LAB6D: Creating a User Account
In this step, you will create a new administrator user account. This new user will perform the role of an administrator on the domain. The task of adding the new administrator user will be done at the PDC.

1. Select the menu option User->New User

   
   

2. Complete the following entry boxes

   	Username				brian
   	Password				[leave blank]
   	Confirm Password 			[leave blank]
   	User Must Change Password at Next Logon	clear this check box
   
   	[do not click ADD and do not press ENTER]
   

3. Click on the Groups button
   This brings up a window which lists the current group memberships, and a list of groups you could be added to

   

   Note that the user is a member of the Global Group:Domain Users by default.
   

4. Add the Local Group Administrators, then click on OK
   This makes the user an administrator.
   
   
5. Click on the Profile button to see additional options
   You can assign a network directory for the user to use as a home directory. This will allow them storage space on the network. Alternatively, this home directory can be placed on the local computer. Users who use more than one computer in an organization should be allocated a network home directory.

   In addition, profiles which define workstation and desktop settings can be created for users, and this is where they can be specified, so that when the user logs in, they will have those settings configured in the profile associated with them.

   Logon scripts are batch files which are executed at logon time. They can be used to establish drive and printer connections or used for other purposes.

   The Home directory entry specifies the location [if any] of the users home directory on the local computer they are logging in from.
   
   

6. Do NOT specify a Home Directory
   
   
7. Click on the Hours button, to bring up a list of the allowed logon hours for this account

   
   

8. Change the allowable logon hours to MONDAY to FRIDAY 6am-6pm, then click on OK
   
   
9. Click on the Logon To button, and add an allowable entry for the PDC only [by entering the name of the PDC in field 1], the click on OK
   
   
10. Click on the ADD button to create the user
    
    
11. Click on Close, then exit User Manager, and then logon as the new user
    [start->shutdown->Close all programs and log on as a different user]

    	Could you log on as brian?		YES		NO
    

12. Go to the BDC. Try to log on as the new user brian

    	Could you log on as brian?		YES		NO
    
    	Why do you think this is so?
    
    	......................................................................
    
    

13. Now its time to create an ordinary user account for someone who does not need special rights and has no need to perform administrative functions on the domain. On the PDC, you are currently logged in as brian. Run User Manager, and create a new user with the following properties

    	username	user1
    	password	[leave blank]
    	disable the ‘User must change password at next logon’ checkbox
    

14. After clicking on the ADD button, exit User Manager, and log off the PDC
    
    
15. At the PDC, attempt to log on as user1

    	Could you log on as user1?		YES		NO
    
    	Why do you think this is so?
    
    	......................................................................
    
    	How would you correct this to allow the user to log on to this server?
    	[Hint: see Default user log on rights at the beginning of the User Manager Section, Lab6B]
    
    	......................................................................
    
    	......................................................................
    
    

16. Log on to the PDC as administrator, make the correct changes, then test again to see if user1 can log on to the PDC. Ensure that user1 can log on before continuing
    
    
17. Log off the PDC as user1, then log on to the PDC as administrator
    
    

Summary
Windows NT Domains provides a number of default properties for user accounts. It contains default groups and rights associated with those groups.

Two types of groups exist. Local groups can contain individual users and Global groups. If you want to export users to other domains, create a Global Group and make the user a member of that group.

In Windows NT Server, Microsoft has provided a number of default groups. These are based on activities that users will perform.

In addition, policy rights for users and groups exist to provide security and restrict access to servers. It is the role of the network administrator to define what rights a user needs, then make the user a member of an existing group.

Certain groups have rights to log on to the domain controllers. Normal users are not granted rights to log on to domain controllers, and if they need this right, they must be granted "log on locally" rights using User Manager for Domains.