User management for getting started with Windows Server R2

Source: Internet
Author: User

Today brings the Windows Server R2 to the user management, so that everyone is more familiar with the 2008R2 workgroup user, group creation, deletion, daily management, etc., then we go directly into the text.

First, User account Overview:

"Users" is the computer's user Identity mapping in the computer system, different user identities have different permissions , each user contains a name and a password ;

In Windows, each user account has a unique security identifier (IDENTIFIER,SID), and the user's permissions are logged by the user's SID. The format of the SID is as follows: s-1-5-21-3277649422-2592888033-1324599837-500

Note: The SID of each user can be produced in the registry.

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows The NT\CurrentVersion\ProfileList item, where the subkey name is the user's SID.

650) this.width=650; "height=" 211 "src=" Http://s3.51cto.com/wyfs02/M00/6C/B6/wKioL1VQyJGhGaBZAADuibaIhBI480.jpg " alt= "Wkiol1vqyjghgabzaaduibaihbi480.jpg"/>

1 , user management :

Multiple user accounts need to be created when a computer needs to be available to multiple people, or to allow others to access the computer over the network, and to assign different permissions to different users, such as shutting down the system, modifying the permissions of the system time, accessing the file's permissions (read-only or modifiable).

Open Server Manager--Configure--Local Users and Groups--users:

650) this.width=650; "height=" 416 "src=" http://s3.51cto.com/wyfs02/M00/6C/BB/wKiom1VQxxrCb4VAAABBzW5ayNw445.jpg " alt= "Wkiom1vqxxrcb4vaaabbzw5aynw445.jpg"/>

650) this.width=650; "height=" 414 "src=" http://s3.51cto.com/wyfs02/M01/6C/B6/wKioL1VQyJiCKAO7AAD9245cTXM202.jpg " alt= "Wkiol1vqyjickao7aad9245ctxm202.jpg"/>

2 , create users :

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M01/6C/BB/wKiom1VQxyKAJOd8AAETUbO5TX0904.jpg " alt= "Wkiom1vqxykajod8aaetubo5tx0904.jpg"/>

650) this.width=650; "height=" 383 "src=" Http://s3.51cto.com/wyfs02/M02/6C/BB/wKiom1VQxyagPv2FAAFjw1g3LeE213.jpg " alt= "Wkiom1vqxyagpv2faafjw1g3lee213.jpg"/>

If you later change the user settings, you can click the corresponding user right mouse button to select Properties for editing:

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M00/6C/B6/wKioL1VQyKPSIfR_AAEylDMyzwo153.jpg " alt= "Wkiol1vqykpsifr_aaeyldmyzwo153.jpg"/>

650) this.width=650; "height=" 415 "src=" http://s3.51cto.com/wyfs02/M00/6C/BB/wKiom1VQxy3xHHuWAAFFA25t25s986.jpg " alt= "Wkiom1vqxy3xhhuwaaffa25t25s986.jpg"/>

3 , delete users:

You can select Delete by right-clicking the user name or select the user and click on the red X:

650) this.width=650; "height=" 385 "src=" http://s3.51cto.com/wyfs02/M01/6C/B6/wKioL1VQyKrQFAZfAAEMHsoiYl8378.jpg " alt= "Wkiol1vqykrqfazfaaemhsoiyl8378.jpg"/>

650) this.width=650; "height=" 188 "src=" Http://s3.51cto.com/wyfs02/M01/6C/BB/wKiom1VQxzSwZv3mAADJYZPNEDE571.jpg " alt= "Wkiom1vqxzswzv3maadjyzpnede571.jpg"/>

4 , set permissions for the user:

Eg: Give the new user User01 permission to shut down the system and change the system time:

First click on the Start menu-Administrative Tools-to open the local security policy:

650) this.width=650; "height=" 415 "src=" http://s3.51cto.com/wyfs02/M02/6C/B6/wKioL1VQyLOQiIaAAAD4sWOdq8I454.jpg " alt= "Wkiol1vqyloqiiaaaad4swodq8i454.jpg"/>

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M02/6C/BB/wKiom1VQxz2yaDi0AAD10BJsOkQ878.jpg " alt= "Wkiom1vqxz2yadi0aad10bjsokq878.jpg"/>

Select security Settings-Local policy-User rights assignment:

650) this.width=650; "height=" 385 "src=" http://s3.51cto.com/wyfs02/M00/6C/B6/wKioL1VQyLuDAF3vAAGLT-cs2qU743.jpg " alt= "Wkiol1vqyludaf3vaaglt-cs2qu743.jpg"/>

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M00/6C/BB/wKiom1VQx0ix12aaAAE6J5kmqwE995.jpg " alt= "Wkiom1vqx0ix12aaaae6j5kmqwe995.jpg"/>

