Lesson 3: Identifying Key Characteristics of Workgroups and Domains

Similar documents
Part I. Windows XP Overview, Installation, and Startup COPYRIGHTED MATERIAL

Supporting Networked Computers

Windows Server 2003 Network Administration Goals

8 Administering Groups

Recent Operating System Class notes 04 Managing Users on Windows XP March 22, 2004

Networks: Access Management Windows NT Server Class Notes # 10 Administration October 24, 2003

5 MANAGING USER ACCOUNTS AND GROUPS

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

IT Essentials v6.0 Windows 10 Software Labs

8 MANAGING SHARED FOLDERS & DATA

Lesson 1: Preparing for Installation

PropertyBoss Upgrade

Good management is essential for all modern networks. Active Directory

Windows 2000 Disk Management

ChromQuest 4.2 Chromatography Data System

Quick Start Guide. Laplink Software, Inc. Quick Start Guide. w w w. l a p l i n k. c o m / s u p p o r t MN-LLG-EN-14 (REV. 01/08)

Storing Your Exercise Files

Chapter 6: Connecting Windows Workstations

Pursuit 7 for Windows

Configuring Windows Security Features

Virtual CD TS 1 Introduction... 3

Integrated Conference Bridge Professional

Chapter. Accessing Files and Folders MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER

Windows 2000 Safe Mode

Verity Central Quick Reference Manual. Document ID A04

SP LOCKER USER MANUAL. v1.0

Automating the Windows 2000 Installation

Getting Started with Vision 6. Version 6.8

Client Installation and User's Guide

Aventail Connect Client with Smart Tunneling

Fiery proserver User Guide

Freshservice Discovery Probe User Guide

2272 : Implementing and Supporting Microsoft Windows XP Professional

Acronis Backup & Recovery 11 Beta Advanced Editions

3 INSTALLING WINDOWS XP PROFESSIONAL

This is a GENERAL Servant Keeper Network Installation help sheet. If you need further assistance, please contact your network administrator.

Lab - Share Resources in Windows

Client Installation and User's Guide

Roger D. Secura

IRONKEY D300S SECURE USB 3.0 FLASH DRIVE

Installation Manual. Fleet Maintenance Software. Version 6.4

INF204x Module 1, Lab 3 - Configure Windows 10 VPN

2 Administering Microsoft Windows Server 2003

CASPER SECURE DRIVE BACKUP

x CH03 2/26/04 1:24 PM Page

Local Area Networks (LAN s)

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

DefendX Software Control-QFS for Isilon Installation Guide

CompTIA Network+ Lab Series Network Concepts. Lab 2: Types of Networks

9936A LogWare III. User s Guide. Revision

10ZiG Technology. Thin Desktop Quick Start Guide

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

DBT-120 Bluetooth USB Adapter

Storage Security Software (Version )

Secure Single Sign On with FingerTec OFIS

SMEC ASSET MANAGEMENT SYSTEM PMS Version 5.5. System Administrator s Guide

Configuring Remote Access using the RDS Gateway

Installation and Startup

NTP Software QFS for Isilon

Activity 1: Using Windows XP Professional Security Checklist

Configure advanced audit policies

Admin Guide. LabelShop 8

A Guide to Installing OLI Software

Installation Guide for Pulse on Windows Server 2012

Lab: Advanced Installation of Windows XP. Introduction

Installation and Configuration Guide

KnowledgeSync V6.0 Implementation Guide

Computer Setup Guide for SEC301

DCC Step-by-Step Setup For Windows 95/98/Me/2000/XP -- Contents

Contents. Table of Contents. Foreword. Part I RDPlus User Guide. 2 Prerequisites 3 Installation. Index <COPYRIGHT>

Cisco Unified Serviceability

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

The following documents are included with your Sony VAIO computer.

