Upload
rajpoot-sulahry
View
70
Download
5
Embed Size (px)
Citation preview
PRESENTATION OF INFORMATION SYSTEMS
PREPARED BY GROUP 1ASSIGNED BY MA’AM AMINA BATOOL
DATED: 5th sept. 2016
GHAYOOR-UL-DIN BABERSABAHAT QADEER
AYESHA SANAULLAHRIZWAN AHMED
GROUP MEMBERS
CONFIGURING, MANAGING,
AND TROUBLE-SHOOTING,LOCAL USERS,GROUP ACCOUNTS AND EFS
PRESENTATION TOPIC
CONTENTS
1. UNDERSTANDING LOCAL USERS2. PRACTICAL OF LOCAL USER ACCOUNTS3. TROUBLESHOOTING LOCAL USERS4. UNDERSTANDING GROUP ACCOUNTS5. PRACTICAL OF LOCAL GROUP ACCOUNTS6. TROUBLESHOOTING GROUP ACCOUNTS7. UNDERSTANDING EFS8. PRACTICAL OF EFS9. TROUBLESHOOTING EFS
Topic divisionConfiguration and management of
USER ACCOUNTSBy RIZWAN AHMED
Configuration and management of GROUP ACCOUNTS
By SABAHAT QADEERConfiguration and management of
EFSBy AYESHA ANAULLAH
Troubleshooting and practicalBy GHAYOOR
User AccountUser account is a collection of information that tells Windows
• Which files and folders administrator can access • What changes administrator can make to the computer • The personal preferences (desktop background or screen
saver etc ).
User accounts let administrator share a computer with several people, while having the own files and settings.Each person accesses his or her user account with a user name and password.
User A/Cs is useful for assigning to the user to participate in the network. 8
Types Of Accounts
There are two types of accounts
• Domain User Accounts
• Local User Accounts
9
Domain User Accounts
These are created in the Active Directory (AD)
and they proved centralized management of users
besides easy administration.
10
Local User Accounts
* These can be created on the Local machines where the client works.
* Example Windows 2000 professional, XP
professional or server 2003 member server etc.* These accounts do not provide centralized
management.* Suitable only for smaller organizations where
there is no server.
11
Creating a local user Accounts
Three methods for creating users in Windows XP Professional
• Control Panel → User Accounts
• Microsoft Consol
• Command
12
Creating User using from Control Panel
13
14
15
16
17
NOTE - Fast User Switching cannot be used if the Offline Files option is enabled.
Also, once the system is added to a domain administrator can no longer use Fast User
Switching, even if administrator log on to the workstation by using the local user account
database.
18
Creating User using Consol (compmgmt.msc, lusrmgr.msc)
“Using the Local Users and Groups Snap-in “On member server Log on to local account (Administrators and Power
Users)>Right click on my computer >Manage
19
1. Administrator can also type compmgmt.msc in the RUN box or from a command line to launch the Computer Management MMC.2. If administrator wants to directly open the Local Users and Groups MMC Type lusrmgr.msc from the RUN box or from a command line.
20
>Expand local users > Right click on users > New user
21
Supply the user name & Password
22
Enabling disabled administrator account
• START >SEARCH>TYPE “CMD”>RIGHT CLICK ON FIRST SEARCH>RESULT>RUN AS ADMINISRATOR>GIVE COMMAND “net user administrator: yes”>HIT ENTER
SUCCESS
23
Disabling enabled administrator account
• START >SEARCH >TYPE “CMD”>RIGHT CLICK ON FIRST SEARCH RESULT>RUN AS ADMINISRATOR>GIVE COMMAND “net user administrator:no”>HIT ENTER
SUCCESS
24
Steps to change password of local user accounts
• Log on to local user account>click on start control panel>user accounts and family safety link>click on user accounts link >click on the change password link enter new password>confirm password >type hint also(not compulsory)
success
• You can also remove password
25
PRACTICAL OF LOCAL USERACCOUNTS
Troubleshooting local users
27
To fix a corrupt windows user profile
• Microsoft says that a user profile can become corrupted if your antivirus software is scanning your PC while you try to log on, but it can also be caused by other factors.
