Virtualization Infrastructure Windows 2008 2-Domain Users and domain user groups management

1.3 Domain user and domain user group management

The computer is the electronic device simulating the real life, similarly, the networked computer also simulates the relationship and intercourse between human beings in the objective world. In the real world, everyone has an identity, each person's identity determines his work and terms of reference. And in the computer network also has a representative "identity" name, called "User". The user's permission is different, determines the user to the computer and the network control ability and the scope also varies. There are two types of users: a local user account that can only be used to access the local computer (or access the computer using a remote computer), and a domain user account that can access all the computers on the network.

1.3.1 Naming conventions

In a corporate network, everyone who uses a computer should have a user account that can use the resources specified in the enterprise network through their own accounts to accomplish the tasks that correspond to them. In addition to each person having a user account, there may be some corresponding services provided for this user, such as Enterprise email service, Enterprise office automation login account and so on. Therefore, it is often used in a uniform way to name it so that users of the computer can remember their user name. In addition, the user name is usually also corresponding to the e-mail provided by the enterprise (for example, the user name ZS, corporate email is [email protected]).

Naming habits are usually as follows:

· For a computer, if the computer is dedicated to a person to use, the name of the computer is named after the person, if the computer is a few people to share, then the name of the department, if there are multiple computers in a department, in the name of the same time add the serial number.

· For each consumer, it is usually abbreviated with the full name + "name" of its "last name", such as the Zhang San user named Zhangs.

· If you use the abbreviation after the "duplicate name" phenomenon, you can use the names of users.

1.3.2 Password Requirements

In previous Windows 2000 networks, there was no strength requirement for passwords, and users were able to use passwords based on their habits and which passwords they could use according to their habits. But as network security becomes more and more important, the Windows Server 2008 Network has new requirements for passwords. Users must not only set up and use their own password, but also the password to meet the following requirements.

· Cannot contain the user's account name and cannot contain more than two consecutive characters in the user's name.

L is at least 6 characters in length.

· Contains the 3 types of characters in the following 4 types of characters:

? English capital letters (A ~ Z).

? English lowercase letters (a ~ z).

? 10 Basic Numbers (0 ~ 9).

? Non-alphabetic characters (such as!, $, #,%).

Perform complexity requirements when changing or creating a password. For local user accounts or for computers that have modified the Windows Server 2008 default Group Policy, their user passwords can be set arbitrarily.

When you upgrade your computer to an Active Directory server, the original local Users and Groups management tool will no longer exist, and use Active Directory Users and Computers for unified management, and the original local user will be migrated to the active Directory user, and has more properties.

Active Directory Users can use the entire network they belong to or the network to which they have established a trust relationship.

1.3.3 Creating a domain user account

To create a domain user account, follow these steps:

(1) Log in to the server as an administrator (Administrator account), open the Active directory Users and Computers console from the administrative Tools, as shown in 1-13. Users and user groups in the domain are saved in heinfo.local (domain name) in Active directory Users and Computers. You can create new users and user groups in users, or you can create OUs (organizational units) under the heinfo.local domain, and then create users and user groups in the OU.

650) this.width=650; "height=" 380 "title=" clip_image002 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/ M02/83/6e/wkiol1dzbduhcashaadijsasxb4392.jpg "border=" 0 "/>

Figure 1-13 Active Directory Users and Computers

(2) Right-click in the Blank pane on the right side of users, or right-click on users, and choose new → user from the shortcut menu to open the New Object-user dialog box, 1-14. Enter the user name you want to create in the name text box, such as WS01, enter WS01 in the user login text box, and the others may not be entered.

(3) Click the "Next" button to display the dialog shown in Figure 1-15, enter the new password in the "password" and "Confirm Password" text boxes (note that the user password must comply with the Windows strong password requirements, see section 1.3.2 for details), set the user's login properties according to the actual situation.