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Reference Book

IBM Security SiteProtector System SecureSync Guide

Aretics T7 Installation Manual

Splashtop Enterprise for IoT Devices - Quick Start Guide v1.0

Upgrading the Cisco ONS CL to Release 7.0

Full file at Chapter 2: Securing and Troubleshooting Windows Vista

Sophos Enterprise Console

GIAC Introduction to Security Fundamentals. Laptop and External Drive Configuration Guide Version 1.1 SEC301

ADT EPR Provincial Manual 10 Getting Started in EPR Gateway Version Revision Date Course Length

Lasso Continuous Data Protection Lasso CDP Client Guide August 2005, Version Lasso CDP Client Guide Page 1 of All Rights Reserved.

IBM IBM Tivoli Access Manager for Enterprise Single Sign-On V8.0.1 Implementation.

PS-4700/4800Series User ユーザーマニュアル Hardware Manual Manual

Lasso CDP. Lasso. Administration Tool Guide. August 2005, Version Lasso CDP Administration Tool Guide Page 1 of All Rights Reserved.

User s Manual. Diskeeper 10.0 Administrator Edition. Windows. November 2005

Hands-On Microsoft Windows Server 2008

ACCESSLINE communications. SmartNumber Enterprise TM. USER GUIDE Windows Version USER GUIDE

DefendX Software Control-Audit for Hitachi Installation Guide

10 MONITORING AND OPTIMIZING

Part 1: Understanding Windows XP Basics

Kaseya 2. Quick Start Guide. for Network Monitor 4.1

Managing the VPN Client

Implementing Messaging Security for Exchange Server Clients

III. Chapter 11, Creating a New Post Office, on page 155 Chapter 12, Managing Post Offices, on page 175. novdocx (en) 11 December 2007.

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Installation on Windows Server 2008

Getting Started Guide. Version:

A+ Guide to Managing & Maintaining Your PC, 8th Edition. Chapter 17 Windows Resources on a Network

Transcription:

1-16 Chapter 1 Introduction to Windows XP Professional Lesson 3: Identifying Key Characteristics of Workgroups and Domains Windows XP Professional supports two types of network environments in which users can share common resources, regardless of network size. A workgroup consists of a number of peer-based computers, with each maintaining its own security. A domain consists of servers that maintain centralized security and directory structures and workstations that participate in those structures. After this lesson, you will be able to Identify the key characteristics of workgroups and explain how they work. Identify the key characteristics of domains and explain how they work. Estimated lesson time: 15 minutes How Workgroups Work A Windows XP Professional workgroup is a logical grouping of networked computers that share resources, such as files and printers. A workgroup is also called a peer-topeer network because all computers in the workgroup can share resources as equals (peers) without requiring a dedicated server. Each computer in the workgroup maintains a local security database, which is a list of user accounts and resource security information for the computer on which it resides. Using a local security database on each workstation decentralizes the administration of user accounts and resource security in a workgroup. Figure 1-4 shows a local security database. Windows Server 2003 Local security database Windows XP Professional Local security database Windows XP Professional F01US04.eps Local security database Figure 1-4 Local security database Windows Server 2003 A Windows XP Professional workgroup is also called a peer-to-peer network.

Lesson 3 Identifying Characteristics of Workgroups and Domains 1-17 Note A workgroup can contain computers running a server operating system, such as Windows Server 2003, as long as the server is not configured as a domain controller (in other words, as long as no domain is present). In a workgroup, a computer running Windows Server 2003 is called a stand-alone server. Because workgroups have decentralized administration and security, the following are true: A user must have a user account on a local computer if that user wants to log on to that computer locally (that is, by sitting down at that computer). Any changes to user accounts, such as changing a user s password or adding a new user account, must be made on each computer in the workgroup. If you forget to add a new user account to one of the computers in your workgroup, the new user cannot log on to that computer and cannot access resources on it. Workgroups provide the following advantages: Workgroups do not require a domain controller to hold centralized security information, making workgroups much simpler to configure and manage. Workgroups are simple to design and implement. Workgroups do not require the extensive planning and administration that a domain requires. Workgroups provide a convenient networking environment for a limited number of computers in close proximity. However, a workgroup becomes impractical in environments with more than 10 computers. How Domains Work A domain is a logical grouping of network computers that share a central directory database. (See Figure 1-5.) A directory database contains user accounts and security information for the domain. This database, which is known as the directory, is the database portion of Active Directory service the Windows 2003 directory service. In a domain, the directory resides on computers that are configured as domain controllers. A domain controller is a server that manages all security-related aspects of user and domain interactions, centralizing security and administration.! Exam Tip You can designate only a computer running Microsoft Windows 2000 Server or Windows Server 2003 as a domain controller. If all computers on the network are running Windows XP Professional, the only type of network available is a workgroup.