• Troubleshooting• A quick fix can be to restart your PC but if this doesn’t
work you’ll need to restart again and bot into safe mode do this by pressing F8 before you see the windows loading screen and choosing safe mode from the menu that appears.
• Safe mode logs you into the built-in windows administrator account, but you find that some options do not work…
• or• create a new user profile and backup your saved data.
28
You are unable to open an app in windows
• Microsoft says that whenever you purchase or load a game or such an application that was designed for other windows… but you do not have that window…. The file will not run…
• Troubleshooting• You are required to right click on that application and
then “run as administrator”…… in this way you will be able to run such applications which were not designed for your windows..
29
Restoring files from deleted user accounts
• Control panel>User accounts>configure advanced user profile properties>create a new admin account>log on to new account>my computer>C-drive>Users new account >windows enabler?run as administrator >control panel>configure advanced user and profiles> copy from one user account to another user account……….
• success
30
I tried to log on to my user account but I keep getting message that the user name or password is incorrect
• •1. Caps Lock might be ‘on’:•Passwords in Windows are case-sensitive, which means that every time you type your password, you have to capitalize each letter in exactly the same way that you did when you first created it. If you have accidentally pressed Caps Lock, then you’re inadvertently typing your password in all capital letters. Make sure Caps Lock is off, and then type your password again.
31
Cont..
• 2.You might be typing the wrong password: If you can’t remember your password, you need to reset your password, either with a password reset disk or an administrator account.
3. An administrator on the computer might have reset your password: If your computer is on a network, a network administrator has the ability to reset your password. If you think this might be the problem, check with your network administrator. If your computer is in a workgroup, anyone who has an administrator account on the computer can change your password.
32
Cont..
• 4. You might be trying to log on to the wrong user account: If you have more than one user account on the computer, make sure you’re logging on to the account that matches the password you’re using. Use switch user to select the right account.
33
Cont..
• 5. You might forget you password: Forgetting password is most common issue. To overcome this issue use Reset Password option available at log on screen once you tried to insert a wrong password.
34
My computer is part of a domain and I want to log on to a local user account, not my domain account.
• To log on to a local user account on your computer, you need to know the name of your computer and the user name for the account that you want to log on to. To log on to a local user account, follow these steps:
• On the Welcome screen, click Switch User.• Click Other User.• In the user name field, type the name of your computer,
a backslash (\), and the user name for the account that you want to log on to. For example: computer name\user name
• Type your password, and then press Enter.
35
You receive a "The User Profile Service failed the logon” error message
• Troubleshooting • Method 1: Fix the user account profile• Method 2: Log on to Windows and copy your data to a new account• Method 3: Delete the error SID and create a new profile
36
Session B
CONFIGURING , MANAGING AND TROUBLESHOOTING OF
GROUP ACCOUNTS
Group Accounts
GROUP
What is a Group?The group is a collection of accounts that
share the same security rights and permissions.
GROUP ACCOUNTS
• A Group Account is a collection of user accounts. On a management server that is running Windows, you can create a group account to manage the privileges of multiple accounts together. By making a user account a member of a group, you give that user all the rights and permissions granted to the group.
CONT…
• Windows has a long list of predefined user groups which includes “Administrators” and “Users.”
• A user account is a member of at least one user group while some user accounts are members of two groups or more, depending on how they are set.
• User groups are managed automatically by Windows and you won’t need to fiddle with them, even though you can if you are an administrator.
CONT….
• For example, all user accounts that are set as administrators will be part of the “Administrators” group. Standard user accounts are part of the “Users” group. However, both types of user accounts will become members of the “HomeUsers” group, when you start using the Homegroup networking feature in Windows.
Local Users and Groups Consol* Displays all built in groups as well as groups
created by administrator.* The built-in groups are created automatically
when Windows XP is installed.
