Network Administration: Windows User Account Basics

User accounts are one of the basic tools for managing a Windows server. As a network administrator, you’ll spend a large percentage of your time dealing with user accounts — creating new ones, deleting expired ones, resetting passwords for forgetful users, granting new access rights, and so on. Before getting into the specific procedures of creating and managing user accounts, this section presents an overview of user accounts and how they work.

Local accounts versus domain accounts

A local account is a user account that’s stored on a particular computer and applies only to that computer. Typically, each computer on your network will have a local account for each person who uses that computer.

In contrast, a domain account is a user account that’s stored by Active Directory and can be accessed from any computer that’s a part of the domain. Domain accounts are centrally managed. This chapter deals primarily with setting up and maintaining domain accounts.

User account properties

Every user account has a number of important account properties that specify the characteristics of the account. The three most important account properties are

  • Username: A unique name that identifies the account. The user must enter the username when logging on to the network. The username is public information. In other words, other network users can (and often should) find out your username.

  • Password: A secret word that must be entered in order to gain access to the account. You can set up Windows so that it enforces password policies, such as the minimum length of the password, whether the password must contain a mixture of letters and numerals, and how long the password remains current before the user must change it.

  • Group membership: The group or groups to which the user account belongs. Group memberships are the key to granting access rights to users so that they can access various network resources, such as file shares or printers or to perform certain network tasks, such as creating new user accounts or backing up the server.

Many other account properties record information about the user, such as the user’s contact information, whether the user is allowed to access the system only at certain times or from certain computers, and so on..