650) this.width=650; "height=" 385 "src=" http://s3.51cto.com/wyfs02/M01/6C/B6/wKioL1VQyMTxF6OCAAFlz0AFbs8106.jpg " alt= "Wkiol1vqymtxf6ocaaflz0afbs8106.jpg"/>

650) this.width=650; "height=" 462 "src=" http://s3.51cto.com/wyfs02/M01/6C/BB/wKiom1VQx06RV4cbAADBx45FB2s486.jpg " alt= "Wkiom1vqx06rv4cbaadbx45fb2s486.jpg"/>

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M00/6C/BB/wKiom1VQx1GgJKPxAAFe3JQDzHk130.jpg " alt= "Wkiom1vqx1ggjkpxaafe3jqdzhk130.jpg"/>

650) this.width=650; "height=" 385 "src=" http://s3.51cto.com/wyfs02/M02/6C/B6/wKioL1VQyM7B8IPQAAG76S1hb8w935.jpg " alt= "Wkiol1vqym7b8ipqaag76s1hb8w935.jpg"/>

Second, built-in user accounts:

Used for special purposes and generally do not need to change their permissions

L user accounts associated with the consumer

? Administrator: Is the default administrator user, with the highest permissions in all accounts associated with the consumer. In the absence of other administrator accounts, it is recommended that you do not disable this account. In order to ensure the security of the computer system, it is also not recommended to tell other users the administrator password.

? Guest: is available to visitors who do not have a user account. The account is disabled by default.

L user accounts associated with Windows components:

? System (Local System): This account is independent of the person who uses the computer and provides permissions for resources such as accessing files for the core components of Windows. These core components include Csrss.exe (client server runtime process), Lsass.exe (Local security authority process), and so on. The system has permissions higher than administrator.

? The LOCAL service account has nothing to do with the person who uses the computer, but rather provides access to the system for a subset of Windows services. The LOCAL service account has the same permissions as users, and once these services are compromised, there is no access to the system's important locations.

? The NETWORK service account is consistent with the local service account and provides access to the system for a subset of Windows services. The difference between the two is that when a computer joins a Windows domain, the local Network Service account is displaced with a different user identity on the other computer on the other computers.

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M02/6C/BB/wKiom1VQx1ix5SypAAIngD6g-aM780.jpg " alt= "Wkiom1vqx1ix5sypaaingd6g-am780.jpg"/>

650) this.width=650; "height=" 478 "src=" http://s3.51cto.com/wyfs02/M00/6C/B6/wKioL1VQyNbB6R-hAAL_DX8fJCo033.jpg " alt= "Wkiol1vqynbb6r-haal_dx8fjco033.jpg"/>

Iii. Management Group Accounts:

group accounts: groups are collections of users who automatically have the permissions set for the group

1 , new group:

Open Server Manager--Configure--Local Users and Groups--group:

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M00/6C/BB/wKiom1VQx2Gi5R4TAAHCWcL9ars302.jpg " alt= "Wkiom1vqx2gi5r4taahcwcl9ars302.jpg"/>

650) this.width=650; "height=" 374 "src=" http://s3.51cto.com/wyfs02/M01/6C/B6/wKioL1VQyN-gF6AjAAHs5BXEOa4520.jpg " alt= "Wkiol1vqyn-gf6ajaahs5bxeoa4520.jpg"/>

650) this.width=650; "height=" 375 "src=" http://s3.51cto.com/wyfs02/M01/6C/BB/wKiom1VQx2jw_QEeAAEZn6PyR9w742.jpg " alt= "Wkiom1vqx2jw_qeeaaezn6pyr9w742.jpg"/>

2 , add group members:

650) this.width=650; "height=" 383 "src=" Http://s3.51cto.com/wyfs02/M02/6C/B6/wKioL1VQyOWBGGx2AAEixrBWokA257.jpg " alt= "Wkiol1vqyowbggx2aaeixrbwoka257.jpg"/>

650) this.width=650; "height=" 384 "src=" http://s3.51cto.com/wyfs02/M02/6C/BB/wKiom1VQx2-D3UyhAAEfYvX_8q0737.jpg " alt= "Wkiom1vqx2-d3uyhaaefyvx_8q0737.jpg"/>

650) this.width=650; "height=" 351 "src=" Http://s3.51cto.com/wyfs02/M00/6C/B6/wKioL1VQyOuiJuFPAACrqMJbqi8661.jpg " alt= "Wkiol1vqyouijufpaacrqmjbqi8661.jpg"/>

650) this.width=650; "height=" 386 "src=" http://s3.51cto.com/wyfs02/M00/6C/BB/wKiom1VQx3TiUEwbAAF1yNYp3HI534.jpg " alt= "Wkiom1vqx3tiuewbaaf1ynyp3hi534.jpg"/>

