Controlling access with the User Manager

This tip, submitted by member Mike Marney, tells how to determine which users get access by using the User Manager tool.

Windows NT offers several levels of security. It requires that all users provide a valid name and a password to gain access to the system. Once there, users can only access those files and resources to which they are specifically granted access. You can determine which users get access to which resources through the User Manager tool, which also gives you access to other security options.
Here's how to use it:

  1. You can create user accounts and groups through the User Manager. You'll want to create one user account for each user, including yourself. NT includes several built-in groups (such as Power Users and Backup Operators); you can also create your own custom groups, for example, you might want to create a Printer group for printer users and a Mngrprint group for the user managing the printer.
  2. To create a new user, click the Start button. Under Programs, choose Administrative Tools, and then select User Manager. Under the User menu, select New User to add someone to the list.
  3. To create a new group, click the User menu in the User Manager and select New Local Group. Fill in the group name and description, and click OK.
  4. To grant a user membership in a group from the User Manager, double-click the user's name to open the User Properties dialog box, then click the Groups button. Find the group in the box on the right to which you want to add the user, and click to highlight it. Click the Add button, and then click OK. You can use the same process to remove a user from a group; just click the Remove button instead of the Add button.
  5. Once you've created users and groups, and once you've made users members of groups, you must assign access levels to resources. You can do this through Windows Explorer for files and folders, and through the Printers folder for printers. The basic access levels are Read/Print, Change/Manage Documents, Full Control, or No Access--the access level name changes based on the resource type.
  6. The User Manager also contains three additional security policies: Account, User Rights, and Audit. All three are accessible from the Policies menu.
    • The Account policy is used to implement stricter passwords by requiring regular changes, minimum length, and preventing reuse of old passwords. The account policy also includes a lockout feature that disables a user's account when he or she fails to log in successfully after a set number of tries.
    • The User Rights policy defines which users and groups can perform system activities such as logging on locally, rebooting the system, and changing system time.
    • The Audit policy tracks activities on the system such as file access, logons, and system shutdowns. To enable auditing for a particular activity, click the Enable Auditing radio button, then select one or more of the seven event types and choose whether you want to track their success or failure. (Note: If you select File and Object Access, you'll also need to define the access types and users or groups to track for each object. You can do this through Windows Explorer or the Printers folder.)

    Activity related to any of these three policies will be recorded in the Security log, which you can view through the Event Viewer.

If you are new to NT administration please be careful, try a small group first, before pushing policy to the entire domain.
This was first published in August 2001

Dig deeper on Network Access Control

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close