PRESENTATION OF INFORMATION SYSTEMS

PREPARED BY GROUP 1ASSIGNED BY MA’AM AMINA BATOOL

DATED: 5th sept. 2016

GHAYOOR-UL-DIN BABERSABAHAT QADEER

AYESHA SANAULLAHRIZWAN AHMED

GROUP MEMBERS

CONFIGURING, MANAGING,

AND TROUBLE-SHOOTING,LOCAL USERS,GROUP ACCOUNTS AND EFS

PRESENTATION TOPIC

CONTENTS

1. UNDERSTANDING LOCAL USERS2. PRACTICAL OF LOCAL USER ACCOUNTS3. TROUBLESHOOTING LOCAL USERS4. UNDERSTANDING GROUP ACCOUNTS5. PRACTICAL OF LOCAL GROUP ACCOUNTS6. TROUBLESHOOTING GROUP ACCOUNTS7. UNDERSTANDING EFS8. PRACTICAL OF EFS9. TROUBLESHOOTING EFS

Topic divisionConfiguration and management of

USER ACCOUNTSBy RIZWAN AHMED

Configuration and management of GROUP ACCOUNTS

By SABAHAT QADEERConfiguration and management of

EFSBy AYESHA ANAULLAH

Troubleshooting and practicalBy GHAYOOR

User AccountUser account is a collection of information that tells Windows

• Which files and folders administrator can access • What changes administrator can make to the computer • The personal preferences (desktop background or screen

saver etc ).

User accounts let administrator share a computer with several people, while having the own files and settings.Each person accesses his or her user account with a user name and password.

User A/Cs is useful for assigning to the user to participate in the network. 8

Types Of Accounts

There are two types of accounts

• Domain User Accounts

• Local User Accounts

9

Domain User Accounts

These are created in the Active Directory (AD)

and they proved centralized management of users

besides easy administration.

10

Local User Accounts

* These can be created on the Local machines where the client works.

* Example Windows 2000 professional, XP

professional or server 2003 member server etc.* These accounts do not provide centralized

management.* Suitable only for smaller organizations where

there is no server.

11

Creating a local user Accounts

Three methods for creating users in Windows XP Professional

• Control Panel → User Accounts

• Microsoft Consol

• Command

12

Creating User using from Control Panel

13

14

15

16

17

NOTE - Fast User Switching cannot be used if the Offline Files option is enabled.

Also, once the system is added to a domain administrator can no longer use Fast User

Switching, even if administrator log on to the workstation by using the local user account

database.

18

Creating User using Consol (compmgmt.msc, lusrmgr.msc)

“Using the Local Users and Groups Snap-in “On member server Log on to local account (Administrators and Power

Users)>Right click on my computer >Manage

19

1. Administrator can also type compmgmt.msc in the RUN box or from a command line to launch the Computer Management MMC.2. If administrator wants to directly open the Local Users and Groups MMC Type lusrmgr.msc from the RUN box or from a command line.

20

>Expand local users > Right click on users > New user

21

Supply the user name & Password

22

Enabling disabled administrator account

• START >SEARCH>TYPE “CMD”>RIGHT CLICK ON FIRST SEARCH>RESULT>RUN AS ADMINISRATOR>GIVE COMMAND “net user administrator: yes”>HIT ENTER

SUCCESS

23

Disabling enabled administrator account

• START >SEARCH >TYPE “CMD”>RIGHT CLICK ON FIRST SEARCH RESULT>RUN AS ADMINISRATOR>GIVE COMMAND “net user administrator:no”>HIT ENTER

SUCCESS

24

Steps to change password of local user accounts

• Log on to local user account>click on start control panel>user accounts and family safety link>click on user accounts link >click on the change password link enter new password>confirm password >type hint also(not compulsory)

success

• You can also remove password

25

PRACTICAL OF LOCAL USERACCOUNTS

Troubleshooting local users

27

To fix a corrupt windows user profile

• Microsoft says that a user profile can become corrupted if your antivirus software is scanning your PC while you try to log on, but it can also be caused by other factors.

