Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  36. Shares
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 Accounts

Built In Accounts

The below accounts are created when any Windows 2000 system is installed. These accounts are also created on domain controllers automatically when Active Directory is installed.

  • Administrator - Cannot be deleted or disabled and should be renamed.
  • Guest - Disabled by default. A password is not required. This account can't be deleted but can be renamed, and should be disabled.

Account Types

  • Local - For local computer access.
  • Domain - For access to network resources in the domain.

Administrators and power users can create and modify accounts in the domain. Administrators on local computers can create and modify accounts locally. Windows Scripting Host (WSH) assists administrators in creating many users and groups quickly.

User Properties

  • Username - A unique name up to 20 characters excluding:

    " / \ [ ] : ; | , + * ? < >\

    The username may be changed after it is created. Choose a naming convention for large organizations.
  • Full name
  • Description
  • Password - Case sensitive and up to 14 characters.
  • Confirm password
  • User must change password at next logon - Checkbox
  • User cannot change password - Checkbox
  • Password never expires - Checkbox
  • Account Disabled - Checkbox
  • Account locked out - Checkbox

User accounts can be renamed. To change user characteristics, from User Manager for Domains click on the user, then select the menu item "user", and change.

Account Creation and Modification

  • Local account: - Use the "Local Users and Groups" tool.
    1. Right click "My Computer", select "Manage".
    2. Click the + next to "Local Users and Groups" in the "Computer Management" box.
    3. Enter user information into the "New User" dialog box.
    To modify the user properties, right click on the user and select "Properties". User Property tabs include:
    • General - Set up when user must change password (User must change password at next login, User cannot change password, or password never expires) and disable the account here. Indication of account lockout is here.
    • Member Of - Set up local groups the user is a member of.
    • Profile - Set up the environment variables, set a network path to the user profile folder and user home folder. The profile includes desktop settings.
    • Dial-in (Only on Server computers) - Set remote access permission, callback policy, and IP address and routing information.
  • Remote account: - Use the "Active Directory Users and Computers" tool.
    1. From the Active Directory Users and Computers tool click + next to the domain name.
    2. Highlight the "Users" folder and select "Action", "New", and "User".
    3. Enter user information into the "New User" dialog box.
    To modify the user properties, right click on the user and select "Properties". User Property tabs include:
    • General - Set up when user must change password (User must change password at next login, User cannot change password, or password never expires) and disable the account here. Indication of account lockout is here.
    • Address - Set mail address or physical address information.
    • Account - Set hours that the user can logon during and restrict computers the user can use. Can set::
      • User must change password at next login
      • User cannot change password
      • Password never expires
      • Store password using reversible encryption.
      • Account is disabled
      • Smart card is required for interactive logon
      • Account is trusted for delegation - The user can delegate authority for their privileges or rights to other users.
      • Account is sensitive and cannot be delegated.
      • Use DES encryption types for this account.
      • Do not require Kerberos preauthentication - For systems supporting Kerberos but not preauthorization.
      • Indication of account lockout is here.
      • Can set when account expires.
    • Profile - Set up the environment variables, set a network path to the user profile folder and user home folder. A logon script file can be set. Domain user logon scripts are in the NETLOGON share on the domain controller in the SystemRoot\SYSVOL\sysvol\domainname\SCRIPTS folder. The profile includes desktop settings. Default profile file location is C:\Documents and Settings\username on the computer that the user logged on to.
    • Telephones - Can specify the user's home, pager, mobile, and fax phone numbers.
    • Organization - The user title, department, manager, and company can be listed.
    • Member Of - Used to assign users to groups and remove users from groups.
    • Dial-In - Dial-in provileges can be granted or denied and callback options are set here.
    • Environment - (With terminal services)
    • Sessions - (With terminal services)
    • Remote Control - (With terminal services)
    • Terminal Services Profile - (With terminal services)
    • Published Certificates - Can add or remove user internet certificates.
    • Object - View information about the user account object such as when the account was modified last.
    • Security - Can set users and groups that can modify this domain user account properties.

The "NET USER" command line tool may be used to create users when used with a batch file