Information Technology Reference
In-Depth Information
• The Guest account can have a blank password, so if you enable this account, be aware
that anybody can log on with it without needing a password. The Guest account should be
assigned a password before it's enabled.
• Like the Administrator account, the Guest account should be renamed if it's going to be used.
• The Guest account has limited access to a computer or domain, but it does have access to
any resource for which the Everyone group has permission.
Creating and Modifying User Accounts
User accounts are created primarily with Active Directory Users and Computers but can also be
created with command-line tools, as you did in Chapter 3 with the DSADD command. Using
command-line tools to create and manage accounts is discussed later in “Automating Account
Management.” When you create a user account in an Active Directory domain, keep the fol-
lowing considerations in mind:
• Other Active Directory objects must be unique only in their container, but a user account
must be unique throughout the domain because it's used to log on to the domain.
• User account names aren't case sensitive. They can be from 1 to 20 characters and use letters,
numbers, and special characters, with the exception of ”, [, ], :, ;, <, >, ?, *, +, @, |, ^, =, and ,.
• Devise a naming standard for user accounts, which makes creating users easier and can be
convenient when using applications, such as e-mail, that include the username in the
address. The downside of using a predictable naming standard is that attackers can guess
usernames easily to gain unauthorized access to the network. Common naming standards
include a user's first initial plus last name (for example, kwilliams for Kelly Williams) or a
user's first name and last name separated by a special character (for example, Kelly.Williams
or Kelly_Williams). In large companies where names are likely to be duplicated, adding a
number after the username is common.
• By default, a complex password is required, as described in Chapter 3. Passwords are case
sensitive.
• By default, only a logon name and password are required to create a valid user, but
descriptive information, such as first and last name, should be included to facilitate Active
Directory searches.
You have created a few users already, but take a closer look at the process, particularly some
of the fields you encounter in Active Directory Users and Computers. Figure 5-2 shows the New
Object - User dialog box.
Figure 5-2
The New Object - User dialog box
 
Search WWH ::




Custom Search