Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network potx

Contents Overview 1 Lesson: Configuring Windows XP Demonstration: Using the Computer Practice: Configuring Fast User Switching 15 Lesson: Configuring Local Security 18 Lesson: Confi

Trang 1

Contents

Overview 1

Lesson: Configuring Windows XP

Demonstration: Using the Computer

Practice: Configuring Fast User Switching 15

Lesson: Configuring Local Security 18

Lesson: Configuring Network Options in a

Workgroup 27

Module 6: Configuring Windows XP

Professional to Operate

in a Microsoft Network

Trang 2

Information in this document, including URL and other Internet Web site references, is subject to change without notice Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

Microsoft, MS-DOS, Windows, Windows NT, ActiveX, Active Directory, MSDN, PowerPoint, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries

The names of actual companies and products mentioned herein may be the trademarks of their respective owners

Trang 3

Instructor Notes

This module provides students with the skills to configure Microsoft®

Windows® XP Professional to operate in a workgroup or in a domain The module explains user accounts and the Microsoft Management Console (MMC)

After completing this module, students will be able to:

! Configure Microsoft Windows XP Professional for a workgroup

! Configure security settings on individual accounts and computers

! Use the Network Setup Wizard to configure network options when operating in a workgroup

! Configure Microsoft Windows XP Professional for a domain

You need Microsoft PowerPoint® file 2285A_06.ppt

It is recommended that you use PowerPoint 2002 or later to display the slides for this course If you use PowerPoint Viewer or an earlier version of PowerPoint, some features of the slides may not appear correctly

To prepare for this module:

! Read all materials for this module

! Complete the practices

! Read all materials listed under Additional reading in this module

Trang 4

How to Teach This Module

This section contains information that will help you to teach this module For some topics in this module, references to additional information appear in notes at the end of a topic Read the additional information in preparation for teaching the module During class, ensure that students are aware of the additional information

Lesson: Configuring Windows XP Professional for a Workgroup

This section describes the instructional methods for teaching this lesson Explain what a workgroup is Define peer-to-peer network and stand-alone server Ensure that students understand the advantages and limitations of workgroups

Describe the characteristics of a local user account Describe the local Security Account Manager (SAM) and cite the resources listed under Additional reading

Describe the different types of accounts Explain that the default types are created by using:

! Computer Management Console

! Control Panel

In this topic, describe the Computer Management Console When you list the tasks that the Computer Management Console performs, illustrate the tasks with examples

Demonstrate the process for creating user accounts, and then demonstrate how

to create user accounts in the Computer Management Console Emphasize that when you create accounts in the Computer Management Console, the default account type is an Administrator account with no password, and that this type

of account can pose a security risk

Recommend the following guidelines to increase security:

! Users must change their passwords after their initial logons

! The administrator must disable idle accounts

Before this demonstration, remove GLASGOW from the NWTRADERS domain and put it in the WORKGROUP workgroup

Describe the authentication process for local accounts Explain what an access

token is Emphasize that changes to accounts in a workgroup must occur on all

computers in the workgroup

Assign students to work in pairs for this practice

This practice takes approximately 10 minutes

Trang 5

List the options that are available only in Windows XP Professional when it operates in a workgroup Explain that these options are not available in a domain

Fast User Switching is available only when you enable Use the Welcome Screen If you disable Use the Welcome Screen as the easy logon

option, you also disable the Use Fast User Switching option You also cannot use Fast User Switching when Offline Files is enabled

Remind students that they must continue to work in pairs in this practice This practice takes approximately 10 minutes

Lesson: Configuring Local Security

Describe the MMC, and then give an overview of the process of configuring local security

Describe the settings that you can configure to increase security for Local Policies Explain the differences between User Rights Assignments and Security Options

Describe the CTRL+ALT+DEL security template options Explain each setting

in the table

In this practice, the students use the tables as job aids to choose the correct settings for their Account Policies Explain that students can use the procedures and the tables to choose the correct Account Policies for most circumstances This practice takes approximately 10 minutes

Lesson: Configuring Network Options in a Workgroup

Emphasize that you must configure the network before you can enable file- and print-sharing in a workgroup

Describe the tasks involved when you configure networking options in a workgroup Mention the Home and Small Office Network Setup checklist and the computer description because you will not explain them later in the module Describe how the Internet Connection Firewall (ICF) controls connections between the internal network and the Internet Be prepared to illustrate how ICF can deny access to non-secure traffic from the Internet