CONT…
Administrators
Members of the Administrator group have total control over the computer and everything on it. The user named Administrator is the default account within this group.
Administrators Can:* Create, modify, and access local user accounts• Install new hardware and software• Upgrade the operating system• Back up the system and files• Claim ownership of files that have become
damaged* Do anything a Power User can
Power Users and Users
The Power User class can perform any task except for those reserved for Administrators. But a power user can not
• Access other users' data without permission.• Delete or modify user accounts they did not
create.• Users can perform common tasks, but have little
power to affect the computer outside of their own account.
Users can perform common tasks, but have little power to affect the computer outside of their own account.
Guests and Backup Operators • Guests
• The Guests group grants limited access to occasional or one-time users. Once a Guest logsout, all files created by the guest is deleted.
• Backup Operators• Members of the Backup Operators group can back
up and restore files on the computer but they cannot change security settings.
• .
How to Create and Delete a User Group in Windows 7
• Note
• This could be useful if you would like to create a new group,add users to be a member of this group, then assign user rights to the group. This way you could have your own special custom group of users with user rights assignments that you set for them.
Create a New User Group
• Click on
• Right Click on
• Click on Manage
NEW GROUP
• In the left pane, click on Groups to open it. In the right pane of Groups, right click on a empty space, and click on New Group.
• Type in a "group name" (ex: New Group), a "description" (ex: Example of new group created) for the group, add users (ex: my user account "Brink") that you would like to be a member of this new group, then click on theCreate and Close buttons.
NEW GROUP
The new group has been created
NEW GROUP
• You can now assign user rights to the group, and add or remove users from being a member of this group at anytime
HOW TO DELETE A GROUP
• When you delete a group, all users that were a member of that group will automatically lose all user rights assigned to that group. Be very careful to not delete the wrong group. I would recommend to not delete any of the default groups, and only delete groups that you created and no longer need.
• I would highly recommend that you create a restore point before adding or deleting groups. This way if you make a mistake and delete the wrong group, you will be able to do a system restore at boot and select the restore point to undo the mistake.
• In the left pane, click on Groups to open it. In the right pane of Groups, right click on a group (ex: New Group) that you wanted to delete, and click on Delete. Warning
Delete a Group
CONT….
• Click on Yes to approve deleting the group.
• The group (ex: New Group) has been deleted.
• When finished, close Local Users and Groups.
Local Users and Groups Manager
• MANAGEMENT OF GROUP ACCOUNTS
Open "Local Users and Groups Manager"
• OPTION ONE • Open "Local Users and Groups Manager"
Directly• 1. Press the Windows + R keys to open the Run
dialog, type lusrmgr.msc, and press Enter. NOTE: This file is located at C:\Windows\System32\lusrmgr.msc.2. You can now set and manage the Local Users and Groups settings on your computer to how you want them.
OPTION TWO
• Open "Local Users and Groups Manager" in Computer Management
• 1. Open the Control Panel (icons view), and click/tap on the Administrative Tools icon.
2. Close the Control Panel window.
3. In Administrative Tools, click/tap on the Computer Management icon.
4. If prompted, click/tap on Yes.
5. Close the Administrative Tools window.
6. In the left pane of Computer Management, double click/tap on Local Users and Groups. (
OPTION TWO
You can now set and manage the Local Users and Groups settings on your computer to how you want them.
OPTION THREE
Open "Local Users and Groups Manager" in Advanced User Accounts
• 1. Press the Windows + R keys to open the Run dialog, type netplwiz, and press Enter. 2. If prompted by UAC, click/tap on Yes.3. Click/tap on the Advanced tab, and click/tap on the Advanced button.
• You can now set and manage the Local Users and Groups settings on your computer to how you want them
CONT….
