Previous Page | Next Page

  1. Introduction
  2. Installation
  3. Hardware Issues
  4. Filesystems
  5. Networking
  6. Security
  7. Servers
  8. Services
  9. Utilities
  10. Control Panel
  11. Printing
  12. Performance Monitor
  13. Network Monitor
  14. Event Viewer
  15. Other Issues
  16. User Accounts
  17. Groups
  18. Policies
  19. User Rights
  20. Auditing
  21. System Policies
  22. Sharing
  23. Profiles
  24. Roaming Profiles
  25. Domains
  26. Server Management
  27. Directory Replication
  28. License Management
  29. Client Administrator
  30. Netware Tools
  31. Macintosh Support
  32. RAS Server
  33. SNMP
  34. DHCP
  35. DNS
  36. WINS
  37. Mail Service
  38. Internet
  39. Internet Information Server
  40. Routing and Firewalls
  41. Items to Remember
  42. Terms
  43. Credits

Windows NT User Accounts

Users can be created on the PDC, BDC or other computer. Then the user accounts database must be synchronized between the PDC and the BDCs to make the change effective on the entire domain. The PDC is synchronized with its BDCs by using the "Server Manager" tool. The user accounts are created using the User Manager for Domains utility program. The person creating the accounts must be logged in as a member of the DOMAIN ADMINS or ACCOUNT OPERATORS group.

User Properties

  • Username - Up to 20 characters excluding:

    " / \ [ ] : ; | , + * ? < >

    The username may be changed after it is created.
  • Full name
  • Description
  • Password - Case sensitive and up to 14 characters.
  • Confirm password
  • User must change password at next logon - Checkbox
  • User cannot change password - Checkbox
  • Password never expires - Checkbox
  • Account Disabled - Checkbox
  • Account locked out - Checkbox

User accounts can be renamed. To change user characteristics, from User Manager for Domains click on the user, then select the menu item "user", and change.

User Manager for Domains Buttons in User Dialog Box

  • Groups - Where group memberships are assigned to users
  • Profile - User profile information. Includes:
    • User Profile Path
    • Login Script Name - The login script is to be found on the LOGIN share on the server that authenticates the user. This share is at \Winnt\System32\Repl\Import\Scripts. These scripts are best managed by placing them on the PDC and using directory replication to send them to all BDCs.
    • Home Directory - May be local or on the network. Use the following syntax to create it on the network: < CLASS=indent> \\Computername\Home\%username%

      %username% is an environment variable and must be used as shown above. The computername is a placeholder and the actual name of the computer should be used there.

  • Hours - Set available user login hours.
  • Logon To - The computers the user may logon to the domain from.
  • Account - Account expiration date (Never or End of entered date) and type of account (global or local). The default type is global.
  • Dialin - Sets up dial in access permission for this computer along with callback options with one of the following:
    • No call back
    • Call back number set by caller
    • Preset callback number

Copied User Properties

Then a template user account is made and copied to create a new account, the following fields are carried over to the new account.

  • Description
  • Group Account Memberships
  • Profile Settings
  • User must change password at next logon
  • User cannot change password - Checkbox
  • Password never expires - Checkbox

Fields that are not Copied

  • Username
  • Full name
  • Account Disabled

Placing a # sign in front of the user template will cause it to be placed at the top of the user list for easy access.

Creating Users on a large network

The command line utility "NET USER" can be used from a batch file to create users.

Deleting or disabling accounts

Accounts should only be deleted when you sure they will never be used again. When an employee of a set position leaves their account may be disabled and renamed with a new password and reactivated when their replacement is hired. The ADMINISTRATOR and GUEST account cannot be deleted but may be renamed. The GUEST account may be disabled.

Modifying User Properties

This can be done from "User Manager for Domains" either by double clicking the user or select "properties" from the "User" menu. This opens the user properties dialog box. To add a user to the group, select the "group" box, select the group and click the "Add" button.