1-18 Chapter 1 Introduction to Windows XP Professional Domain controller Replication Domain controller Active Directory Active Directory Client computer Member server Client computer F01US05.eps Figure 1-5 A Windows 2003 domain relies on Active Directory to provide user authentication. A domain does not refer to a single location or specific type of network configuration. The computers in a domain can share physical proximity on a small LAN or they can be located in different corners of the world. They can communicate over any number of physical connections, including dial-up connections, Integrated Services Digital Network (ISDN) circuits, Ethernet networks, token ring connections, frame relay networks, satellite links, and leased lines. The benefits of a domain include the following: Centralized administration because all user information is stored in the Active Directory database. This centralization allows users to manage only a single user name and password, and enables domain administrators to control which users can access resources on any computer that is a member of the domain. A single logon process for users to gain access to network resources (such as file, print, and application resources) for which they have permissions. In other words, you can log on to one computer and use resources on another computer in the network as long as you have appropriate permissions to access the resource. Scalability, so that you can create very large networks with hundreds or thousands of computers. A typical Windows 2003 domain includes the following types of computers: Domain controllers running Windows Server 2003 Each domain controller stores and maintains a copy of Active Directory. In a domain, you create a user account in Active Directory only once. When a user logs on to a computer in the domain, a domain controller authenticates the user by checking the directory for the user name, password, and logon restrictions. When there are multiple domain controllers in a domain, they periodically replicate their directory information so

Lesson 3 Identifying Characteristics of Workgroups and Domains 1-19 that each domain controller has a copy of Active Directory. Domain controllers do not maintain a local user database. Member servers running Windows Server 2003 A member server is a server that is a member of a domain, but is not configured as a domain controller. A member server does not store directory information and cannot authenticate users. Member servers provide shared resources such as shared folders or printers. Client computers running Windows XP Professional or Windows 2000 Professional Client computers run a user s desktop environment and allow the user to gain access to resources in the domain. Lesson Review Use the following questions to help determine whether you have learned enough to move on to the next lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the Questions and Answers section at the end of this chapter. 1. Which of the following statements about a Windows XP Professional workgroup are correct? Choose all that apply. a. A workgroup is also called a peer-to-peer network. b. A workgroup is a logical grouping of network computers that share a central directory database. c. A workgroup is practical in environments with up to 100 computers. d. A workgroup can contain computers running Windows Server 2003 as long as the server is not configured as a domain controller. 2. What is a domain controller? 3. A directory database contains user accounts and security information for the domain and is known as the. This directory database is the database portion of, which is the Windows 2000 directory service. Fill in the blanks. 4. A(n) provides a single logon for users to gain access to network resources that they have permission to access such as file, print, and application resources. Fill in the blank.

1-20 Chapter 1 Introduction to Windows XP Professional Lesson Summary To explain how workgroups work, you must know the following things: A Windows XP Professional workgroup is a logical grouping of networked computers that share resources such as files and printers. A workgroup is referred to as a peer-to-peer network because all computers in the workgroup can share resources as equals (peers) without a dedicated server. Each computer in the workgroup maintains a local security database, which is a list of user accounts and resource security information for the computer on which it resides. To explain how domains work, you must know the following things: A domain is a logical grouping of network computers that share a central directory database containing user accounts and security information for the domain. This central directory database, known as the directory, is the database portion of Active Directory service, which is the Windows 2003 directory service. The computers in a domain can share physical proximity on a small LAN or can be distributed worldwide, communicating over any number of physical connections. You can designate a computer running Windows Server 2003 as a domain controller. If all computers on the network are running Windows XP Professional, the only type of network available is a workgroup.

