managing user accounts, passwords and logon chapter 5 powered by dj
TRANSCRIPT
Chapter Objectives
Work with User Accounts
Set a logon Passwords
Manage logon process
Configure Parental Control
Explain User Privileges
Configure User Access Control
Work with User account Control (UAC)
powered by dj
Recall
Screen resolution is measured in pixels, where each pixel represents a tiny lighted dot on the screen
The Instant search is used to search any application instantly. The application can be opened from the categorized list
Windows Aero is a more visually dynamic feature of Windows Vista
Sidebars is displays at the right side of the monitor. It contains some mini program called Gadgets
Tablet PCs are mobile PCs. It uses a pen device to enter data rather then keyboard
powered by dj
Working with User Account
Establish a relationship between a user and a computer, network or an information service
Consist of username and password
Provides Windows with the information about a particular user and the files and folders that can be accessed by that user
Allow the user to make the appropriate changes to suit their personal preferences
powered by dj
Practical Activity: Demonstrate the procedure to create a new user account through User Accounts options of Control Panel and Computer management tool. (20 min)
powered by dj
Types of User Accounts
Standard Accounts – It is required and used for everyday computing experience
Administrator Accounts – Member of the Administrators group are classified as administrator accounts
Guest Account – It is used and created for users who need temporary access to the computer or network of computers
powered by dj
Practical Activity: Demonstrate the procedure to change the account name and type. (10 min)
powered by dj
Implementing User Accounts on a Shared Computer Controlling Logins
Except one account change all other user accounts to standard accounts
Protecting all accounts with passwords
Restricting logon times
Restricting access to certain files and folders
powered by dj
Practical Activity: Demonstrate the procedure to enable and disable the Guest Account through User Accounts option of Control Panel. Demonstrate the procedure to delete an unknown account. (15 min)
powered by dj
Implementing User Accounts on a Shared Computer Restricting the amount of disk space available for
each user
Turning on the Guest account only when necessary
powered by dj
Practical Activity: Demonstrate the procedure to enable and disable the Guest Account through User Accounts option of Control Panel. Demonstrate the procedure to delete an unknown account. (15 min)
powered by dj
Setting a Logon Password
It acts as a defensive mechanism against unauthorized access to your files and folders
Guideline to create a secure password: Use at least eight characters
Use a mixture of numbers, punctuations, special characters, uppercase letters and lowercase letters
Avoid using your name or your username
Use random sequences instead of straight words, or intersperse numbers and punctuation between words
powered by dj
Practical Activity: Demonstrate the procedure to set, change and remove a password. (15 min)
powered by dj
Recovering from a Lost Password
Use when you may not remember your password
Tools for password Recovery:
Password hint
Password Reset Disk
powered by dj
Practical Activity: Demonstrate the procedure to create a password reset disk. Ask the students to perform the procedure to use a password reset disk. (15 min)
powered by dj
Enforcing Secure Password Practices
Use passwords which are difficult to crack by intruders
Change the password periodically
Set password policies to enforce password history, maximum password age, minimum password age, minimum password length, password meeting complexity requirements and store password using reversible encryption for all users in the domain
powered by dj
Practical Activity: Demonstrate the procedure to set password policies for minimum password length and password with complexity. (10 min)
powered by dj
Managing Logon Process
There is no difference in the logon experience when a user logs in to a domain, workgroup or a network
Skip the Ctrl+Alt+Delete Requirement to Logon
Bypassing Logon screen
Logging Off, Switching Users or Locking your computer
powered by dj
Practical Activity: Demonstrate the procedure to skip the Ctrl+Alt+Delete requirement and to set auto logon for a user. (4 min)
powered by dj
Parental Control
It protect children and young adult from certain websites, play games or accessing certain materials on the Internet
Parental controls can be configured for standard user accounts, administrators as well as for domain user accounts
powered by dj
Practical Activity: Demonstrate the procedure to configure Parental Controls. (10 min)
powered by dj
Parental Control
Parental Control features:
Restricting Access to Websites
Restricting Logon Hours
Controlling Access to Games
Blocking Specific Programs
Monitoring User Activities
powered by dj
Practical Activity: Demonstrate the procedure to restrict access to websites and logon hours. Demonstrate the procedure to control access to games and block access to specific programs (25min).
powered by dj
Dealing with User Account Control (UAC)
Restricts unauthorized changes
Task performed into two different groups
Standard
Administrator
The default user account is also known as Admin Approval mode
Application requires full administrator access
powered by dj
Practical Activity: Demonstrate the procedure to configure UAC settings. Ask the students to perform the procedure to change the elevation prompting behavior for standard users and disable the UAC. Ask the students to perform the procedure to disable secure desktop.(10 min)
powered by dj
Configuring User Access Control using Local Security Policies I
Admin Approval mode for Built-in Administrator Account
Behavior of elevation prompt in Admin Approval mode Prompt For Consent
Prompt For Credentials
Elevate Without Prompting
Behavior of the elevation prompt for standard users Prompt For Credentials
Automatically Deny Elevation Requests
powered by dj
Configuring User Access Control using Local Security Policies I
Detect application installations and prompt for elevation Enabled
Disabled
Only elevate executables that are signed and validated
Enabled
Disabled
Only elevate UIAccess applications that are installed in secure locations
powered by dj
Configuring User Access Control using Local Security Policies II Run all applications in Admin Approval mode
Control Switch to the Secure Desktop when prompting for elevation
Virtualized file and registry write failures to per- user locations
powered by dj
Running User Accounts as Standard User
Increases the security level by allowing administrator accounts as standard users
If the UAC is not used still a user who is logged as an administrator can install software without receiving a prompt or warning
Windows vista offer Admin Approval Mode
The Admin Approval mode requires administrator’s credentials to approve installations
powered by dj
Elevating User Privileges
UAC provides the user with an option to perform an administrator task
The four types of accounts are:
Built-in Administrator account
Administrator account
Standard Account
Built-in Guest account
powered by dj
User group and profile Group is a collection of users, computers or contact
Used for security in which it allows accessing the granted rights and permissions
User profile is a collection of settings that make the computer look and work the way user wants
The Groups folder is placed in Local Users and Groups Microsoft Management Console
The user rights are assigned in the local security policy
powered by dj
Summary I
User Accounts are required to establish a relationship between a user and a computer, network or an information service
User accounts settings can be changed by a user as and when required
Guest account is allotted to temporary users. This particular account is used to logon to the system without providing a password
The secured settings ensure protecting users data from unintentional deletions, changes as well as theft
powered by dj
Summary II
The Local security policy can be used to directly modify Account and local policies, Public key policies and IP security policy for your local computer
Setting a logon password to a user account is mandatory as it acts as a defensive mechanism against unauthorized access to your files and folders
You can set a password by pressing Ctrl+Alt+Delete which displays a screen wherein you can click Change password and then set the appropriate password
powered by dj
Summary III
Incase, you forget your password you can create a password reset disk which can be made only for a local or a stand alone computer. It cannot be created if your computer is joined to a domain
You can have only one password reset disk for a user account
Password history, minimum password age, minimum password age, length, complexity requirements and saving password with reversible encryption can be set as per requirements
powered by dj
Summary IV
The Ctrl+Alt+Delete and the logon screens can be bypassed if a user is bothered by it
User Account Control (UAC) is a technology and security feature which offers better security to a standard user while using Windows
The logon hours, access to games, blocking specific programs, monitoring user activities can be taken care of as and when required by using the Parental Control option
powered by dj