650) this.width=650; "height=" 448 "title=" clip_image004 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/ M00/83/6f/wkiom1dzbdzyrsnsaac1-1ouoyi602.jpg "border=" 0 "/>

650) this.width=650; "height=" 449 "title=" clip_image006 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/ M01/83/6f/wkiom1dzbd3zu4rlaacq8rkaljw302.jpg "border=" 0 "/>

Figure 1-14 Creating a user Figure 1-15 setting a password

(4) Click the "Next" button to create the user complete, as shown in 1-16. If the user password that you set meets Windows requirements, the Active directory Users and Computers console is returned when you click the Finish button, and the dialog box shown in Figure 1-17 is displayed if you do not meet the requirements. You can return and reset the password that meets the requirements before continuing to create the user.

650) this.width=650; "height=" 445 "title=" clip_image008 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/ M02/83/6f/wkiom1dzbeaa7t6zaacjphyl_xg009.jpg "border=" 0 "/>

650) this.width=650; "height=" 212 "title=" clip_image010 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/ M00/83/6e/wkiol1dzbeebbwloaabmecfffl0347.jpg "border=" 0 "/>
Figure 1-16 Creating a user complete figure 1-17 password does not meet the requirements

1.3.4 setting the properties of a domain user account

In addition to having all the properties of a local user account, the domain user account also has some other attributes, such as the user's address, phone number, unit, and so on, and can also set the user's logon time, the computer to log on to, and so on. This section describes how to set the logon time for a user and the computer that is logged on to.

650) this.width=650; "height=" 260 "title=" clip_image012 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/ M01/83/6e/wkiol1dzbblgjyr8aaao5rudbx8362.gif "border=" 0 "hspace="/>1. Set Logon Hours

If you want to set the login time for your account, you can do this by following these steps:

(1) Select the user to set the logon time, right-click and select Properties on the shortcut menu to open the User Properties dialog box, 1-18.

(2) Select the "Account" tab, click the "Login Time" button to open the Login Time Settings dialog box. The default allow logon time is all. The logon hours that can be set are divided from Monday to Sunday, 24 hours per day, and one set interval per hour. With the mouse selected area, select the "Allow login" or "Deny Login" radio button can be set to allow or deny login, shown in 1-19. Figure 1-20 shows the setup of 8:00~18:00 and Saturday 18:00~24:00 for every Monday to Friday, allowing logons to be allowed at other times.

650) this.width=650; "height=" 328 "title=" clip_image014 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/ M00/83/6f/wkiom1dzbb7czaq8aadgr73s5g0347.jpg "border=" 0 "/>

650) this.width=650; "height=" 329 "title=" clip_image016 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/ M01/83/6f/wkiom1dzbb_ggapkaacqc9xoxqi516.jpg "border=" 0 "/>

Figure 1-19 Login time setting figure 1-20 logon time

(3) Click the OK button to return when the settings are complete.

2. To set the computer to log on to

If the specified account is logged on at the specified computer, you can set it as follows:

(1) In the Account tab of the User Properties dialog box, click the Log on to button (see Figure 1-18), which displays the Log in Workstation dialog box, shown in 1-21. The All Computers radio button is selected by default to allow the user to log on to all computers.

(2) If you want to set up a computer that allows you to log on, select the following Computer radio button, enter the name of the computer in the Computer Name text box that allows this user to log on to, and click the Add button to add it to the list. You can add more than one computer to the list, as shown in 1-22.

650) this.width=650; "height=" 583 "title=" clip_image018 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image018 "src=" http://s3.51cto.com/wyfs02/ M02/83/6e/wkiol1dzbccguq6waaddnofl55m610.jpg "border=" 0 "/>

650) this.width=650; "height=" 586 "title=" clip_image020 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image020 "src=" http://s3.51cto.com/wyfs02/ M02/83/6f/wkiom1dzbckz3xffaadtdj1i0k0429.jpg "border=" 0 "/>

Figure 1-21 Logging into the computer figure 1-22 Adding a computer

(3) Click the "OK" button to save the settings and return.

1.3.5 Other operations

In the Active directory Users and Computers window, select a user, right-click, and display the shortcut menu, 1-23, to complete actions such as adding to groups, disabling and starting, resetting passwords, moving, copying, deleting, and renaming.