PRACTICAL OF GROUP
ACCOUNTS
Troubleshooting Group Accounts
Two users out of three logon in their accounts 3rd cannot
Troubleshooting1. Check whether caps lock is on.2. Check whether you are entering right
password.3. It may be possible that an admin account
or the group manager has changed the user password.. Ask the manager or admin to check your password or reset your password…
But this is briefly discussed in group policies which is another vast discussion
A local user cannot view desktop icons
Troubleshooting 1st of all right click on the desktop screen. Now click on view. Click on view desktop icons.. If it doesn’t work then the group manager
may have customized group account policies for you.
Again group policy is another vast discussion and another topic.
Do you know??
1. Can an admin account create a new admin account?
2. Can an admin account change the password of the admin account created before?
3. Can local account change password of an admin account?
4. Can an admin account created before change the password of te account created after it?
5. Can an admin make local user an admin?
•6. Can a standard user access admin?•7. Can an admin view files of a standard user?•8. Can a standard user view the files of other standard user?•9. Can an admin view files of another admin?•10. In group accounts, can a standard user access admin accounts? Reason.
66
Session CCONFIGURING , MANAGING AND TROUBLESHOOTING OF
AYESHA SANAULLAH
Encrypting File System(EFS)
68
© ExplorNet’s Centers for Quality Teaching and Learning 69
Security Through Encryption
Encryption is the process through which the contents of files and folders are secured from unauthorized access.Contents are scrambled using keys, certificates, and
algorithms.Can only be read by an authorized user who has the
proper key.
© ExplorNet’s Centers for Quality Teaching and Learning 70
Encryption in Windows
Encrypting File System (EFS)A Windows file system feature that allows users to
encrypt information on all types of physical media. Available on all versions of Windows 7. Fully supported in the Professional, Enterprise,
and Ultimate versions. Partially supported on Starter, Home.
© ExplorNet’s Centers for Quality Teaching and Learning 71
Encryption in Windows
Files are not encrypted by default.When users choose to encrypt the file/folder appears
green in Windows Explorer.
© ExplorNet’s Centers for Quality Teaching and Learning 72
How to Use EFSA user chooses to secure
a file/folder with EFS through the Properties dialog box.
© ExplorNet’s Centers for Quality Teaching and Learning 73
How to Use EFSFrom the Advanced
attributes a user can choose to encrypt.
If “file only” encryption is done a second prompt asking to encrypt the folder may appear.
© ExplorNet’s Centers for Quality Teaching and Learning 74
1. When you mark a file for encryption EFS creates an encryption key. A key is a large, random number specific to that
file/folder. The encryption key is stored with the file.
2. EFS then uses the key and an algorithm to scramble the contents of the file. To authorized users the file appears normal. Unauthorized attempts to open the file result in
an “Access Denied” message.
© ExplorNet’s Centers for Quality Teaching and Learning 75
How EFS Works: Encryption
3. To link the key to your user account each file/folder key is encrypted with a personal file encryption certificate called an EFS Certificate.
4. Your EFS Certificate is stored in the Windows Certificate database.
© ExplorNet’s Centers for Quality Teaching and Learning 76
How EFS Works: Decryption
When you attempt to open an encrypted file this is approximately what happens.1. The file signals the need to be decoded.
To decode the file the encryption key is needed. The encryption is stored with the file, but…. Recall that the encryption key itself was
encrypted2. The OS calls for an EFS Certificate to decode the
encryption key.
© ExplorNet’s Centers for Quality Teaching and Learning 77
How EFS Works: Decryption
3. Windows finds your EFS Certificate because you are logged in to your user account. Because your EFS Certificate was used to
encrypt the file’s encryption key it can also be used to correctly decode the encryption key.
4. The OS decodes the file’s encryption key using your EFS Certificate.
5. The OS uses the file’s encryption key to decode the file.
© ExplorNet’s Centers for Quality Teaching and Learning 78
EFS TipsLoss or damage to an encryption key or EFS Certificate
means loss of the file/folder. Always have backups.
The Administrator account is the designated recovery agent if you ever lose access to a file.
Encrypting at the folder level is preferred. New files added to the folder are automatically
encrypted. Less chance of accidental file security breach.