Lesson 4 Logging On and Off Windows XP Professional 1-21 Lesson 4: Logging On and Off Windows XP Professional This lesson explains the Welcome screen and the Enter Password dialog box, which are the two options that you use to log on to Windows XP Professional. It also explains how Windows XP Professional authenticates a user during the logon process. This mandatory authentication process ensures that only valid users can gain access to resources and data on a computer or the network. After this lesson, you will be able to Log on locally to the computer running Windows XP Professional. Identify how Windows XP Professional authenticates a user when the user logs on to a local computer or to a domain. Create and use a password reset disk to recover a forgotten password. Run programs using different credentials than the currently logged-on user. Use Fast Logon Optimization. Log off or turn off a computer that is running Windows XP Professional. Identify the features of the Windows Security dialog box. Estimated lesson time: 15 minutes How to Log On Locally to the Computer Running Windows XP Professional Windows XP Professional offers two options for logging on locally: the Welcome screen and the Log On To Windows dialog box. The Welcome Screen By default, if a computer is a member of a workgroup, Windows XP Professional uses the Welcome screen to allow users to log on locally, as shown in Figure 1-6. To log on, click the icon for the user account you want to use. If the account requires a password, you are prompted to enter it. If the account is not password-protected, you are logged on to the computer. You can also use CTRL+ALT+DELETE at the Welcome screen to get the Log On To Windows dialog box. This dialog box enables you to log on to the Administrator account, which is not displayed on the Welcome screen when other user accounts have been created. To use CTRL+ALT+DELETE, you must enter the sequence twice to get the logon prompt.

1-22 Chapter 1 Introduction to Windows XP Professional F01US06.eps Figure 1-6 The Welcome screen is used by default on computers in workgroups. See Also For more information about creating user accounts during installation, see Chapter 2, Installing Windows XP Professional. For more information about setting up user accounts (including turning on and off the Welcome screen), see Chapter 7, Setting Up and Managing User Accounts. A user can log on locally to either of the following: A computer that is a member of a workgroup A computer that is a member of a domain but is not a domain controller Note Because domain controllers do not maintain a local security database, local user accounts are not available on domain controllers. Therefore, a user cannot log on locally to a domain controller. The User Accounts program in the Control Panel includes a Change The Way Users Log On Or Off task, which allows you to configure Windows XP Professional to use the Log On To Windows dialog box instead of the Welcome screen. The Log On To Windows Dialog Box To use the Log On To Windows dialog box (shown in Figure 1-7) to log on locally to a computer running Windows XP Professional, you must supply a valid user name; if the user name is password-protected, you must also supply the password. Windows

Lesson 4 Logging On and Off Windows XP Professional 1-23 XP Professional authenticates the user s identity during the logon process. Only valid users can access resources and data on a computer or a network. Windows XP Professional authenticates users who log on locally to the computer at which they are seated; a domain controller authenticates users who log on to a domain. F01US07.eps Figure 1-7 screen. Use the Log On To Windows dialog box in domains or as an alternative to the Welcome When a user starts a computer running Windows XP Professional that is configured to use the Log On To Windows dialog box, an Options button also appears. Table 1-1 describes the options in the Log On To Windows dialog box for a computer that is part of a domain. Table 1-1 Option Log On To Windows Dialog Box Options Description User Name Password Log On To Log On Using Dial-Up Connection Shutdown Options A unique user logon name that is assigned by an administrator. To log on to a domain with the user name, the user must have an account that resides in the directory. The password that is assigned to the user account. Users must enter a password to prove their identity. Passwords are case sensitive. For security purposes, the password appears on the screen as asterisks (*). To prevent unauthorized access to resources and data, users must keep passwords secret. Allows the user to choose to log on to the local computer or to log on to the domain. Permits a user to connect to a domain server by using dial-up networking. Dial-up networking allows a user to log on and perform work from a remote location. Closes all files, saves all operating system data, and prepares the computer so that a user can safely turn it off. Toggles on and off between the Log On To option and the Log On Using Dial-Up Connection option. The Options button appears only if the computer is a member of a domain.

