Creating and managing user accounts in Microsoft Windows SBS 2011

Exclusive offer: get 50% off this eBook here
(MCTS): Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) Certification Guide

(MCTS): Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) Certification Guide — Save 50%

A compact certification guide to help you prepare for and pass the Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) exam with this book and ebook

$29.99    $15.00
by Drew Hills (MCITP MCSE DCNE SBSC BEngTech (Elec) ) Robert Crane (BE MBA MCP) | April 2012 | Enterprise Articles Microsoft

The majority of time administrating a network is spent managing users. Users not only need access to a Windows Small Business Server (SBS) 2011 network but they all need access to its resources. The key to good network administration is doing this in the most effective manner. Probably the most important part of a network will be the users. They need access to the resources on the server as well as the services that it provides. To do this securely they are firstly going to need a network login ID that identifies them to the domain. They will typically use this login ID at a workstation connected to the domain.

In this article by Robert Crane and Drew Hills, co-authors of (MCTS): Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) Certification Guide, we shall look at creating and managing user accounts.

 

(For more resources on Microsoft, see here.)

A user account or object in a Windows Server domain is a security mechanism that allows a person to access the resources of the network by "logging in" to the network. Doing so with the correct credentials automatically provides the user with the configured rights to network resources such as files, folders, printers, and so on.

Most importantly, Windows SBS 2011 Standard is just like any Windows Server in that it leverages the power of Active Directory to manage and maintain these user objects. The major difference that Windows SBS 2011 Standard brings with it is that the majority of these tasks can be accomplished via wizards. Using the wizards not only reduces the time taken to administer a Windows SBS 2011 Standard network, but it also always produces a consistent result. For these reasons alone every Windows SBS 2011 Standard administrator should always use the wizards when administrating their network, especially when working with user accounts.

 

Creating, editing, and deleting user accounts

It is important that you always use the Windows SBS 2011 Standard Console and wizards when you create, edit, or delete any users. The main reason is that the wizards do a number of things behind the scenes to ensure everything works correctly on the Windows SBS 2011 Standard system. Creating users manually via native Active Directory tools may result in features not being enabled. The wizards are there to do all the hard work and create the accounts for you in Active Directory; so don't fear they are doing something different, they aren't. They are there to make an administrators' life easier, so use them every time. This cannot be stressed strongly enough.

To create a new user:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Users and Groups icon.
  3. Select the Users tab:

    (Move the mouse over the image to enlarge.)

  4. You should now see a list of any existing users and you should also see the option Add a new user account link under the Tasks section to the right. Click this option to create a new user.
  5. The Add a New User Account wizard now runs. Enter the details for the user. Also select the role for that user from the drop-down list. When complete, click the Next button to continue.
  6. At the next screen you will be prompted to enter the user's password. It is important to note that you cannot progress past this screen until you have entered a password that conforms to both length and complexity requirements. These requirements can be modified in the system if required. Once you have entered a suitable password, the Add user account button will be available. Click this to continue.
  7. The wizard will now run and create a network account for the user, create a home folder for that user, an e-mail account, set appropriate quotas, and send a Welcome e-mail to the user's inbox. When complete, click the Finish button:

You should now see the user you created appear in the list of Users.

To edit an existing user account, simply:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Users and Groups icon.
  3. Select the Users tab.
  4. Select the user you wish to edit from the list of users that is displayed.
  5. From the Tasks list on the right, select Edit user account properties.
  6. You shouldnow see all the properties of the user displayed in a window, as shown in the next screenshot. Simply select the desired section from the left and make any changes to the properties on the right. Click the OK button to save the changes and return to the Windows SBS 2011 Standard console:

To delete an existing user account:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Users and Groups icon.
  3. Select the Users tab.
  4. Select the user you wish to delete from the list of users that is displayed.
  5. On the right-hand side, under the Tasks pane select Remove user account.
  6. You'll be prompted to confirm that you wish to delete the selected account. By default doing so will also remove that user's mailbox and shared folder. If you don't desire this, simply uncheck these options before clicking the Yes button to proceed:

  7. The selected account will then be removed from the system and you should receive a confirmation that the process completed successfully. When this is displayed simply click the OK button. This will take you to the Windows SBS 2011 Standard Console and you should notice that the selected user no longer appears in the list.

