Difference between revisions of "Windows Accounts"
From Stadm
Jump to navigationJump to searchLine 31: | Line 31: | ||
[[File:AD_rds.png|350px|Remote Desktop Services Profile]] | [[File:AD_rds.png|350px|Remote Desktop Services Profile]] | ||
==Group Policy== | ==Group Policy== | ||
+ | *Group Policy is a great way to configure commonly deployed settings to both Users and Computers, below we show some commonly used Group Policy settings and how to apply them to only certain users/groups or computers | ||
+ | *Open up Group Policy Management: gpmc.msc | ||
+ | |||
+ | ===Common Group Policies=== | ||
+ | *In many domain environments a lot of computers will have the same settings that have to be applied across all of them, a good example of this is networking and firewall rules | ||
+ | *While we can go individually to each computer and manually type in multiple search suffixes or a firewall rule to allow Incoming Echo requests(ping) it would take forever on multiple computers, in this example we show you how to apply a Group Policy Object to a set of computers | ||
+ | ===Adding Group Policy Object=== | ||
+ | ===Editing Group Policy Object=== | ||
+ | ===Deleting Group Policy Object=== | ||
+ | ===Windows Syncing Group Policy=== |
Revision as of 10:35, 7 July 2015
Contents
Windows Administration
Purpose
- Guide to how to setup a New User with a roaming profile using the GUI in Windows(RSAT)
- The rest of this guide assumes you have RSAT installed and know the common tools to administer a Windows computer, if not check out this wiki first: http://wiki.eri.ucsb.edu/stadm/Windows_Administration
- Common tools to edit/add users/groups and attributes in Active Directory
Active Directory Users and Computers - dsa.msc Group Policy Management - gpmc.msc
- These can be run from the Run box(Windows Key +R) or can be found under Administrative Tools in the control panel
- All domain joined computers logged in with a domain administrator account can manage the domain as long as you have RSAT installed, the following does not need to be run from any Server, it can be run from a local Windows 7 box as long as it is joined to the domain
Adding User/Group
- A user or a group can be manually added through the GUI from any domain joined computer
- Open Active Directory Users and Computers and navigate to the Organizational Unit(OU) you wish to create a user in.
- As shown above right click inside the organizational unit and you will get a drop down menu of items(you can also left click the "Action" button in the toolbar if in the appropriate OU to get the same menu)
- Navigate to New and in there you will have options to create a new User or Group along with other options
Editing Unix Attributes
- To change attributes about a user using the GUI find the user in the appropriate OU. Right click on the users name and hit "Properties"
- Inside of Properties you can change the Users information such as name, but more importantly you have options to add in user profiles, remote desktop profiles, unix attributes, etc.
- If you originally click the "Unix Attributes" tab there should be nothing inside of it, to give a user a specific UID number look at the example on the right
Setting User Roaming Profile
- Setting a users roaming profile is relatively straight forward, right click on the user you want to set a profile for and enter in the UNC path to where the folder is located
- For users that specifically use RDS we want to set up profiles a little differently, luckily there is a tab for setting up profiles only for when logging into an RDS server
- Click on the "Remote Desktop Services Profile" tab and type in the profile path to where the users profile is located, also select the Home Folder to be mounted to the users folder on the network share
Group Policy
- Group Policy is a great way to configure commonly deployed settings to both Users and Computers, below we show some commonly used Group Policy settings and how to apply them to only certain users/groups or computers
- Open up Group Policy Management: gpmc.msc
Common Group Policies
- In many domain environments a lot of computers will have the same settings that have to be applied across all of them, a good example of this is networking and firewall rules
- While we can go individually to each computer and manually type in multiple search suffixes or a firewall rule to allow Incoming Echo requests(ping) it would take forever on multiple computers, in this example we show you how to apply a Group Policy Object to a set of computers