The DameWare NT Utilities Users window view provides for centralized remote management of creating user(s) and also allows multi-select copying, deleting and renaming functionality. Microsoft Exchange User properties and Windows Terminal Server User properties are dynamically accessible through the Users view window. Users can be copied to both machines and domains including the existing user password. DameWare NT Utilities supports drag and drop of users when adding or removing from groups. Drag and drop of Users to machines and domains in the Network Browser is also available including the existing User(s) passwords. Note: When using the Copy To option, you may select to keep the existing password, set the password to the same as the UserID, leave the password blank or specify a password to use.
DameWare NT Utilities provides a robust interface through the Users window view for all aspects of remote user management. DameWare NT Utilities has been designed to allow multiple user additions from a single window view. This useful feature is ideal for establishing sets of users for training classes, server migration, contract employee setup, etc. The New Multiple option allows multiple new users to be added with several configurable options including:
Name and password schema(s)
User profile information including logon script names and home directory options
Hours during the day that the user(s) is/are allowed logon access
Remote Access Administration options including call back and dial in permissions
Account expiration and account type
Workstation log in privileges
User account security management including Account Policy, User Rights and Audit Policy can be managed through this Users window view. Administration of user accounts can be performed for the highlighted user account by selecting the properties option. Once the properties option is selected, DameWare NT Utilities will dynamically determine the role that the selected machine is playing in the network and will then display the appropriate user options in the tabbed dialog window presented.
User Manage user property information like name, comments and password here. This is also where password expiration and account-disabled properties can be set. The password Age and password Last Changed date are displayed in the lower right hand portion of this dialog.
Group User group membership and primary group properties can be set.
Profile # User profile paths, login script and home directory properties can be set in this option. Terminal Server Home Directory properties can also be set here.
Configuration # User options for Windows Terminal Server
Hours* Valid user access times can be set in this option by hour and day of the week.
Workstations* User workstation login properties are specified in this option.
Account* Set user account expiration and account type.
Dialin User dial in privileges are set in this option as well as call back options.
Notes: * These options are only available for Windows NT/2000/2003 server/domain controller machines.
# Only available for NT Server(s) running Windows Terminal Server.
Macros supported: %USERNAME%, %USERFULLNAME%. When adding multiple new users you can specify ANSI C or UNIX® C sprintf functions format specifications. For example: change TestUser%d to TestUser%03d would give you resulting user accounts of TestUser001, TestUser002, etc.
Creating new users’ home directories and appropriate security. The following examples will illustrate this functionality.
ü When drive letter E: is entered and the path entered is \\server\users\%USERNAME% - this will work as long as the folder ’r;users’ already exists and is shared.
ü When drive letter E: is entered and the path entered is \\server\c$\%USERNAME% - this will create the folder to the c:\root drive, such as c:\jdoe
ü When drive letter E: is entered and the path entered is \\server\c$\users\%USERNAME% - this will also create the folder on the server c: drive, as in c:\users\jdoe, however the folder ’r;users’ must already exist.
The following is a brief summary of the Windows NT/2000/XP/2003/Vista/2008/Windows7 Security policies.
Account Policy The Account Policy controls how passwords must be used by all user accounts. It defines things such as the maximum password age, minimum password age, minimum password length, whether a password history is maintained and whether users must log on before changing their passwords. It also determines lockouts. If locking out is enabled, then a user account cannot log on after a number of failed attempts to log on to that account within a specified time limit between failed attempts. Lockout can also occur from attempting to change the password using an incorrect password for the old password. A locked account remains locked until an administrator unlocks it or a specified amount of time passes. The Account Policy also determines whether or not a remote user is forcibly disconnected from a domain when that user’s logon hours expire.
Note: Failed password attempts against workstations or member servers that have been locked using Ctrl+Alt+Delete or password protected screen savers, do not count against account lockout settings entered in User Manager for Domains.
User Rights Policy The User Rights Policy manages the rights granted to groups and user accounts. A right authorizes a user to perform certain actions on the system. A user who logs on to an account to which the appropriate right have been granted can carry out the corresponding actions. When a user does not have appropriate rights, attempts to carry out those actions are blocked by the system. User rights apply to the system as a whole and are different from permissions, which apply to specific objects. The rights granted to a group are provided to the members of that group. In most situations, the easiest way to provide rights to a user is to add that user’s account to one of the built-in groups that already possesses the needed rights rather than by administering the User Rights Policy. The DameWare NT Utilities User Rights window view will allow selection to show the Standard User Rights, Advanced User Rights or All User Rights. Once selected, the value will be saved when the User Rights window view is entered again.
Audit Policy You can track selected user activities by auditing security events and storing the data in a security log. Your Audit Policy specifies the types of security events to be logged. These types can range from system-wide events (such as a user logging on) to specific events (such as a user attempting to read a particular file). They can include successful events, unsuccessful events or both. When you administer domains, the Audit Policy affects the security logs of all domain controllers. When you administer a computer that is not a domain controller, the Audit Policy affects the security log of only that computer (running Windows NT/2000/XP/Vista/Windows7 Workstation or Windows NT/2000/2003/2008 Server). You can use Event Viewer to review events in a security log, the local machine.