 

Assigning permissions to users

To assign permissions to an existing user account you will need to edit that account. To do this:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Users and Groups icon.
  3. Select the Users tab.
  4. Select the user you wish to edit from the list of users that is displayed.
  5. From the Tasks list on the right, select Edit user account properties.
  6. You should now see all the properties of the user displayed in a window, as shown in the following screenshot. Simply select the desired section from the left and make any changes to the properties on the right:

  7. For example, if you wish to change the user's rights to the files on the server, this would normally be done via the Groups option. If you select the Groups option, you will be shown a list of groups that the user belongs to. You can select an existing group and remove it or you can add a group. Adding a user to a group will automatically provide them access to whatever the group has access to.
  8. Click the OK button to save the changes and return to the Windows SBS 2011 Standard console.

You can also change the user's permissions by changing their role on the network. In this way, you can promote or demote a user to the same level as any pre-configured user role. To make this change:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Users and Groups icon.
  3. Select the Users tab.
  4. Select the user you wish to edit from the list of users that is displayed.
  5. From the Tasks list on the right, select Change user role for user accounts.
  6. The wizard will then prompt you to select which role you wish that user to assume, as previously shown. You can also elect to Replace user permissions or settings or Add user permissions or settings:

  7. You will then be asked to select one or more users from a list of users whose role you wish to change. Once the selection process is complete click the Change user role button.
  8. The wizard will now run and when complete you will be provided with a status window as to the success of the process. Click the Finish button to complete the process.

The user will now have either the same permissions as the role you selected, or the merged permission of the user role and the existing rights, depending on what option you selected during the process.

 

(MCTS): Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) Certification Guide A compact certification guide to help you prepare for and pass the Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) exam with this book and ebook
Published: May 2012
eBook Price: $29.99
Book Price: $49.99
See more
Select your format and quantity:

 

(For more resources on Microsoft, see here.)

Assigning users to computers

Users created in the Windows SBS 2011 Standard console are automatically given rights to client machines that are configured using the Windows SBS 2011 Standard wizards. It is however possible to control what level of access these users have on those machines and whether they also have remote access rights enabled.

There are two ways to configure these rights, both through the Windows SBS 2011 Standard Console. The first is via Computer and the second via Users and Groups.

To control the access of users to client computers via the Computer option:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Network icon.
  3. Select the Computers tab.
  4. Select the Computer you wish to edit from the list under the Client Computers heading in the lower half of the screen.
  5. From the Tasks list on the right, select View computer properties.
  6. Select the User Access option from the menu on the left.
  7. You should then see a list of network users. You can add or delete any existing users and you can select a user and change their Access level for this computer from the option at the bottom of the screen. You can select from Standard User or Local Administrator.
  8. You will also notice here that you have the option to allow the user to Remotely access this computer. Simply select the option to enable this if desired.
  9. Click the OK button to save any changes made.

To control the access of users to client computers via the Users and Groups option:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Users and Groups icon.
  3. Select the Users tab.
  4. Select the user you wish to edit from the list of users that is displayed.
  5. From the Tasks list on the right, select Edit user account properties.
  6. Select the Computer option from the menu on the left-hand side.
  7. Again you can't add or delete any network computers but you can select one and change the Access level that user has from the option at the bottom of the screen. You may select from Standard User or Local Administrator.
  8. You will also notice here that you have the option to allow the user to Remotely access this computer. Simply select this option to enable this if desired.

  9. Click the OK button to save any changes made

 

Configuring user RWA access using Windows SBS console

The ability to remotely access the Windows SBS 2011 Standard server and networked workstations is provided via Remote Web Access (RWA) and is easily controlled via the SBS Console. There are two ways of doing this from the console, either individually for each user or for a group of users.

To make changes to the access rights of an individual user:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Users and Groups icon.
  3. Select the Users tab.
  4. Select the user you wish to delete from the list of users that is displayed.
  5. From the Tasks list on the right, select Edit user account properties.
  6. You should now see all the properties of the user displayed in a window. Select the Remote Access option from the left, as shown in the following screenshot, and then check the option User can access Remote Web Access on the right. Click the OK button to save the changes and return to the Windows SBS 2011 Standard console:

To make changes to the access rights of a group of users:

  1. Run the Windows SBS 2011 Standard Console.
  2. Select the Shared Folders and Websites icon.
  3. Select the Web Sites tab.
  4. Select the Remote Web Access item from the list.
  5. Select Manage Permissions from the Task list on the right.
  6. You should now see all the properties of the Remote Web Access displayed in a window. Select the Permissions option from the left, as shown in the following screenshot, and then select the Modify button to make any changes. This will display a standard list of users and groups that you can either add or remove from the group access list. Click the OK button to save the changes and return to the Remote Web Access Properties page. Click OK again to close and save changes:

 

Properties and native tools

As Windows SBS 2011 Standard is built using Windows Server 2008 R2, it still has available all the native tools any Windows Server has to work with. You can still access these tools directly from the Start Menu if required. However, as mentioned previously, Windows SBS 2011 Standard provides a number of wizards to not only simplify the tasks of administration, but also to systemize the way that objects are used on the server. It is for these and other reasons that the Windows SBS 2011 Standard wizards should be used in all circumstances. It is also important to remember that the native Windows Server tools can also be used if the functionality is not covered by the standard wizards.