1-24 Chapter 1 Introduction to Windows XP Professional Note If your computer is not part of a domain, the Log On To option is not available. Windows XP Professional Authentication Process To gain access to a computer running Windows XP Professional or to any resource on that computer (whether the computer is configured to use the Welcome screen or the Log On To Windows dialog box), you must provide a user name and possibly a password. (You will learn more about using passwords effectively in Chapter 7.) The way Windows XP Professional authenticates a user depends on whether the user is logging on to a domain or logging on locally to a computer (see Figure 1-8). F01US08.eps 1 Logging on locally Logs on 3 Access token 2 Local security database Figure 1-8 Windows XP Professional grants an access token based on user credentials during the authentication process. The steps in the authentication process are as follows: 1. The user logs on by providing logon credentials typically user name and password and Windows XP Professional forwards this information to the security subsystem of that local computer. 2. Windows XP Professional compares the logon credentials with the user information in the local security database, which resides in the security subsystem of the local computer. 3. If the credentials are valid, Windows XP Professional creates an access token for the user, which is the user s identification for that local computer. The access token contains the user s security settings, which allow the user to gain access to the appropriate resources on that computer and to perform specific system tasks. Note In addition to the logon process, any time a user makes a connection to a computer, that computer authenticates the user and returns an access token. This authentication process is invisible to the user.

Lesson 4 Logging On and Off Windows XP Professional 1-25 If a user logs on to a domain, Windows XP Professional contacts a domain controller in the domain. The domain controller compares the logon credentials with the user information that is stored in Active Directory. If the credentials are valid, the domain controller creates an access token for the user. The security settings contained in the access token allow the user to gain access to the appropriate resources in the domain. How to Use a Password Reset Disk A password reset disk allows a user to recover a user account when the user forgets his or her password. You create a password reset disk using the Forgotten Password Wizard, which you can start in the following ways: If your computer is a member of a domain, press CTRL+ALT+DELETE to open the Windows Security dialog box. Click Change Password, and then click Backup to start the wizard. If your computer is in a workgroup, and you are using a computer administrator account, open the User Accounts tool in Control Panel, click your account name, and then click Prevent A Forgotten Password. If your computer is in a workgroup, and you are using a limited account, open the User Accounts tool in Control Panel, and in the Relate Tasks section on the left side of the window, click Prevent A Forgotten Password. No matter which way you start the Forgotten Password Wizard, the wizard walks you through the steps necessary to create a password reset disk. You can store your password reset key on any removable disk, including floppy (in which case you will need one, blank, formatted 1.44 MB floppy disk) and universal serial bus (USB) flash drives. Warning You can have only one password reset disk at a time. If you create a new disk, any previous disk becomes invalid. If you forget your logon password, you can use a password reset disk in one of the following ways: If your computer is a member of a domain, simply try to log on to Windows by using an invalid password. In the Logon Failed dialog box that appears, click Reset to start the Password Reset Wizard, which will walk you through the recovery process. If your computer is a member of a workgroup, on the Windows XP logon screen, click the user name that you want to use to make the Type Your Password box appear. Press ENTER or click the right arrow button. In the pop-up error message that appears, click Use Your Password Reset Disk to start the Password Reset Wizard.

1-26 Chapter 1 Introduction to Windows XP Professional How to Run Programs with Different User Credentials Windows XP Professional allows you to run programs using user credentials that are different from the currently logged-on user. Using different credentials is useful if you are troubleshooting a user s computer and do not want to log off and log back on using administrative permissions just to perform a troubleshooting task or run a particular program. Using this method is also more secure than logging on to a user s computer with administrative credentials. Running a program with different credentials in Windows XP Professional relies on a built-in service named the Secondary Logon service. This service must be running (and it is by default on computers running Windows XP) to run a program with alternate credentials. To determine whether the Secondary Logon service is running (and enable the service if it is not running), follow these steps: 1. Log on to the computer as Administrator or as a user with administrative permissions. 2. From the Start menu, click Control Panel. 3. In the Control Panel window, click Performance and Maintenance. 4. In the Performance and Maintenance window, click Administrative Tools. 5. In the Administrative Tools window, double-click Services. 6. In the Services window, locate the Secondary Logon service on the list of Services. 7. If the status for the Secondary Logon service is listed as Started, the service is enabled, and you can close the Services window. If the status is listed as Manual or Disabled, right-click the Secondary Logon service and click Properties. 8. On the General tab of the Secondary Logon Properties dialog box, on the Startup type drop-down list, click Automatic. 9. In the Service Status section, click Start. 10. Click OK to close the Secondary Logon Properties dialog box, and then close the Services window. If the Secondary Logon service is running, you can run a program using different user credentials than the currently logged-on user. On the Start menu, right-click the shortcut for the program you want to run. On the shortcut menu, click Run As. In the Run As dialog box that opens, you can run the program as the current user, or you can enter an alternative user name and password. Microsoft recommends logging on with a limited user account and using this technique to run applications that require administrative privileges.