Describe how Internet Connection Sharing works Be prepared to answer questions from students who want to know more about the technology behind Internet Connection Sharing (ICS) In particular, mention Universal Plug and Play (UPnP), even though you will not present UPnP in the lesson

Logon Options in a

Workgroup

Note

Practice: Configuring for

Fast User Switching

What Is Local Security

Trang 6

Describe the two methods of connecting to the Internet: ICS and the Other

option in the Network Setup Wizard Prepare real-life examples to illustrate each method

ICS Discovery and Control uses Universal Plug and Play (UPnP) ICS clients can discover the ICS host, control the connection status of the ICS host

to the Internet Service Provider (ISP), and view basic statistical information about the Internet connection

Demonstrate how to enable ICS and ICF by using Control Panel

Ensure that each student has a Windows XP Professional compact disc

Lesson: Joining a Domain

Describe the differences between workgroups and domains, and explain the requirements of joining a domain

Explain how the Welcome screen differs from the Log on to Windows screen

Describe the authentication process in a domain Explain what cached credentials are and how they are used

In this practice, students will join a domain

Trang 7

Overview

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

To configure Microsoft® Windows® XP Professional to operate in a workgroup

or a domain, you must correctly create and configure user accounts, and configure the security of the network As an Information Technology (IT) professional, you must understand the similarities and differences between workgroups and domains so that you can configure Windows XP Professional

to operate properly in your network environment

After completing this module, you will be able to:

! Configure Windows XP Professional for a workgroup

! Configure security settings on individual accounts and computers

! Use the Network Setup Wizard to configure network options in a workgroup

! Configure Windows XP Professional for a domain

Introduction

Objectives

Trang 8

Lesson: Configuring Windows XP Professional for a

Workgroup

To configure Windows XP Professional to operate in Microsoft Windows networks, you must understand how a workgroup environment affects configuration You must also differentiate among the types of user accounts and their capabilities

After completing this lesson, you will be able to:

! Describe a workgroup

! Describe local user accounts

! Describe information about user accounts in a workgroup

! Describe how the Computer Management Console works

! Describe the authentication process in a domain

! Join a workgroup

! Change workgroup logon options

! Configure Windows XP Professional for a workgroup

Introduction

Lesson objectives

Trang 9

What Is a Workgroup?

The advantages of a workgroup are:

! In smaller organizations where computers in a workgroup share resources, there is no need to dedicate a computer as a server This saves the

organization the expense of a server and server software

Standalone servers are computers running server software in a

workgroup

! Workgroups are appropriate for organizations with decentralized resource and account administration

The limitation of workgroups is that they are difficult to manage if more than

10 computers are on a network

In a workgroup, all user accounts are local user accounts If five workers use five computers in a workgroup and they require access to each other’s resources, there are 25 user accounts in the workgroup because each computer duplicates the five user accounts When you make a change to a user account in

a workgroup, you must also make the change on each computer in the workgroup

Advantages

Note

Limitation

Trang 10

What Is a Local User Account?

! A user account contains a user’s unique credentials The user account

enables a user to:

• Use a specific computer in a workgroup to access resources on that computer

• Log on to a domain to access network resources

! Local user accounts are created on the computer on which they are used,

and enable the user to access resources on that computer

• A local user account resides in a security account database, called the Security Account Manager (SAM), on the computer on which the user account is created Because the local user account resides locally, it controls access only to local resources, which are resources that reside

on the local computer

• A local user account is authenticated against the credentials in the local SAM

For more information about administering user accounts, see Module 1,

“Introduction to Windows 2000 Administration,” and Module 2, “Setting Up

User Accounts,” in Course 2028, Basic Administration of Microsoft Windows 2000

Key points

Additional reading

Trang 11

Account Types and Privileges

In a workgroup, the default account type depends on how you create the user

! If you create the user account by using the Computer Management Console,

the default account type is Limited user

! If you create the account using Control Panel, the default account type is Computer Administrator with no password This account type can pose a security risk; therefore, create all user accounts by using the Computer Management Console

Account types

Account type privileges

Trang 12

The following table lists the three account types and their associated privileges

Account Type Group Privileges

• Change the pictures for their accounts

• Change their passwords

• Remove their passwords

privileges, and can make basic changes to computer settings (for example, modify display properties and power options) Computer

Administrator

privileges, and they can:

• Create, change, and delete accounts

• Make computerwide changes, and access all files on the computer

• Install all hardware and software

You cannot create a Standard user account by using Control Panel To grant a user the privileges of a Standard user, or Power user, you must add the user to the Power Users group in the Computer Management Console

Note

Trang 13

What Is the Computer Management Console?

