User setup on a windows 2003 server

How are users setup on a windows 2003 server?  Are they added into groups? How do user profiles work on a widows 2003 server?  
mutec1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
How is your server setup?  A domain or workgroup?
0
mutec1Author Commented:
Domain
0
Nishant_pritamCommented:
In domain invironment users are added to Active Directory (AD) and they can login from any computer which is a part of that domain. First of all I am telling you hou to add a user account to AD. As you might noticed that after making your windows 2003 server a domain controler you cannot add user from computer management => Local users and group, now you have to add users from “Active Directory Users and Computers” manegment console. Here are the steps

Login to the server with administrator account

Click Start, highlight "Administrative Tools" and select "Active Directory Users and Computers”
Now, expand your domain name on the left side, and go to the bottom where it says "Users".  Once you click on that, you will see all of the automatically created users; you will also see all of the users you made before you made your server a domain controller - that's because they all stay through the promotion to DC.  Anyway, to add a user, you can right click the "Users" folder on the left side, or the blank area on the right side, and highlight "New" then click "User"

In the next dialog we can set the user's First name, Last name and various other pieces of information, including their log-on name, and domain to which we want to add them

After clicking "Next" you are presented with the password-settings screen.  You can set the user's password and then have them change it on their first log-on by selecting "User must change password at next logon".  Or you can user set their password, and not allow them to ever change it without asking the administrator to change it for them (commonly this is done for shared account).

In the next dialog, we get a summary of the user to be created.  Click "Finish" and the user has been created

Now to logon with this account you have to join other computers in your network this domain. Here are the steps to joining a Windows XP computer to domain.

Click Start, right click "My Computer" and click "Properties"

Go to the "Computer Name" tab and click "Change..."

Select the "Domain" radio button then put in your domain name, not including the. Extension (for if example If your domain name is "test.local" than when joining the computer to a domain, you will only type "test")

Press "OK".  Then you will be presented with a user name and password prompt.  Enter the user name and password of a Domain Administrator

Press "OK" and after a minute or two you will receive a message welcoming you to the domain.  Then you will receive a message telling you that a reboot is required; click "OK" to that, and the properties window.  Then click "Yes" when you are prompted to reboot.

Additive:

After the XP computer boots to Control-Alt-Delete you may need to change it from logging onto itself (which will use the local info) to logging onto the domain.  To do this, press Ctrl-Alt-Del, then the "Options >>>" button on the log on screen.  Then select the domain from the drop-down box
Some things to note about adding a Windows XP computer to a domain are the following:
•      You need Windows XP Professional to join a XP computer to a domain.  Home can't be used fully for this
•      You will loose the "fancy" log on screen and you will receive the "classic" log on screen instead.  This is for security and cannot be changed, unless you revert to workgroup mode
•      You will loose the "Fast User Switching".  This cannot be restored, except by reverting back to workgroup mode.
To add users to group open "Active Directory Users and Computers” management console nevigate and select that user, right click on it select properties
Click on member of TAB now you can add this user to as many groups as you want, alternatively you can choose members from group properties. Profiles are by default stored locally you can store them on server by creating a roaming profile.
References:
http://www.visualwin.com/New-User-AD/
http://www.visualwin.com/New-Computer-AD/
http://www.visualwin.com/AD-XP/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

mutec1Author Commented:
Not sure how groups are setup and how users are added to those groups.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
In the future if you provide a context in the question and details you could have answers faster.
0
mutec1Author Commented:
Thanks
0
Nishant_pritamCommented:
Once Windows Server 2003 is installed and promoted to a domain controller several default domain local groups are created. Each of the groups are automatically assigned certain rights and adding a user to one of these built in groups will give them the right to perform specific tasks. You can use these default groups or you can create new ones based on your administrative model and practices. If you do add a user to one of these groups, make sure to review the rights assigned to them before hand to ensure you aren’t giving a user more administrative power than they need.

The default domain local groups within the Built-in container are described below.

Account Operators: Members of the account operators group can create, modify, and delete user, group and computer accounts with the exception of those accounts located within the Built-in folder and the Domain Controllers OU.

Administrators: Members of this group have full control within the domain.
Backup Operators: Members of this group can backup and restore data on all domain controllers within the domain.

Guests: Members of this group have limited access to the network.
Incoming Forest Trust Builders: Members of this group have the right to create one-way incoming trusts to the domain.

Network Configuration Operators: Members of this group can make changes to TCP/IP settings on all domain controllers within the domain.

Performance Log Users: Members of this group have access to schedule logging of performance counters on all domain controllers within the domain.

Performance Monitor Users: Members of this group have the right to monitor domain controllers.

Pre-Windows Compatible Access: This group if for backwards compatibility with Windows NT 4.0. Members of this group have read access on all user and group accounts within the domain.

Print Operators: Members are permitted to administer all domain printers.

Remote Desktop Users: Members have the right to remotely logon to domain controllers.

Replicator: This group is used by the file replication service to support directory replication.
Server Operators: Members of this group have the right to administer servers within the domain. They can perform tasks such as backup and restore data, log on locally, stop and start network services, format hard drives, and shut down the system.

Users: Members of this group have limited ability within a domain.

References:

http://support.microsoft.com/kb/816302/
http://technet2.microsoft.com/WindowsServer/en/library/f6e01e51-14ea-48f4-97fc-5288a9a4a9b11033.mspx?pf=true
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware

From novice to tech pro — start learning today.