Windows 2000 Server: User Management

by Johannes Helmig [Published on 5 May 2001 / Last Updated on 5 May 2001]

Once you have configured the Active Directory:

Before other users can connect via the network
to a Windows 2000 server, they need to be
configured in the
"Active Directory Users and Computers"



Select in the left window the option for "Users",
which will display the list of pre-defined :
- users
- groups.

Different levels of permissions are assinged to
a group, a User is assigned these permissions
by being a member of a group with the permissions.


To create a new user, either make a
Right-Click on "Users" in the left window
or select from the menu:
"Action" "New" / "User"
a wizard is prompting for the
information of the new user:
- your name (first, initial, last)
- your Logon name
the logon name can be
different for on Windows2000
systems (full username in my
example: jhelmig@JHHOME.COM,
which could be the same as your
Internet e-mail address)
and pre-Windows2000 systems
(using the NetBIOS domain-name,
in my example: JHHOME\jhelmig) .

On the next screen, you need to
define the password to be used
for the logon, and whether the
user will be required to change the
password at the next logon:
you as administrator have entered
the initial password, so if the user
is not changing the password, you
could logon under that name and
have access to the data of the user.
(security issue).
Forcing the user to define a new
password make sure that only
that user has access to his data
(unless the administrator uses "brut force and
take Ownership of the data )
All information is collected and
displayed for verification.













Select "Finish" to create this new user.

To view / modify the information for a user,
display the Properties.

There a 12 information tabs !

I will only show here a few of them.
tab: "Account"

User names and account options
tab: Profile

Defines a script to be executed on the
client-computer when making a logon
to the domain (this script is to be stored
in the NETLOGON - share, more info below).

Definition of the HOME-directory/Folder.
tab: Member Of

Allows to add/delete the user to
Groups
tab: Dial-in

Defines whether a user is allowed to
connect to the server via a dial-in using
a modem or VPN-connection (usually
required for traveling personal to get access to
their company- e-mail, like using Outlook to
connnect to a MS-Exchange server)
tab: Environment

used to configure the setting for
Terminal Services

If you defined on the tab: Profiles to use Logon-scripts, then you need to store these script-files
in the NETLOGON-share for the client systems to be able to locate and execute these scripts.
By default, the NETLOGON-share is Read-only, so you should create/modify the scripts to the
NETLOGON-share folder via the file-system (using Windows Explorer or "My Computer" ).
To identify the location of the NETLOGON-share on your system, check in the Control-Panel
in "Computer Management" / "System Tools" / "Shared Folders" / "Shares":

The NETLOGON-share will be defined on the NTFS-disk-partition defined during the
configuration of the Active Directory(in my example: on my F-drive).

See Also

Featured Links