3 , delete group:

650) this.width=650; "height=" 387 "src=" http://s3.51cto.com/wyfs02/M01/6C/B6/wKioL1VQyPHiHESDAAHEB-X3CSg227.jpg " alt= "Wkiol1vqyphihesdaaheb-x3csg227.jpg"/>

650) this.width=650; "height=" 385 "src=" http://s3.51cto.com/wyfs02/M01/6C/BB/wKiom1VQx3vgGIJCAAFS2SZ645s906.jpg " alt= "Wkiom1vqx3vggijcaafs2sz645s906.jpg"/>

4 , set permissions for the group:

650) this.width=650; "height=" 383 "src=" Http://s3.51cto.com/wyfs02/M02/6C/B6/wKioL1VQyPfym3coAAFQOxJTW7A361.jpg " alt= "Wkiol1vqypfym3coaafqoxjtw7a361.jpg"/>

Built-in group accounts:

Built-in groups that need to be added manually:

Administrators (Administrators group), Guests (Guest group), Power Users (special group compatible with lower versions), users (standard users);

Built-in groups that dynamically contain members:

Its members are "automatically added" by Windows programs;Windows determines the group to which the user belongs based on the user's state, and the members of the group change dynamically and cannot be modified.

Interactive: Dynamic inclusion of locally logged-on users;

Authenticated Users: Dynamically includes authenticated user, does not include guest user;

Everyone: Contains any users that are frequently used when setting open permissions.

Add:

NO1, user Change password mode : 1. User changes; 2. The administrator sets the password for the user;

No2, viewing the current logged on user SID: Whoami/user

650) this.width=650; "height=" 222 "src=" Http://s3.51cto.com/wyfs02/M01/6C/B6/wKioL1VQyPvzuITvAADqZs-qHPA212.jpg " alt= "Wkiol1vqypvzuitvaadqzs-qhpa212.jpg"/>

Report:

There are three ways to use WhoAmI:

Grammar 1:whoami [/UPN |/fqdn |/logonid]

Syntax 2:whoami {[/user] [/groups] [/claims] [/priv]} [/fo format] [/NH]

Syntax 3:whoami/all [/fo format] [/NH]

Describe:

This tool can be used to obtain user name and group information for the current user (access token) on the local system, as well as the appropriate security identifiers (SIDs), claims, permissions for current users on the local system, login identifiers (login IDs). For example, who is the currently logged on user, user name.

Parameter list:

/UPN: Displays the user name name (UPN) format in the user Principal format.

/fqdn: Displays the user name Distinguished name (FQDN) format in the fully qualified (Fully qualified) format.

/USER: Displays information about the current user and the security identifier (SID).

/groups: Displays the group member information, account type, and security, identifier (SID), and attributes for the current user.

/claims: Displays the current user's claims, including the claim name, flag, type, and value.

/PRIV: Displays security privileges for the current user

/logonid: Displays the login ID of the current user.

/ALL: Displays the current user name, the group to which it belongs, and the identifier (SID), claims, and permissions of the current user access token for the security level.

The/FO format specifies the output format to display. Valid values are TABLE, LIST, CSV. The default format is TABLE.

No3 , command line Create User: Net user User name password/add

650) this.width=650; "height=" "src=" http://s3.51cto.com/wyfs02/M02/6C/BB/wKiom1VQx4aws5l1AAFmbwhilcA439.jpg " alt= "Wkiom1vqx4aws5l1aafmbwhilca439.jpg"/>

command Line Delete created User: Net user User name/del

command line change created user password: NET user User name Password

650) this.width=650; "height=" src= "Http://s3.51cto.com/wyfs02/M00/6C/B6/wKioL1VQyQKBA8diAAEjQcQDB6Y634.jpg" alt= "Wkiol1vqyqkba8diaaejqcqdb6y634.jpg"/>

No4 , command line create group:

Create group: net localgroup Group name/add

Delete Group: net localgroup Group name/del

Add user to group: net localgroup Group name User name/add

650) this.width=650; "height=" 263 "src=" http://s3.51cto.com/wyfs02/M00/6C/BB/wKiom1VQx4zT6LvaAAEIpV8Eqk8028.jpg " alt= "Wkiom1vqx4zt6lvaaaeipv8eqk8028.jpg"/>

No5, relative to the user, the Administrator authority is the highest, compared to the system, the authority of the most.


This period of time work is busy, may update the article speed and the content of the article may be slightly discounted, hehe, please understand, I will supplement the correction as soon as possible, if there are errors also ask you to put forward criticism in time. Thank you.

This article is from the "Heard" blog, please make sure to keep this source http://wenzhongxiang.blog.51cto.com/6370734/1650427

User management for getting started with Windows Server R2

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.