USER MANAGEMENT
The management of users on a Windows 2000 system is critical to the security of the system and the organization. Proper procedures should be in place within the organization to identify the proper permissions each new user should receive. When an employee leaves the organization, procedures should be in place to make sure that the employee loses access rights to the organization's systems.
Adding Users to the System
When adding new users to the system, make sure you follow your User Management procedures. These procedures should define who may request new accounts and who may approve these requests. New users are added to a system or domain through the Computer Management tool. Select the Users item from Local Users and Groups. Then select New User from the Action menu. As with Windows NT, each user should have a unique user ID and their own account. If two users require the same access, then two accounts should be created and they should be placed in the same group. Under no circumstances should multiple users be given access to the same user ID.
Each new user ID should be given an initial password and the User Must Change Password at Next Logon box should be checked. This will force the user to change the password the first time she logs in. Never check the Password Never Expires box.
NOTE: Organizations should not use the same password for each new account. While this may simplify the task of establishing new accounts, it opens a potential vulnerability on the systems. If a new user account is established before the new employee has joined the organization, the account may be available for use by unauthorized individuals. All that is needed is the standard new user password. It is a better practice to choose strong and unique new user passwords.
Once that account has been created, it must be added to the appropriate groups. This can be done by going to each individual group, double-clicking it, and selecting the Add button. Alternatively, you can right-click on the newly created user and select Properties. Select the Member Of tab and add the appropriate groups to the list. Standard user accounts should not be part of the Administrator group.
In this tutorial:
- Windows 2000 Security Issues
- Setting up the System
- Local Security Policy Settings
- Logon Message
- LAN Manager Authentication Level
- System Configuration
- File Systems
- Network
- Account Settings
- USER MANAGEMENT
- Setting File Permissions
- System Management
- Analysis
- Configuration
- Validation
- Export
- Auditing a System
- Log Files
- Looking for Suspicious Signs
- Missing Log Files or Gaps in the Log Files
- Unknown Processes