Encrypting adds processing time to file accesses and increases file size significantly.
© ExplorNet’s Centers for Quality Teaching and Learning 79
BitLocker Drive Encryption
Encryption feature in the Enterprise and Ultimate versions of Windows 7 that works with TPM to secure entire disks instead of files.
Trusted Platform Module (TPM) A microchip on many motherboards that helps
protect the computer from being accessed if stolen, lost, or attacked. It works most effectively when paired with another system, like an OS.
© ExplorNet’s Centers for Quality Teaching and Learning 80
BitLocker To Go
Usually BitLocker is used to encrypt hard disk drives.BitLocker To Go allows the encryption of portable
media.
© ExplorNet’s Centers for Quality Teaching and Learning 81
Compression
The process of reducing the size of data without affecting the content.Compression is used by any company with a sizeable
amount of data. Storage is expensive. If the data is important there will be a backup
copy. Now you need twice as much storage.
© ExplorNet’s Centers for Quality Teaching and Learning 82
Compression
Files often consist of repetitive binary patterns.Mathematicians use this fact to develop compression
algorithms that replace the repetitive data with pointers.
Pointers take up much less space without compromising the data.
© ExplorNet’s Centers for Quality Teaching and Learning 83
How to Use Compression
Choose
© ExplorNet’s Centers for Quality Teaching and Learning 84
Compression Tips
Compressed files appear blue in Explorer.Compressed files cannot be encrypted.
If you want to encrypt, decompress first, then encrypt.
Different files have different compression ratios.Large, contiguous files usually experience the most
gain from compression. Video is a good example, lots of repeated frames.
© ExplorNet’s Centers for Quality Teaching and Learning 85
PRACTICAL WORKOFEFS
Troubleshooting Encrypting File System
86
When I try to encrypt my files, it doesn't work.
• Make sure that the following conditions are true:• A recovery agent policy has been defined.• The file volume is NTFS.• The file is not compressed.• You have write access to the file.• Sometimes users think that the file is not encrypted because they can
open it and read the file. Remind them to verify that the file is encrypted by checking the file's attribute.
• Sometimes a user tries to encrypt a folder that has the compression attribute set or is on a compressed drive. First, you have to remove the compression attribute, and then you can encrypt.
87
I can't open files I have encrypted.
• Make sure you have the correct EFS certificate and private key for the file. If it is an old file, the public key and private key set might no longer be available. Expired certificates and private keys are archived. However, users can delete archived certificates and private keys, or they might be damaged. If so, recover the file as described earlier in this chapter.
• If the computer previously operated in stand-alone mode and is now a member of a domain, this can make a difference. The file might have been encrypted by using a local self-signed certificate issued by the computer, whereas the CA designated at the domain level is now the issuing authority.
88
Are there warnings to a user that a file goes from an encrypted state to an unencrypted state when copying or moving?
• There is no warning. Always check the properties of the resulting file to ensure that it is still encrypted.
89
I can't open an EFS file after upgrading from a previous build of Windows 2000. A message that read "Access denied" appeared, but I can still encrypt and open new EFS files.
• It is possible that the previous build is a domestic, nonexportable build with support for strong cryptography, and the new build is an international, exportable build with weaker cryptography. The weaker cryptography technology cannot handle files that have been encrypted using the stronger cryptography.
• If you qualify to use and deploy nonexportable cryptography, you can obtain the Encryption Pack CD from Microsoft and use it to convert Windows 2000 to support nonexportable, strong cryptography technology. This CD is not exportable. The Microsoft Enhanced Cryptographic Provider for Windows 2000 is available on this CD. Instructions on how to use the CD are provided with the CD.
90
When my virus check program runs, it cannot check all the files on my hard disk and I get "Access Denied" error messages.
• Your virus check program can only read files that have been encrypted by you. If other users have encrypted files on your hard disk, access to these files is denied to the virus check program. To perform a virus check for files that have been encrypted by other users, the other users must log on and run the virus check program.
91