2.2ACCOUNTS FROM THE PERSPECTIVE OF AN ACTIVE DIRECTORY DOMAIN ENVIR...

1. - MCSA MCSE EXAM 70 292 STUDY GUIDE PHẦN 2 POT 1. - MCSA MCSE EXAM 70 292 STUDY GUIDE PHẦN 2 POT
MCSA MCSE EXAM 70 292 STUDY GUIDE PHẦN 2 POT

1.2.2

accounts from the perspective of an Active Directory domain environment.Before discussing creating and managing user accounts, let’s examine the default useraccounts that are found in the Windows Server 2003 environment.

Default User Accounts

Several default user accounts are created during the installation of Windows Server 2003and the creation of an Active Directory domain.Table 1.6 lists the most common defaultuser accounts that are created, although several more may be created depending on the spe-cific applications and services installed on the computer.

Table 1.6

The Default User AccountsUser Name User DescriptionAdministrator A built-in account that is provided for administering the computer and domain. This account is a member of the following groups: Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners, and Schema Admins.Guest A built-in account that is used for guest access to the com-puter and domain. This account is a member of the fol-lowing groups: Domain Guests and Guests. The guest account is disabled by default.IUSR_computername A built-in account that is used to allow anonymous access to Internet Information Services (IIS) resources. This account is a member of the following groups: Domain Users and Guests.IWAM_computername A built-in account that is used by IIS to start out-of-process applications. This account is a member of the following groups: Domain Users and IIS_WPG.krbtgt A built-in account that serves as the Kerberos Key Distribution Center (KDC) service account. This account is a member of the Domain Users group.SUPPORT_xxxxxxxx A built-in account that is used for the Help and Support Service. This account is a member of the following groups: Domain Users and HelpServicesGroup. The SUPPORT

Managing and Modifying User Accounts

It is fairly safe to say that, in most cases, a network administrator will work with useraccounts on a daily basis in most networks. Users are the lifeblood of a network—the veryreason the network exists is to provide information and other resources to users in a secureand efficient way. As such, there are several common tasks to perform when administeringuser accounts:

Creating new user accounts

Resetting a user account password

Copying a user account

Disabling or enabling a user account

Configuring user account properties

Deleting user accounts

Assigning user rights and permissions to a user accountEach of these tasks is discussed in the following sections.We will also examine usingtwo additional command line-based utilities to perform bulk import and export of ActiveDirectory information, including user accounts.

Creating New User Accounts

EXAM