• Troubleshooting• A quick fix can be to restart your PC but if this doesn’t

work you’ll need to restart again and bot into safe mode do this by pressing F8 before you see the windows loading screen and choosing safe mode from the menu that appears.

• Safe mode logs you into the built-in windows administrator account, but you find that some options do not work…

• or• create a new user profile and backup your saved data.

28

You are unable to open an app in windows

• Microsoft says that whenever you purchase or load a game or such an application that was designed for other windows… but you do not have that window…. The file will not run…

• Troubleshooting• You are required to right click on that application and

then “run as administrator”…… in this way you will be able to run such applications which were not designed for your windows..

29

Restoring files from deleted user accounts

• Control panel>User accounts>configure advanced user profile properties>create a new admin account>log on to new account>my computer>C-drive>Users new account >windows enabler?run as administrator >control panel>configure advanced user and profiles> copy from one user account to another user account……….

• success

30

I tried to log on to my user account but I keep getting message that the user name or password is incorrect

•  •1. Caps Lock might be ‘on’:•Passwords in Windows are case-sensitive, which means that every time you type your password, you have to capitalize each letter in exactly the same way that you did when you first created it. If you have accidentally pressed Caps Lock, then you’re inadvertently typing your password in all capital letters. Make sure Caps Lock is off, and then type your password again.

31

Cont..

• 2.You might be typing the wrong password: If you can’t remember your password, you need to reset your password, either with a password reset disk or an administrator account.

3. An administrator on the computer might have reset your password: If your computer is on a network, a network administrator has the ability to reset your password. If you think this might be the problem, check with your network administrator. If your computer is in a workgroup, anyone who has an administrator account on the computer can change your password.

32

Cont..

• 4. You might be trying to log on to the wrong user account:  If you have more than one user account on the computer, make sure you’re logging on to the account that matches the password you’re using. Use switch user to select the right account.

33

Cont..

• 5. You might forget you password: Forgetting password is most common issue. To overcome this issue use Reset Password option available at log on screen once you tried to insert a wrong password.

34

My computer is part of a domain and I want to log on to a local user account, not my domain account.

• To log on to a local user account on your computer, you need to know the name of your computer and the user name for the account that you want to log on to. To log on to a local user account, follow these steps:

• On the Welcome screen, click Switch User.• Click Other User.• In the user name field, type the name of your computer,

a backslash (\), and the user name for the account that you want to log on to. For example: computer name\user name

• Type your password, and then press Enter.

35

You receive a "The User Profile Service failed the logon” error message

• Troubleshooting • Method 1: Fix the user account profile• Method 2: Log on to Windows and copy your data to a new account• Method 3: Delete the error SID and create a new profile

36

Session B

CONFIGURING , MANAGING AND TROUBLESHOOTING OF

GROUP ACCOUNTS

Group Accounts

GROUP

What is a Group?The group is a collection of accounts that

share the same security rights and permissions.

GROUP ACCOUNTS

• A Group Account is a collection of user accounts. On a management server that is running Windows, you can create a group account to manage the privileges of multiple accounts together. By making a user account a member of a group, you give that user all the rights and permissions granted to the group.

 

CONT…

• Windows has a long list of predefined user groups which includes “Administrators” and “Users.”

• A user account is a member of at least one user group while some user accounts are members of two groups or more, depending on how they are set.

• User groups are managed automatically by Windows and you won’t need to fiddle with them, even though you can if you are an administrator.

CONT….

• For example, all user accounts that are set as administrators will be part of the “Administrators” group. Standard user accounts are part of the “Users” group. However, both types of user accounts will become members of the “HomeUsers” group, when you start using the Homegroup networking feature in Windows.

Local Users and Groups Consol* Displays all built in groups as well as groups

created by administrator.* The built-in groups are created automatically

when Windows XP is installed.