650) this.width=650; "height=" 365 "title=" clip_image022 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image022 "src=" http://s3.51cto.com/wyfs02/ M00/83/6e/wkiol1dzbcobvrcuaaeaa904vji844.jpg "border=" 0 "/>

Figure 1-23 shortcut menu

1. Add to Group

If you select the Add to Group command from the shortcut menu, the Select Group dialog box, shown in Figure 1-24, is displayed, and you can add users to other user groups.

2. disabling accounts

If you select the "Disable Account" command from the shortcut menu, this account login will be disabled.

3. Reset Password

Select the Reset Password command from the shortcut menu to reset the user's password, as shown in 1-25.

650) this.width=650; "height=" 304 "title=" clip_image024 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image024 "src=" http://s3.51cto.com/wyfs02/ M00/83/6f/wkiom1dzbcsr-3ejaacegpiwhjk971.jpg "border=" 0 "/>

650) this.width=650; "height=" 353 "title=" clip_image026 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image026 "src=" http://s3.51cto.com/wyfs02/ M01/83/6e/wkiol1dzbcxjcvq5aacwjws9myw010.jpg "border=" 0 "/>

Figure 1-24 Adding a user to a group 1-25 reset password

4. Move

Select the Move command from the shortcut menu to move the user to another group, as shown in 1-26.

5. Copy

If you choose the Copy command from the shortcut menu, the Create User dialog box shown in Figure 1-27 is displayed. Enter the information for the new user (user name, login name), click the Next button, display the Set Password dialog box, set the password, after the replication user finishes, the system creates a user with the same attributes as the selected user.

650) this.width=650; "height=" 526 "title=" clip_image028 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image028 "src=" http://s3.51cto.com/wyfs02/ M02/83/6e/wkiol1dzbdsq2hr6aacbxut5uxq559.jpg "border=" 0 "/>

650) this.width=650; "height=" 447 "title=" clip_image030 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image030 "src=" http://s3.51cto.com/wyfs02/ M02/83/6f/wkiom1dzbdxjo7ntaacxnpjlcbm260.jpg "border=" 0 "/>
Figure 1-26 Moving an object figure 1-27 copying a user

The copied user has the same permissions as the copied user and belongs to the user group.

6. Open a page or send a message

If you select the "Open Home" command on the shortcut menu, the user's home page will open and the message will be sent to this user by selecting Send mail from the shortcut menu. The premise of using these two items is that they have been set in the user's properties.

7. Delete

Select the Delete command on the shortcut menu to delete the selected user.

8. Renaming

You can change the display name of the selected user by selecting the Rename command on the shortcut menu.

1.3.6 Creating a domain user group

In the Active directory Users and Computers window, select Users, right-click in the Blank pane on the right, display the shortcut menu shown in Figure 1-28, and choose new → group to display the New User Group dialog box, 1-29.

650) this.width=650; "height=" 362 "title=" clip_image032 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image032 "src=" http://s3.51cto.com/wyfs02/ M01/83/6e/wkiol1dzbzpqkj1caaecpwksndw252.jpg "border=" 0 "/>

650) this.width=650; "height=" 449 "title=" clip_image034 "style=" border:0px;padding-top:0px;padding-right:0px; Padding-left:0px;background-image:none, "alt=" clip_image034 "src=" http://s3.51cto.com/wyfs02/M01/83/70/ Wkiom1dzbzsq35n2aaclnbeknxq073.jpg "border=" 0 "/>

Figure 1-28 New group 1-29 new user groups

Enter the group name in the group name and group name (previous versions of Windows 2000) text box, select the appropriate type from the group scope and group type options area, and click OK to complete the creation of the user group.

After reading the article, please vote for my vote (Wang Chunhai), thank you

Http://edu.51cto.com/activityvote/voteRanking

This article from "Wang Chunhai Blog" blog, reproduced please contact the author!

Virtualization Infrastructure Windows 2008 2-Domain Users and domain user groups management