Here's how to use it:
- You can create user accounts and groups through the User Manager. You'll want to create one user account for each user, including yourself. NT includes several built-in groups (such as Power Users and Backup Operators); you can also create your own custom groups, for example, you might want to create a Printer group for printer users and a Mngrprint group for the user managing the printer.
- To create a new user, click the Start button. Under Programs, choose Administrative Tools, and then select User Manager. Under the User menu, select New User to add someone to the list.
- To create a new group, click the User menu in the User Manager and select New Local Group. Fill in the group name and description, and click OK.
- To grant a user membership in a group from the User Manager, double-click the user's name to open the User Properties dialog box, then click the Groups button. Find the group in the box on the right to which you want to add the user, and click to highlight it. Click the Add button, and then click OK. You can use the same process to remove a user from a group; just click the Remove button instead of the Add button.
- Once you've created users and groups, and once you've made users members of groups, you must assign access levels to resources. You can do this through Windows Explorer for files and folders, and through the Printers folder for printers. The basic access levels are Read/Print, Change/Manage Documents, Full Control, or No Access--the access level name changes based on the resource type.
- The User Manager also contains three additional security policies: Account, User Rights, and Audit. All three are accessible from the Policies menu.
- The Account policy is used to implement stricter passwords by requiring regular changes, minimum length, and preventing reuse of old passwords. The account policy also includes a lockout feature that disables a user's account when he or she fails to log in successfully after a set number of tries.
- The User Rights policy defines which users and groups can perform system activities such as logging on locally, rebooting the system, and changing system time.
- The Audit policy tracks activities on the system such as file access, logons, and system shutdowns. To enable auditing for a particular activity, click the Enable Auditing radio button, then select one or more of the seven event types and choose whether you want to track their success or failure. (Note: If you select File and Object Access, you'll also need to define the access types and users or groups to track for each object. You can do this through Windows Explorer or the Printers folder.)
Dig deeper on Network Access Control