CONT…

Administrators

Members of the Administrator group have total control over the computer and everything on it. The user named Administrator is the default account within this group.

Administrators Can:* Create, modify, and access local user accounts• Install new hardware and software• Upgrade the operating system• Back up the system and files• Claim ownership of files that have become

damaged* Do anything a Power User can

Power Users and Users

The Power User class can perform any task except for those reserved for Administrators. But a power user can not

• Access other users' data without permission.• Delete or modify user accounts they did not

create.• Users can perform common tasks, but have little

power to affect the computer outside of their own account.

Users can perform common tasks, but have little power to affect the computer outside of their own account.

Guests and Backup Operators • Guests

• The Guests group grants limited access to occasional or one-time users. Once a Guest logsout, all files created by the guest is deleted.

• Backup Operators• Members of the Backup Operators group can back

up and restore files on the computer but they cannot change security settings.

• .

How to Create and Delete a User Group in Windows 7

• Note

• This could be useful if you would like to create a new group,add users to be a member of this group, then assign user rights to the group. This way you could have your own special custom group of users with user rights assignments that you set for them.

Create a New User Group

• Click on

• Right Click on

• Click on Manage

NEW GROUP

• In the left pane, click on Groups to open it. In the right pane of Groups, right click on a empty space, and click on New Group.

• Type in a "group name" (ex: New Group), a "description" (ex: Example of new group created) for the group, add users (ex: my user account "Brink") that you would like to be a member of this new group, then click on theCreate and Close buttons.

NEW GROUP

The new group has been created

NEW GROUP

• You can now assign user rights to the group, and add or remove users from being a member of this group at anytime

HOW TO DELETE A GROUP

• When you delete a group, all users that were a member of that group will automatically lose all user rights assigned to that group. Be very careful to not delete the wrong group. I would recommend to not delete any of the default groups, and only delete groups that you created and no longer need.

• I would highly recommend that you create a restore point before adding or deleting groups. This way if you make a mistake and delete the wrong group, you will be able to do a system restore at boot and select the restore point to undo the mistake.

• In the left pane, click on Groups to open it. In the right pane of Groups, right click on a group (ex: New Group) that you wanted to delete, and click on Delete. Warning

 Delete a Group

CONT….

• Click on Yes to approve deleting the group.

• The group (ex: New Group) has been deleted.

• When finished, close Local Users and Groups.

Local Users and Groups Manager

• MANAGEMENT OF GROUP ACCOUNTS

Open "Local Users and Groups Manager"

•  OPTION ONE  • Open "Local Users and Groups Manager" 

Directly• 1. Press the Windows + R keys to open the Run

dialog, type lusrmgr.msc, and press Enter. NOTE: This file is located at C:\Windows\System32\lusrmgr.msc.2. You can now set and manage the Local Users and Groups settings on your computer to how you want them.

OPTION TWO  

• Open "Local Users and Groups Manager" in Computer Management

• 1. Open the Control Panel (icons view), and click/tap on the Administrative Tools icon.

2. Close the Control Panel window.

3. In Administrative Tools, click/tap on the Computer Management icon.

4. If prompted, click/tap on Yes.

5. Close the Administrative Tools window.

6. In the left pane of Computer Management, double click/tap on Local Users and Groups. (

OPTION TWO

You can now set and manage the Local Users and Groups settings on your computer to how you want them.

OPTION THREE 

Open  "Local  Users  and  Groups  Manager"  in Advanced User Accounts

• 1. Press the Windows  +  R keys to open the Run dialog, type netplwiz, and press Enter. 2. If prompted by UAC, click/tap on Yes.3. Click/tap on the Advanced tab, and click/tap on the Advanced button.

• You can now set and manage the Local Users and Groups settings on your computer to how you want them

CONT….

