Solved

User setup on a windows 2003 server

Posted on 2007-04-10
7
295 Views
Last Modified: 2013-12-27
How are users setup on a windows 2003 server?  Are they added into groups? How do user profiles work on a widows 2003 server?  
0
Comment
Question by:mutec1
  • 3
  • 2
  • 2
7 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18884376
How is your server setup?  A domain or workgroup?
0
 

Author Comment

by:mutec1
ID: 18885371
Domain
0
 
LVL 1

Accepted Solution

by:
Nishant_pritam earned 250 total points
ID: 18887842
In domain invironment users are added to Active Directory (AD) and they can login from any computer which is a part of that domain. First of all I am telling you hou to add a user account to AD. As you might noticed that after making your windows 2003 server a domain controler you cannot add user from computer management => Local users and group, now you have to add users from “Active Directory Users and Computers” manegment console. Here are the steps

Login to the server with administrator account

Click Start, highlight "Administrative Tools" and select "Active Directory Users and Computers”
Now, expand your domain name on the left side, and go to the bottom where it says "Users".  Once you click on that, you will see all of the automatically created users; you will also see all of the users you made before you made your server a domain controller - that's because they all stay through the promotion to DC.  Anyway, to add a user, you can right click the "Users" folder on the left side, or the blank area on the right side, and highlight "New" then click "User"

In the next dialog we can set the user's First name, Last name and various other pieces of information, including their log-on name, and domain to which we want to add them

After clicking "Next" you are presented with the password-settings screen.  You can set the user's password and then have them change it on their first log-on by selecting "User must change password at next logon".  Or you can user set their password, and not allow them to ever change it without asking the administrator to change it for them (commonly this is done for shared account).

In the next dialog, we get a summary of the user to be created.  Click "Finish" and the user has been created

Now to logon with this account you have to join other computers in your network this domain. Here are the steps to joining a Windows XP computer to domain.

Click Start, right click "My Computer" and click "Properties"

Go to the "Computer Name" tab and click "Change..."

Select the "Domain" radio button then put in your domain name, not including the. Extension (for if example If your domain name is "test.local" than when joining the computer to a domain, you will only type "test")

Press "OK".  Then you will be presented with a user name and password prompt.  Enter the user name and password of a Domain Administrator

Press "OK" and after a minute or two you will receive a message welcoming you to the domain.  Then you will receive a message telling you that a reboot is required; click "OK" to that, and the properties window.  Then click "Yes" when you are prompted to reboot.

Additive:

After the XP computer boots to Control-Alt-Delete you may need to change it from logging onto itself (which will use the local info) to logging onto the domain.  To do this, press Ctrl-Alt-Del, then the "Options >>>" button on the log on screen.  Then select the domain from the drop-down box
Some things to note about adding a Windows XP computer to a domain are the following:
•      You need Windows XP Professional to join a XP computer to a domain.  Home can't be used fully for this
•      You will loose the "fancy" log on screen and you will receive the "classic" log on screen instead.  This is for security and cannot be changed, unless you revert to workgroup mode
•      You will loose the "Fast User Switching".  This cannot be restored, except by reverting back to workgroup mode.
To add users to group open "Active Directory Users and Computers” management console nevigate and select that user, right click on it select properties
Click on member of TAB now you can add this user to as many groups as you want, alternatively you can choose members from group properties. Profiles are by default stored locally you can store them on server by creating a roaming profile.
References:
http://www.visualwin.com/New-User-AD/
http://www.visualwin.com/New-Computer-AD/
http://www.visualwin.com/AD-XP/
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:mutec1
ID: 18890666
Not sure how groups are setup and how users are added to those groups.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18890714
In the future if you provide a context in the question and details you could have answers faster.
0
 

Author Comment

by:mutec1
ID: 18890919
Thanks
0
 
LVL 1

Expert Comment

by:Nishant_pritam
ID: 18895656
Once Windows Server 2003 is installed and promoted to a domain controller several default domain local groups are created. Each of the groups are automatically assigned certain rights and adding a user to one of these built in groups will give them the right to perform specific tasks. You can use these default groups or you can create new ones based on your administrative model and practices. If you do add a user to one of these groups, make sure to review the rights assigned to them before hand to ensure you aren’t giving a user more administrative power than they need.

The default domain local groups within the Built-in container are described below.

Account Operators: Members of the account operators group can create, modify, and delete user, group and computer accounts with the exception of those accounts located within the Built-in folder and the Domain Controllers OU.

Administrators: Members of this group have full control within the domain.
Backup Operators: Members of this group can backup and restore data on all domain controllers within the domain.

Guests: Members of this group have limited access to the network.
Incoming Forest Trust Builders: Members of this group have the right to create one-way incoming trusts to the domain.

Network Configuration Operators: Members of this group can make changes to TCP/IP settings on all domain controllers within the domain.

Performance Log Users: Members of this group have access to schedule logging of performance counters on all domain controllers within the domain.

Performance Monitor Users: Members of this group have the right to monitor domain controllers.

Pre-Windows Compatible Access: This group if for backwards compatibility with Windows NT 4.0. Members of this group have read access on all user and group accounts within the domain.

Print Operators: Members are permitted to administer all domain printers.

Remote Desktop Users: Members have the right to remotely logon to domain controllers.

Replicator: This group is used by the file replication service to support directory replication.
Server Operators: Members of this group have the right to administer servers within the domain. They can perform tasks such as backup and restore data, log on locally, stop and start network services, format hard drives, and shut down the system.

Users: Members of this group have limited ability within a domain.

References:

http://support.microsoft.com/kb/816302/
http://technet2.microsoft.com/WindowsServer/en/library/f6e01e51-14ea-48f4-97fc-5288a9a4a9b11033.mspx?pf=true
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now