The Computer Management Console combines several administration utilities into a console tree, which provides easy access to administrative properties and utilities The console tree in the left pane shows a hierarchical view of the features of the Computer Management Console

You can use Computer Management Console to:

! Monitor system events, such as logon times and application errors

! Create and manage shared resources

! View a list of users who are connected to a local or remote computer

! Start and stop system services, such as Scheduled Tasks and Indexing Service

! Set properties for storage devices

! View device configurations and add device drivers

! Manage applications and services

Key points

Trang 14

Demonstration: Using the Computer Management Console

In a workgroup environment, you must create a local user account on each computer to which the individual requires access

1 Click Start, right-click My Computer, and then click Manage

2 In the Computer Management Console, expand Local Users and Groups, right-click Users, and then click New User

3 In the New User dialog box, enter the User Name, the Full Name

(optional), and then a Description (optional)

4 Type a password of P@ssw0rd and then confirm the password

Although a password is optional, always assign a strong password to accounts that you create to increase network security

5 Select User must change password at next logon (which is recommended)

or User cannot change password, and then select Account is Disabled

unless the account will soon be used

You can select or deselect the options mentioned in step 5, and also disable or enable an account, by right-clicking a user in the right pane, and

then clicking Properties

Trang 15

To change the account type of a local user account in a workgroup:

1 Click Start, click Control Panel, click User Accounts, and then click

Change an account

2 Select an account, then Click Change the account type

3 Select an account type, and then click Change Account Type and view the

new account type beneath the user name

Changing account types

Trang 16

The Authentication Process

! When a user logs on to a local computer, the authentication process is:

• The user provides a user name and a password, and Windows XP Professional forwards the information to the SAM on the local computer

• Windows XP Professional compares the logon information with the user information in the SAM

• If the information matches and the user account is valid, Windows XP Professional creates an access token for the user

! An access token is the user’s identification for that local computer and

contains the user’s security settings These security settings enable the user

to access resources and perform specific system tasks

! If you make a change to a user account, such as a password change, the workgroup authentication process requires you to make the same change on each computer to which the user requires access

Key points

Trang 17

Practice: Joining a Workgroup

After completing this practice, you will be able to join a workgroup

Before working on this practice, you must have a computer running Windows XP Professional

A department in your organization installed Windows XP Professional The department uses a workgroup The person who installed Windows XP Professional incorrectly installed the computers in a domain Your task is to reconfigure the computers into a workgroup

! Reconfigure the computer into a workgroup

1 Log on to the local computer as Administrator with a password of

P@ssw0rd

You logged on as Administrator for this practice because you require Administrator privileges to perform some of the steps

2 Click Start, right-click My Computer, and then click Properties

3 On the System Properties sheet, click Computer Name

4 On the Computer Name tab, click Change

5 Click Workgroup, type WORKGROUP as the workgroup name, and then click OK

6 In the Computer Name Changes dialog box, type Administrator as the user name, type P@ssw0rd as the password, and then click OK

7 On the Welcome to the WORKGROUP workgroup message box, click

Trang 18

8 On the You must restart this computer for the changes to take effect message, click OK

9 Close the System Properties sheet, and then click Yes to restart the

computer

! Explore the network and attempt to connect to network resources

P@ssw0rd and notice that you only logged on to the local computer, not the

domain

2 Click Start, click My Computer, click My Network Places, and then click

View Workgroup Computers

3 In the list of computers, double-click any computer except your own

4 At the prompt for a password, click Cancel

Trang 19

Logon Options in a Workgroup

The Use the Welcome Screen and Use Fast User Switching are two logon

options in a workgroup environment

The Welcome screen has several functions:

! Provides a quick and easy method for users to log on

! Allows users to select their user accounts and immediately type their passwords

! Displays all valid user accounts on the local computer

By default, the Administrator account appears on the Welcome screen If another account has administrator privileges, the Administrator account does not appear

! Provides a user icon for each account that the user can set to any graphic; for example, a photograph of the user

The Welcome screen presents the list of user accounts on the computer This list is visible to anyone who can see the computer monitor, which presents a security risk Use the Welcome screen only in environments where minimal security is acceptable

The Welcome Screen

Note

Important

Trang 20

Fast User Switching enables users to switch among user accounts without closing programs or logging off The main features of Fast User Switching are:

! Fast User Switching is enabled by default

! When it is enabled, the user sees Switch User in the Log Off Windows

dialog box

! Fast User Switching enables users who must perform administrative functions to access an account with administrative privileges, perform the administrative function, log off the administrator account, and then return to their own accounts without shutting down programs or logging off

! Fast User Switching provides an additional tab, Users, in the Windows Task

Manager On this tab, users can log off, and users with administrative privileges can log off themselves or other users

When multiple users are simultaneously logged on and running programs, the performance of the computer depends on the speed of the computer and the amount of memory available

Fast User Switching

Note

Trang 21

Practice: Configuring Fast User Switching

After completing this practice, you will be able to:

! Change how users log on and off

! Configure classic Windows Logon and Fast User Switching

Before working on this practice, you must have a computer running Windows XP Professional

A department in your organization installed Windows XP Professional You recently reconfigured the department’s computers to use a workgroup rather than a domain You want users to log on to their computers by using Windows Logon so that they can use Fast User Switching Your task is to reconfigure the computers so that this is possible

! Create a local user account

P@ssw0rd

2 Click Start, right-click My Computer, and then click Manage

3 In the Computer Management window, expand Local Users and Groups

You logged on as Administrator for this practice because you require Administrator privileges to perform some of the steps and to eliminate the steps used in creating a second limited test user Restrict the use of the Administrator account in production environments

4 Right-click Users, and then click New User

5 In the User Name box, type FastSwitchUser and in the Password and

Confirm Password boxes, type P@ssw0rd

Trang 22

6 Clear the User must change password at next logon check box, and then click Create

7 Close the New User dialog box, click Users and view FastSwitchUser in

the list of users

8 Close all open windows

! Configure Fast User Switching

1 Click Start, click Control Panel, and then click User Accounts

2 On the Pick a Task page, click Change the way users log on or off

3 Click OK on the User Accounts dialog box that appears

4 Uncheck the Enable Offline Files check box and click OK

5 On the Select logon and logoff options page, select Use the Welcome

Screen, select Use Fast User Switching, and then click Apply Options

6 Close the User Accounts window and close Control Panel

7 Click Start, click Log Off, and then click Switch User to log off the

computer

! Test Fast User Switching

The logon screen lists all users on the computer, so you can click a user and

type a password When you use Fast User Switching, you are not required to

press CTRL+ALT+DEL to log on

1 Click FastSwitchUser with a password of P@ssw0rd

2 Click Start, click All Programs, click Accessories, and then click

On the Welcome screen, notice that both the Administrator and

FastSwitchUser are logged on, and FastSwitchUser has one running

program

5 Log on as Administrator with a password of P@ssw0rd

6 Open WordPad and type some text into the new document, but do not close

or save the new document

7 Click Start, click Log off, and on the Log Off Windows message, click

Switch User

On the Welcome screen, notice that both the Administrator and

FastSwitchUser are logged on, and that each has one running program

8 Log on as FastSwitchUser with a password of P@ssw0rd

Notice that WordPad is still running and that the text you typed is still there

9 Close the Document - WordPad window, on the Save changes to

Document message, click No

Trang 23

Log Off

11 Log on as Administrator with a password of P@ssw0rd

12 Close the Document - WordPad window, on the Save changes to

Document message, click No

Log Off

Trang 24

Lesson: Configuring Local Security

To configure local security, you must configure Group Policy settings In this lesson, you will learn how configure security settings on individual accounts and individual computers

After completing this lesson, you will be able to:

! Describe the local security features

! Describe the guidelines for increasing security for Local Policies

! Describe the guidelines for using the CTRL+ALT+DEL security templates

! Configure security settings on individual accounts and individual computers

Introduction

Lesson objectives

Trang 25

What Is Local Security Configuration?

Local security configuration allows you to modify security settings for users and computers

To modify security settings, you must use the Microsoft Management Console (MMC) to access the appropriate administrative snap-ins The MMC allows

you to create customized snap-ins (called consoles) Each console focuses on a

specific administrative task; for example, local security

To configure local security, you must:

! Create a custom console

! Add the Group Policy and Local Users and Groups snap-ins to the console

To manage local security, use the customized console to:

! Create and manage users and groups

! Set policies on individual accounts and computers

! Configure Account Policies and Local Policies by using the Group Policy snap-in

! Configure security options, such as CTRL+ALT+DEL options, by using the Local Computer Policy snap-in

Using the Microsoft

Định dạng
Số trang	50
Dung lượng	10,02 MB