PRACTICAL OF GROUP

ACCOUNTS

Troubleshooting Group Accounts

Two users out of three logon in their accounts 3rd cannot

Troubleshooting1. Check whether caps lock is on.2. Check whether you are entering right

password.3. It may be possible that an admin account

or the group manager has changed the user password.. Ask the manager or admin to check your password or reset your password…

But this is briefly discussed in group policies which is another vast discussion

A local user cannot view desktop icons

Troubleshooting 1st of all right click on the desktop screen. Now click on view. Click on view desktop icons.. If it doesn’t work then the group manager

may have customized group account policies for you.

Again group policy is another vast discussion and another topic.

Do you know??

1. Can an admin account create a new admin account?

2. Can an admin account change the password of the admin account created before?

3. Can local account change password of an admin account?

4. Can an admin account created before change the password of te account created after it?

5. Can an admin make local user an admin?

•6. Can a standard user access admin?•7. Can an admin view files of a standard user?•8. Can a standard user view the files of other standard user?•9. Can an admin view files of another admin?•10. In group accounts, can a standard user access admin accounts? Reason.

66

Session CCONFIGURING , MANAGING AND TROUBLESHOOTING OF

AYESHA SANAULLAH

Encrypting File System(EFS)

68

© ExplorNet’s Centers for Quality Teaching and Learning 69

Security Through Encryption

Encryption is the process through which the contents of files and folders are secured from unauthorized access.Contents are scrambled using keys, certificates, and

algorithms.Can only be read by an authorized user who has the

proper key.

© ExplorNet’s Centers for Quality Teaching and Learning 70

Encryption in Windows

Encrypting File System (EFS)A Windows file system feature that allows users to

encrypt information on all types of physical media. Available on all versions of Windows 7. Fully supported in the Professional, Enterprise,

and Ultimate versions. Partially supported on Starter, Home.

© ExplorNet’s Centers for Quality Teaching and Learning 71

Encryption in Windows

Files are not encrypted by default.When users choose to encrypt the file/folder appears

green in Windows Explorer.

© ExplorNet’s Centers for Quality Teaching and Learning 72

How to Use EFSA user chooses to secure

a file/folder with EFS through the Properties dialog box.

© ExplorNet’s Centers for Quality Teaching and Learning 73

How to Use EFSFrom the Advanced

attributes a user can choose to encrypt.

If “file only” encryption is done a second prompt asking to encrypt the folder may appear.

© ExplorNet’s Centers for Quality Teaching and Learning 74

1. When you mark a file for encryption EFS creates an encryption key. A key is a large, random number specific to that

file/folder. The encryption key is stored with the file.

2. EFS then uses the key and an algorithm to scramble the contents of the file. To authorized users the file appears normal. Unauthorized attempts to open the file result in

an “Access Denied” message.

© ExplorNet’s Centers for Quality Teaching and Learning 75

How EFS Works: Encryption

3. To link the key to your user account each file/folder key is encrypted with a personal file encryption certificate called an EFS Certificate.

4. Your EFS Certificate is stored in the Windows Certificate database.

© ExplorNet’s Centers for Quality Teaching and Learning 76

How EFS Works: Decryption

When you attempt to open an encrypted file this is approximately what happens.1. The file signals the need to be decoded.

To decode the file the encryption key is needed. The encryption is stored with the file, but…. Recall that the encryption key itself was

encrypted2. The OS calls for an EFS Certificate to decode the

encryption key.

© ExplorNet’s Centers for Quality Teaching and Learning 77

How EFS Works: Decryption

3. Windows finds your EFS Certificate because you are logged in to your user account. Because your EFS Certificate was used to

encrypt the file’s encryption key it can also be used to correctly decode the encryption key.

4. The OS decodes the file’s encryption key using your EFS Certificate.

5. The OS uses the file’s encryption key to decode the file.

© ExplorNet’s Centers for Quality Teaching and Learning 78

EFS TipsLoss or damage to an encryption key or EFS Certificate

means loss of the file/folder. Always have backups.

The Administrator account is the designated recovery agent if you ever lose access to a file.

Encrypting at the folder level is preferred. New files added to the folder are automatically

encrypted. Less chance of accidental file security breach.