Lesson 4 Logging On and Off Windows XP Professional 1-27 The Purpose of Fast Logon Optimization Windows XP Professional includes a feature named Fast Logon Optimization. Enabled by default, this feature allows existing users to log on by using cached credentials instead of waiting for the network to become fully initialized before allowing logon. This features enables faster logons from the user perspective. Group Policy and other settings are applied in the background after logon and after the network is initialized. Fast Logon Optimization is always turned off in the following situations: The first time a user logs on to a computer When a user logs on using a roaming profile, a home directory, or a user logon script (you will learn more in Chapter 7) How to Log Off Windows XP Professional To log off a computer running Windows XP Professional, click Start and then click Log Off. Notice that the Start menu, shown in Figure 1-9, also allows you to turn off the computer. F01US09.eps Figure 1-9 The Start menu provides a way to log off Windows XP Professional. Features of the Windows Security Dialog Box The Windows Security dialog box provides information such as the user account currently logged on, and the domain or computer to which the user is logged on. This

1-28 Chapter 1 Introduction to Windows XP Professional information is important for users with multiple user accounts, such as a user who has a regular user account as well as a user account with administrative privileges. If a computer running Windows XP Professional is joined to a domain (or if the Welcome screen is disabled even when the computer is a member of a workgroup), you can access the Windows Security dialog box by pressing CTRL+ALT+DELETE at any time while Windows is running. If the Welcome screen is enabled, pressing CTRL+ALT+DELETE activates Task Manager instead. Figure 1-10 shows the Windows Security dialog box, and Table 1-2 describes the Windows Security dialog box options. F01US10.eps Figure 1-10 Use the Windows Security dialog box for many security activities. Table 1-2 Option The Windows Security Dialog Box Options Description Lock Computer Log Off Shut Down Change Password Allows users to secure the computer without logging off. All programs remain running. Users should lock their computers when they leave for a short time. The user who locks the computer can unlock it by pressing CTRL+ALT+DELETE and entering the valid password. An administrator can also unlock a locked computer. This process logs off the current user. Whether the Windows Security dialog box is available or not, you can also press WINDOWS KEY+L to immediately lock the computer. Allows a user to log off as the current user and close all running programs, but leaves Windows XP Professional running. You can also log off Windows by choosing Log Off from the Start menu. Allows a user to close all files, save all operating system data, and prepare the computer so that it can be safely turned off. You can also log off Windows by choosing Turn Off Computer from the Start menu. Allows a user to change his or her user account password. The user must know the current password to create a new one. This is the only way users can change their own passwords. Administrators can also change the password.

