To create a local user, you must first navigate to the Computer Management MMC:
1. Navigate to the Computer Management applet in your administrative tools program group (Start | Control Panel | Administrative Tools
| Computer Management).
2. Expand System Tools in Computer Management; you will see the Local Users and Groups Icon.
3. Expand Local Users and Groups.You will see two folders, Users and Groups. Figure 4.1 shows these folders.
4. Right-click the Users folder and select the option New User…. This will bring you to the New User dialog box shown in Figure 4.2.
Figure 4.1Local Users and Groups within the Computer Management Console
5. Supply the following information:
■ User name The name that will be used by this account to log on.
■ Full name The actual name of the user (this may be different from the user name).
■ Description Adds other details about the user or account (such as what floor the user works on).
6. Enter the password and confirm it.
7. Check the desired account options:
■ User must change password at logon Requires the user to enter a new password when he logs on.
■ User cannot change password Makes it impossible for the user to change her password.
■ Password never expires Ensures that the password does not have to be constantly changed by the user.
■ Account is disabled Disables the account, preventing it from being used by anyone trying to log on.This is not the same as deleting the account, because it still exists, but it is technically inoperable.
8. To finish, click Create, and the new user account will be created.
Figure 4.2New User Properties Dialog Box
NOTE
One thing to remember is that the minimum password age is set by default to 0 days, and the maximum password age by default is 42 days.
If this is inappropriate for your organization, you can change it in the Local Security Settings dialog box. Go to Start | Control Panel | Administrative Tools | Local Security Policy | Security Settings and expand down to Password Policy. In the contents pane (right-hand side) of Local Security Settings, you will see the default settings. Double-click the settings to change them to what is appropriate for your security policy.
The new account will appear in the contents pane of the MMC.To find more options or to change other options on your new user, simply right-click new userfor a pop-up menu of options, including the following:
■ Set password
■ Rename
■ Delete
■ Properties
One thing you may want to investigate is the user’s properties. Clicking on the Properties field allows you to apply a few more important options for this user.You will find the following two new tabs:
■ Member of Allows you to add specific groups to the user account you have created (groups are covered in the next section).
■ Profile tab(shown in Figure 4.3) The Profile path field assigns the profile used by your new Local User account upon logon to the
machine.The Logon script field assigns a batch file–based login script.
The Home Folder section sets the user account to a local path for its home folder or maps the user account to a home folder on a network share. A home folder is where users should save all of their data.
Remember, it is best to have all data in one centralized area so that it can easily be located and backed up.
Let’s look at another way to create a user account. First, we have to get to the command prompt, which is a 32-bit program that runs text-based commands. It looks like DOS (Disk Operating System), but it is not DOS. It is called
Command (abbreviated CMD) and can be run from the Run dialog box. Click Start| Run. From the Run dialog box, type in the CMD and click OK.Typing net and pressing ENTER will give you the window shown in Figure 4.4.
Figure 4.4 shows all of the possible options used with the net command.To see a list of options (including the correct syntax) for creating a user, run the fol- lowing command from the command prompt:
NET USER /HELP
Figure 4.3A User Account’s Profile Tab
Figure 4.4The Command Prompt
NOTE
A profile is a set of configurations that you can create, or the machine creates by default (usually ending with a .DAT extension) that defines your environment when logging on. The environment can contain (among other things) window size and position settings, program items, icons, and screen colors.
The output from this command will display more information than can fit on one screen. Let’s view all of the output by scrolling back to the top of the com- mand prompt (use the scrollbar on the right side of the command prompt window). Scroll down slowly and read all of the command’s switches.This may appear to be a difficult way of creating users, but at times it is easier than going through the graphical user interface (GUI).This is generally faster than using the GUI.You also have the flexibility of adding these commands to a script or batch file to automate your administrative task. Exercise 4.2 walks you through creating a user from the command prompt. Exercise 4.3 walks you through deleting a user account from the command prompt. Exercise 4.4 walks you through creating local user accounts with the Control Panel User Accounts applet.