You will find most of the native Windows Server tools under the Administrative tools section which you can access from the server via the Start menu. From there you will see the standard list of native Windows Server tools including things such as Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and so on. These are all available to administrators to use but should be used with caution as the results of using these tools generally don't flow back to the Windows SBS 2011 Standard console. This may mean that changes made using the native tools are not displayed in the Windows SBS 2011 Standard Console, making future management more difficult.

If however, you have a need to add a user to additional security groups, such as Account Operator Group, you will need to use the native tool Active Directory Users and computers.

 

Summary

This article covered the creation of user and accounts as well as their management.


Further resources on this subject:


(MCTS): Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) Certification Guide A compact certification guide to help you prepare for and pass the Microsoft Windows Small Business Server 2011 Standard, Configuring (70-169) exam with this book and ebook
Published: May 2012
eBook Price: $29.99
Book Price: $49.99
See more
Select your format and quantity:

About the Author :


Drew Hills (MCITP MCSE DCNE SBSC BEngTech (Elec) )

Drew is a Microsoft Certified IT Professional (Enterprise Administrator), Microsoft Certified Systems Engineer, and a Microsoft Small Business Specialist 2003, 2008 and 2011. He is also a D-Link Certified Network Engineer, and holds a Bachelor of Engineering Technology (Electrical and Electronic Engineering). Drew has passed 18 different Microsoft Certification exams thus far, and he aims to continue to use Microsoft Certification Exams as a means of staying current in the IT industry.

Drew is a past owner of a successful ICT company which ran for seven years, before selling his company. He has since been working as an Operations Manager or as a Senior Systems Engineer for a number of Managed Services based support companies, whilst enjoying a greater work life balance. Drew describes himself as a quiet achiever, however, he is an active and regular contributor to the SMB IT Professional community in Australia.

In the 13 plus years Drew has worked in IT, his primary focus has always been on the SMB client base, with the majority being based on the Microsoft SBS product range. Drew divides his passion equally between the SMB client base and the Microsoft technologies that support these clients.

Robert Crane (BE MBA MCP)

Robert has a degree in Electrical Engineering as well as Masters of Business Administration. He is also a Small Business Specialist and Microsoft Certified SharePoint Professional. In 2012 he was awarded Microsoft’s Most Valuable Professional (MVP) award for his contributions to the Office 365 product. Robert has over 15 years of IT experience in a variety of fields and positions, including working on Wall St in New York. He was the founder and Principal of the Computer Information Agency.

Apart from resolving client technical issues, Robert continues to present at seminars locally and internationally, as well as write on a number of topics for the Computer Information Agency. He also develops and presents technology courses on a regular basis on topics including SharePoint and Office 365. Robert is committed to a process of on-going business and technical education to continue developing the skills required to assist clients with their business challenges.

Books From Packt


Microsoft Silverlight 5 and Windows Azure Enterprise Integration
Microsoft Silverlight 5 and Windows Azure Enterprise Integration

BizTalk Server 2010 Cookbook
BizTalk Server 2010 Cookbook

Microsoft SQL Server 2008 R2 Administration Cookbook
Microsoft SQL Server 2008 R2 Administration Cookbook

MDX with Microsoft SQL Server 2008 R2 Analysis Services Cookbook
MDX with Microsoft SQL Server 2008 R2 Analysis Services Cookbook

Microsoft SQL Server 2008 R2 Master Data Services
Microsoft SQL Server 2008 R2 Master Data Services

(MCTS): Microsoft BizTalk Server 2010 (70-595) Certification Guide
(MCTS): Microsoft BizTalk Server 2010 (70-595) Certification Guide

Microsoft SQL Server 2012 Performance Tuning Cookbook
Microsoft SQL Server 2012 Performance Tuning Cookbook

Microsoft Windows Azure Development Cookbook
Microsoft Windows Azure Development Cookbook


No votes yet

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
e
x
y
N
Q
3
Enter the code without spaces and pay attention to upper/lower case.
Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software