lockout counter: "account lockout counter" is used to record the number of times a user login failures, the start value is 0, if the login fails, automatic starting value plus 1, if login is successful, the counter will be cleared automatically, if the number of consecutive failed login reached a predetermined number of times, the user account will be automatically locked.

The task of implementing

1. Create a local account

Local accounts work in the local machine, only the system administrator can create users locally. For example, create a local account xiaoli concrete steps are as follows:

( 1) Select "Start" → "program" → "Administrative Tools" → "Computer Management" → "Local Users and Groups" option in the pop-up window, right-click "user", select "new user" command.

Pop-up "New User" dialog box, as shown in FIG. In turn enter the user name, password and confirm the password.

 

2 . Change Account

To change the login name of the account has been established, then → "user" list, select "Computer Management" → "Local Users and Groups", right-click the account, and select "Rename" → enter the new name. For example, the user name xiaoli changed SAM.

 3 . Delete Account

If a user leaves the company, in order to prevent other users log on using the user account, it is necessary to delete the user's account. In the "Computer Management Window", select "Local Users and Groups" → "user", select in the list, right-click the account, and select "Delete"; click "Yes" button to delete. For example, the user name SAM deleted.

4 . Disable and activate your account

 5 . Account policy settings

In the above experiment , create an account for the complexity of the password is not required, but also allow the establishment of a blank password, that there is a lot of insecurity. To increase the security of the server, you need to use the account policy, increased security. For example, set the SAM account account policies, specific requirements are as follows: Do not allow use of blank passwords; password length of at least 6 characters password contains at least uppercase, lowercase characters, digits and non-alphanumeric characters (#,%! one kind or $) 4 characters in; 3 failed login account password is automatically locked. Specific steps are as follows:

Click "Start" → "Administrative Tools" → "Local Security Policy" command, open the Local Security Settings window, click on the "Account Policies" → "Password Policy", the "Password must meet complexity requirements" Enable "minimum password length "6 characters.

Click on "Account Policies" → "Account Lockout Policy", the account lockout Ae is 3 invalid logon attempts.

 

 

 

 

Guess you like

Origin www.cnblogs.com/ferachan/p/12505746.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com