Encrypting adds processing time to file accesses and increases file size significantly.

© ExplorNet’s Centers for Quality Teaching and Learning 79

BitLocker Drive Encryption

Encryption feature in the Enterprise and Ultimate versions of Windows 7 that works with TPM to secure entire disks instead of files.

Trusted Platform Module (TPM) A microchip on many motherboards that helps

protect the computer from being accessed if stolen, lost, or attacked. It works most effectively when paired with another system, like an OS.

© ExplorNet’s Centers for Quality Teaching and Learning 80

BitLocker To Go

Usually BitLocker is used to encrypt hard disk drives.BitLocker To Go allows the encryption of portable

media.

© ExplorNet’s Centers for Quality Teaching and Learning 81

Compression

The process of reducing the size of data without affecting the content.Compression is used by any company with a sizeable

amount of data. Storage is expensive. If the data is important there will be a backup

copy. Now you need twice as much storage.

© ExplorNet’s Centers for Quality Teaching and Learning 82

Compression

Files often consist of repetitive binary patterns.Mathematicians use this fact to develop compression

algorithms that replace the repetitive data with pointers.

Pointers take up much less space without compromising the data.

© ExplorNet’s Centers for Quality Teaching and Learning 83

How to Use Compression

Choose

© ExplorNet’s Centers for Quality Teaching and Learning 84

Compression Tips

Compressed files appear blue in Explorer.Compressed files cannot be encrypted.

If you want to encrypt, decompress first, then encrypt.

Different files have different compression ratios.Large, contiguous files usually experience the most

gain from compression. Video is a good example, lots of repeated frames.

© ExplorNet’s Centers for Quality Teaching and Learning 85

PRACTICAL WORKOFEFS

Troubleshooting Encrypting File System

86

When I try to encrypt my files, it doesn't work.

• Make sure that the following conditions are true:• A recovery agent policy has been defined.• The file volume is NTFS.• The file is not compressed.• You have write access to the file.• Sometimes users think that the file is not encrypted because they can

open it and read the file. Remind them to verify that the file is encrypted by checking the file's attribute.

• Sometimes a user tries to encrypt a folder that has the compression attribute set or is on a compressed drive. First, you have to remove the compression attribute, and then you can encrypt.

87

I can't open files I have encrypted.

• Make sure you have the correct EFS certificate and private key for the file. If it is an old file, the public key and private key set might no longer be available. Expired certificates and private keys are archived. However, users can delete archived certificates and private keys, or they might be damaged. If so, recover the file as described earlier in this chapter.

• If the computer previously operated in stand-alone mode and is now a member of a domain, this can make a difference. The file might have been encrypted by using a local self-signed certificate issued by the computer, whereas the CA designated at the domain level is now the issuing authority.

88

Are there warnings to a user that a file goes from an encrypted state to an unencrypted state when copying or moving?

• There is no warning. Always check the properties of the resulting file to ensure that it is still encrypted.

89

I can't open an EFS file after upgrading from a previous build of Windows 2000. A message that read "Access denied" appeared, but I can still encrypt and open new EFS files.

• It is possible that the previous build is a domestic, nonexportable build with support for strong cryptography, and the new build is an international, exportable build with weaker cryptography. The weaker cryptography technology cannot handle files that have been encrypted using the stronger cryptography.

• If you qualify to use and deploy nonexportable cryptography, you can obtain the Encryption Pack CD from Microsoft and use it to convert Windows 2000 to support nonexportable, strong cryptography technology. This CD is not exportable. The Microsoft Enhanced Cryptographic Provider for Windows 2000 is available on this CD. Instructions on how to use the CD are provided with the CD.

90

When my virus check program runs, it cannot check all the files on my hard disk and I get "Access Denied" error messages.

• Your virus check program can only read files that have been encrypted by you. If other users have encrypted files on your hard disk, access to these files is denied to the virus check program. To perform a virus check for files that have been encrypted by other users, the other users must log on and run the virus check program.

91