Lesson 4 Logging On and Off Windows XP Professional 1-29 Table 1-2 Option The Windows Security Dialog Box Options Description Task Manager Cancel Provides a list of the programs that are running and a summary of overall central processing unit (CPU) and memory usage, as well as a quick view of how each program, program component, or system process is using the CPU and memory resources. Users can also use Task Manager to switch between programs and to stop a program that is not responding. You can also access Task Manager by right-clicking any open space on the taskbar and clicking Task Manager. Closes the Windows Security dialog box. Practice: Creating a Password Reset Disk In this practice, you will create a password reset disk. Complete either Exercise 1 or Exercise 2. If you are working on a computer that is a member of a domain, use the steps in Exercise 1 to create the disk. If you are working on a computer that is a member of a workgroup, use the steps in Exercise 2 to create the disk. For either exercise, you will need a blank, formatted, 1.44-MB floppy disk. Exercise 1: Creating a Password Reset Disk on a Computer That Is a Member of a Domain 1. Log on as the user for whom you are creating a password reset disk. 2. Press CTRL+ALT+DELETE. 3. In the Windows Security dialog box, click Change Password. 4. In the Change Password dialog box, click Backup. 5. On the Welcome page of the Forgotten Password Wizard, click Next. 6. On the Create A Password Reset Disk page, make sure that the correct floppy drive is selected; ensure that a blank, formatted, 1.44-MB floppy disk is inserted in the drive; and then click Next. 7. On the Current User Account Password page, type the current password for the account, and then click Next. 8. After Windows writes the key information to the disk, click Next. 9. Click Finish. Remove the disk, label it, and store it in a secure location. If an attacker gains access to this disk, he can log on to your computer without a password.

1-30 Chapter 1 Introduction to Windows XP Professional Exercise 2: Creating a Password Reset Disk on a Computer That Is a Member of a Workgroup 1. Log on as the user for whom you are creating a password reset disk. 2. From the Start menu, click Control Panel. 3. In the Control Panel window, click User Accounts. 4. In the User Accounts window, click the account you want to use if you are logged on as an Administrator. Otherwise, continue to the next step. 5. In the Related Tasks section, click Prevent A Forgotten Password. 6. On the Welcome page of the Forgotten Password Wizard, click Next. 7. On the Create A Password Reset Disk page, make sure that the correct floppy drive is selected; ensure that a blank, formatted, 1.44 MB floppy disk is inserted in the drive; and then click Next. 8. On the Current User Account Password page, type the current password for the account, and then click Next. 9. After Windows writes the key information to the disk, click Next. 10. Click Finish. Remove the disk and label it. Lesson Review Use the following questions to help determine whether you have learned enough to move on to the next lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the Questions and Answers section at the end of this chapter. 1. What can you do when you log on locally to a computer, and what determines what you can do when you log on locally to a computer?

Lesson 4 Logging On and Off Windows XP Professional 1-31 2. What is the main difference in the authentication process for logging on locally to a computer and logging on to a domain? 3. Which of the following computers can a user log on to locally? Choose all that apply. a. A computer running Windows XP Professional that is in a workgroup b. A computer running Windows XP Professional that is in a domain c. A computer running Windows Server 2003 that is configured as a domain controller d. A computer running Windows Server 2003 that is a member server in a domain 4. Which of the following statements about the Windows Security dialog box are correct? Choose all that apply. a. You can access it by pressing CTRL+ALT+DELETE. b. The dialog box tells you how long the current user has been logged on. c. The dialog box allows you to log off the computer or domain. d. The dialog box allows a user with administrative permissions to change other users passwords. Lesson Summary By default, Windows XP Professional uses the Welcome screen to allow users to log on locally to the computer. You can configure Windows XP Professional to use the Log On To Windows dialog box instead of the Welcome screen. When a user logs on, she can log on to the local computer; if the computer is a member of a domain, the user can log on to the domain. When a user logs on locally, the local computer does the authentication. When a user logs on to a domain, a domain controller must do the authentication. In a workgroup environment, an access token is the user s identification for that local computer, and it contains the user s security settings. These security settings allow the user to gain access to the appropriate resources on that computer and to perform specific system tasks.

1-32 Chapter 1 Introduction to Windows XP Professional An administrator or a user can create a password reset disk for a user that allows the user to recover a forgotten password and log on to Windows XP Professional. Instead of logging on as Administrator, you can specify administrative credentials when you run a program no matter what user account you are logged on with. This provides a way to run programs that requires administrative rights without the risks associated with logging on using an Administrator account. Fast Logon Optimization allows existing users to log on by using cached credentials instead of waiting for the network to become fully initialized before allowing logon. This features enables faster logons from the user perspective. You can log off Windows XP (and should whenever you leave your computer for an extended period) by using the Log Off command on the Start menu. The Windows Security dialog box allows you to lock your computer, change your password, log off your computer, shut down your computer, and access Task Manager. Case Scenario Exercises Read the following two scenarios and answer the associated questions. You can use the scenarios to help determine whether you have learned enough to move on to the next chapter. If you have difficulty completing this work, review the material in this chapter before beginning the next chapter. You can find answers to these questions in the Questions and Answers section at the end of this chapter. Scenario 1.1 You are working as an administrator who supports users by telephone. One of your users says that she has recently installed Windows XP Professional on her home computer, which she uses to connect to her company s corporate network. She is used to having to press CTRL+ALT+DELETE to log on to Windows, but instead her new computer shows a Welcome screen with her user name listed. She would feel more comfortable using the Log On To Windows dialog box instead of the Welcome screen. How should you configure the computer?

Troubleshooting Lab 1-33 Scenario 1.2 You are an administrator for a corporate network that runs a Windows Server 2003 based domain. All client workstations run Windows XP Professional. A user complains to you that when he logs on to his computer, his desktop does not look right and he cannot access any network resources. What do you suspect might be the problem? Troubleshooting Lab Using what you have learned in this chapter, provide the following information about your own computer: What edition of Windows XP are you running? Which Service Pack, if any, is applied to your installation of Windows XP? What tools can you use to determine which one you have? Is your computer a member of a workgroup or a domain? What is the name of the workgroup or domain? If your computer is a member of a domain, can you also log on to your computer locally? Chapter Summary The Windows XP family includes Windows XP Professional Edition, Windows XP Home Edition, Windows XP Media Center Edition, Windows XP Tablet PC Edition, and Windows XP 64-Bit Edition. Features provided in Windows XP Professional that are not provided in Windows XP Home Edition include dynamic disks, Remote Desktop, NTFS and print permissions, EFS, domain membership, dual processors, and IIS. You can determine whether Service Pack 2 is installed by viewing the General tab of the System Properties dialog box or by typing winver.exe in the Run dialog box to open the About Windows dialog box. Enhancements provided by Service Pack 2 include: Security Center provides real-time status and alerts for Windows Firewall, Automatic Updates, and some antivirus software. Enhancements to Automatic Updates allow it to download updates for more Microsoft products, download all types of updates, and prioritize update importance.

1-34 Chapter 1 Introduction to Windows XP Professional Enhancements to Windows Firewall enable the firewall for each connection by default, allow the inspection of traffic from the moment the connection becomes active, and let you make global configuration settings for all connections. Enhancements to Internet Explorer include a new Information bar that consolidates many user prompts, a pop-up blocker, and better add-on management. A computer running Windows XP Professional can be a member of two types of networks: a workgroup or a domain. You can designate a computer running Windows Server 2003 as a domain controller. If all computers on the network are running Windows XP Professional, the only type of network available is a workgroup. Features of workgroups and domains include: A Windows XP Professional workgroup is a logical grouping of networked computers that share resources such as files and printers. A workgroup is referred to as a peer-to-peer network because all computers in the workgroup can share resources as equals (peers) without a dedicated server. Each computer in the workgroup maintains a local security database, which is a list of user accounts and resource security information for the computer on which it resides. A domain is a logical grouping of network computers that share a central directory database containing user accounts and security information for the domain. This central directory database is known as the directory; it is the database portion of Active Directory service, which is the Windows 2003 directory service. The computers in a domain can share physical proximity on a small LAN or can be distributed worldwide, communicating over any number of physical connections. By default, Windows XP Professional uses the Welcome screen to allow users to log on locally to the computer. You can configure Windows XP Professional to use the Log On To Windows dialog box instead of the Welcome screen. When a user logs on, he can log on to the local computer; if the computer is a member of a domain, the user can log on to the domain. Exam Highlights When a user logs on locally, the local computer does the authentication. When a user logs on to a domain, a domain controller must do the authentication. Before taking the exam, review the key points and terms that are presented in this chapter. You need to know this information.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback