Article DirectoryJust another article directory

The Run As program allows a user to run specific tools anci windows 7 configuration programs with permissions other than those provided by the account with which the user is currently logged on. Therefore, you can use the Run As program to run administrative tools with either local or domain administrator rights and permissions while logged on as a normal user. The Run As program can be used to start any program, Microsoft Management Console (MMC) tool, or Control Panel item, as long as
You provide the appropriate user account and password information
The user account has the ability to log on to the computer
The program, MMC tool, or Control Panel item is available on the system and to the user account
The Run As program is usually used to run programs as an administrator, although it is not limited to administrator accounts. Any user with multiple accounts can use Run As to run a program, MMC tool, or Control Panel item with alternate credentials. The Run As program can be invoked on the desktop or by using the Runas command.
To invoke the Run As program from the desktop, complete the following steps:
1.In Windows Explorer, or on the Start menu, right-click the program, MMC tool, or Control Panel item you want to open, and then click Run As.
In the Run As dialog box, shown in MCITP exams, click The Following User.
Type the user name and password of the account you want to use in the User Name and Password boxes, respectively. Click OK.
If you attempt to start a program, MMC tool, or Control Panel item from a network loca?tion using the Run As program, it might fail if the credentials used to connect to the network share are different from the credentials used to start the program. The credentials used to run the program might not be able to gain access to the same network share. If the Run As program fails, the Secondary Logon service might not be running. You can set the Secondary Logon service to start automatically when the system starts using the Secondary Logon Service option in the Services console.

Read more on Using the Run As the Program…

For optimum security, Microsoft recommends A+ certificate that you do not assign administrators to the Administrators group and that you avoid running your computer while logged on as an administrator. This lesson examines reasons why you should not run your computer as an administrator and the actions you should take to ensure security for administrators.
Why You Should Not Run Your Computer as an Administrator
Running Windows Server 2003 as an administrator makes the system vulnerable to Trojan horse attacks and other security risks. The simple act of visiting an Internet site can be extremely damaging to the system. An unfamiliar Internet site might contain Trojan horse code that can be downloaded to the system and executed. If you are logged on with administrator privileges, a Trojan horse could possibly reformat your hard drive, delete all files, create a new user account with administrative access, and so on.
Therefore, you should not assign yourself to the A+ Exams Administrators group and you should avoid running your computer while logged on as an administrator. For most computer activity, you should assign yourself to the Users or Power Users group. When you log on as a member of the Users group, you can perform routine tasks, including running programs and visiting Internet sites, without exposing your computer to unnecessary risks. As a member of the Power Users group, you can perform routine tasks and also install programs, add printers, and use most Control Panel items. If you need to perform an administrator-only task, such as upgrading the operating system or configuring system parameters, you should log on as an administrator, perform the task, and then log off. If you frequently need to log on as an administrator, you can use the Run As program to start programs as an administrator.
You use the Active Directory Users And Computers console to create groups,delete groups, add members to groups, and change the group scope.
With the necessary permissions, you can create groups in any domain in the forest, in an OU, or in a container you have created specifically for groups. The name you select for a group must be unique in the domain where you create the group.
You cannot change the group scope for free practice questions domains with a domain functional level set to Windows 2000 mixed.

Read more on the Administration Strategies…

After you assess user needs and have a MCTS group plan in place, you are ready to create your groups. Once you have created groups, you might find it necessary to carry out various administrative tasks to maintain them. This lesson shows you how to create groups, delete groups, add members to groups, and change the group scope.
Creating a Group
You use the Active Directory Users And Computers console to create groups. With the necessary permissions, you can create groups in any domain in the forest, in an OU, or in a container you have created specifically for groups. The name you select for a group must be unique in the domain where you create the group.
To create a group, complete the following steps:
1.Click Start, point to Administrative Tools, and then click Active Directory Users And Computers.
2.Right-click the appropriate domain, OU, or container, point to New, and click Group.
In the New Object-Group dialog box, shown in mcts certification, type the name of the group in the Group Name box. Note that an entry automatically appears in the
Group Name (Pre-Windows 2000) box, based on the group name you typed.
Select the group scope in the Group Scope box. Select the group type in the Group Type box. Click OK.
Group scopes allow you to use groups in different ways to assign permissions. The three group scopes are global, domain local, and universal. Global security groups are most often used to organize users who share similar network access requirements. Domain local security groups are most often used to assign permissions to resources. Universal security groups are most often used to assign permissions to related resources in multiple domains.

Read more on Creating and Administering Groups…

Use universal groups to grant or deny access to plus benefits resources that are located in more than one domain. As discussed earlier in this lesson, when membership of any universal group changes, the changes must be replicated to every global catalog in the forest unless the Windows Server 2003 forest functional level is used. This action can cause excessive network traffic. Therefore, you should define universal groups with caution. Follow these guidelines to ensure minimal impact on replication traffic:
Add global groups, not users, to universal groups The global groups are the members of the universal group. Keep the number of group members in universal
groups as low as possible and minimize the number of individual users.
Change the membership of universal groups as infrequently as possible By requiring all members of universal groups to be global groups and making individual membership changes in the global CompTIA A+ certification groups, the membership changes you make to the global groups do not affect the universal groups or replication traffic.
Now that you’ve completed the worksheet, answer the following questions:
1.Does your network require local groups?No. The scenario presents no need to create local groups, which you can use only on a single computer.
2.Does your network require universal groups?No. The scenario presents no need to create universal groups. Your domain has no groups that need to have access to resources in multiple domains and also need to have members from multiple domains.
3.Sales representatives at the company frequently visit the company headquarters and other divisions. Therefore, you need to give sales representatives with user accounts in other domains the same permissions for resources that sales representatives in your domain have. You also want to make it easy for administrators in other domains to assign permissions to sales representatives in yotir domain. How can you accomplish this?
Create global groups for sales representatives in all other domains. Add these global groups to the appropriate domain local groups in your domain. Tell administrators in other domains about the global group that represents sales representatives in your domain. Have the administrators add the sales representatives group from your domain to the appropriate domain local groups in their domains.
A group is a collection of Network+ certification users, computers, contacts, and other groups. Distribu-tion groups are used only for e-mail. Security groups are used to grant access to resources.

Read more on Planning Universal Groups…

Modifications that you make to user accounts that affect the Security+ certification functionality of the user accounts include the following:
Rename a user account when you want to retain all rights, permissions, and group memberships for the user account and reassign it to a different user. For example, if there is a new company accountant replacing an accountant who has left the company, rename the account by changing the first,last, and user logon names to those of the new accountant.
Disabling and enabling a user account Disable a user account when a user does not need an account for an extended period, but will need it again. For
example, if a user takes a two-month leave of absence, you would disable his or her user account at the beginning of the leave. When the user returns, you would enable his or her user account so that he or she could log on to the network again.
Deleting a user account Delete a user account when an employee leaves the organization and you are not going to rename the user account. You might decide
first to disable such an account and then delete it at a later time. This allows sy0-201 security access to any items to which the user had exclusive rights or time to assign the account to another user. In the end, if the account remains unused, you should delete it so you do not have unused accounts in Active Directory.
To modify a user account, you make changes to the user account object in Active Directory. To complete the tasks for modifying user accounts successfully, you must have permission to administer the OU or container in which the user accounts reside. The procedures for renaming, disabling, enabling, and deleting user accounts are very similar.
To reset a user password
1.Click Start, point to Administrative Tools, and then click Active Directory Users And Computers.
2.Expand the appropriate domain, and then click the appropriate OU.
3.In the details pane, select the user account for which you want to reset a password. Click Action.
4.On the Action menu, click Reset Password.
In the Reset Password dialog box, shown in free test questions, type a new password for the user in the New Password box. Confirm the password in the Confirm Password box. Select User Must Change Password At Next Logon to force the user to change his or her password the next time he or she logs on. Click OK.

Read more on Renaming, Disabling, Enabling, and Deleting The User Accounts…

A home folder is an additional folder that you can provide for users to social networking benefits store personal documents, and for older applications, it is sometimes the default folder for saving documents. You can store a home folder on a client computer or in a shared folder on a file server. Because a home folder is not part of a roaming user profile, its size does not affect network traffic during the logon process. You can locate all users’ home folders in a central location on a network server. Storing all home folders on a file server provides the following advantages:
Users can gain access to their home folders from any client computer on the network.
The backing up and administration of user documents is centralized.
The home folders are accessible from a client computer running any Microsoft operating system (including MS-DOS, Windows 95, Windows 98, Windows Me,
Windows 2000, and Windows Server 2003).
To create and test a mandatory user profile
1.Log on to Serverl as Administrator.
2.On Serverl, use the procedures provided earlier in this lesson to create a mandatory user profile for User9.
Create a mandatory user profile template named ProfileTemplate. Right n10-004 exam click anywhere on the desktop, then click Properties. In the Display Properties dialog box, click the Appearance tab. Notice the current color scheme. In the Appearance tab, in the Scheme list, select a different color scheme, then click OK. This change takes effect immediately.
Define the mandatory user profile template storage location by creating a subfolder named Mandatory in a folder named Profiles on your C drive, where C is the name of your system drive.
Define the mandatory user profile. Ensure that User9 is permitted to use the mandatory user profile.
Assign the mandatory user profile to the User9 user account.Configure the user profile as mandatory.
3.Log on to Server2 as User9. Were screen colors saved? Why or why not?
Yes, because the screen colors are saved in User9′s mandatory user profile.
4.Right-click anywhere on the desktop, then click Properties. In the Display Properties dialog box, click the Appearance tab. In the Scheme list, select a different color scheme, then click OK. This change takes effect immediately.
5.Log off and log on as the same user, User9. Were screen colors you set in step 4
saved? Why or why not?
No, because the screen colors are saved in comptia security mandatory user profile. The mandatory user profile is read-only and cannot be changed by users.
6.Log off Server2.

Read more on The Home Folders…

Defining a Mandatory User Profile You define a mcitp certifications mandatory user profile by selecting the profile template, specifying the path to the folder you created to store the mandatory user profile, and selecting the user or group you want to be able to use the mandatory user profile in the User Profiles tab in the System Properties dialog box.
To define a mandatory user profile, complete the following steps:
1.Locate the System Properties dialog box with the User Profiles tab that you left open when creating the mandatory user profile template.
2.In the LIser Profiles dialog box, shown previously in Figure 7-10, select the user whose profile you want to use as the mandatory user profile, then click Copy To.
The user account should be the same one you created for the mandatory user profile template in the previous procedure.
3.In the Copy To dialog box, shown in Figure 7-11, type the path to the folder you created to store the mandatory user profile in step 1, using the format
mcitp 2008. In the Permitted To Use box, click Change.
4.The Confirm Copy message box appears, stating that the folder you created to store the mandatory user profile in step 1 already exists and that the current contents will be deleted. This message appears because you already created the folder for the profile. Click Yes.
5.In the User Profiles dialog box, click OK. In the System Properties dialog box,click OK.
Assigning a Mandatory User Profile to a User Account You assign a mandatory user profile to a user account by indicating the path to the folder you created to store the mandatory user profile in the Profile tab in the Properties dialog box for the user account.
To assign a mandatory user profile to a user account, complete the following steps:
1.Click Start, point to Administrative Tools, and then click Active Directory Users And Computers.
2.Expand the appropriate domain, and then click the appropriate OU.
3.In the details pane, double-click the user account(s) to which you want to assign the mandatory user profile.
4.In the Properties dialog box for a user account, click the Profile tab.
5.In the Profile tab, shown previously in Figure 7-9, in the Profile Path box, type the path to the folder you created to store the mandatory user profile, using the free certification. Click OK.Close the Active Directory Users And Computers console.
Windows Server 2003 has four categories of default groups: groups in the Builtin folder, groups in the Users folder, special identity groups, and default local groups.

Read more on User Profile Types…

Adding groups to other groups, or nesting, helps reduce the number of times plus benefits permissions need to be assigned. Create a hierarchy of groups based on the needs of the members. Windows Server 2003 allows unlimited levels of nesting in domains with a domain functional level set to Windows 2000 native or Windows Server 2003 .
For example, you can create a group for each region in your organization and add managers from each region into their own group, called Regional Managers. You can then add each Regional Managers group to another group called Worldwide Managers. When all managers in the network need access to a resource, you assign permissions only to the Worldwide Managers group. Because the Worldwide Managers group contains all members of the Regional Managers groups through nesting, all managers in the network can reach the resource. This strategy allows for easy assignment of permissions and decentralized tracking of group membership.
This group supports directory replication functions and is used by the file replication service on domain controllers. By default, the group has no members. The only member should be a domain CompTIA A+ Essentials user account used to log on to the Replicator services of the domain controller. Do not add users to this group.
This group exists only on domain controllers. By default, the group has no members. Members can log on to a server interactively, create and delete network shares, start and stop services, back up and restore files, format the hard disk of the computer, and shut down the computer.
Terminal Server License Servers
Members are prevented from making accidental or intentional systemwide changes. Members can run certified applications, use printers, shut down and start the computer, and use network shares for which they are assigned permissions. Members cannot share folders or install printers on the local computer. By default, the Domain Users group is a member.
Members have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects.
User accounts, computer accounts, and global groups from the same domain
User accounts, computer accounts, global groups, and universal groups from any domain; domain local groups from the same domain User accounts, computer accounts, global groups, and other a+ exam papers universal groups from any domain in the forest.

Read more on Group Nesting…

The has been designed for professionals who analyze the business requirements. The autor devote herself to research the problems and knowledge of IT Certification.If you have any questions about n10-004 network,you can comments on the article the autor publiced.

To support users who work at multiple computers, you can set up mcitp 2008 roaming user profiles. A roaming user profile is based at the server and is downloaded to the local computer every time a user logs on. In contrast to a local user profile, which resides on only one client computer, a roaming user profile is available at any workstation or server computer on the network. Changes made to a user’s roaming user profile are updated locally and on the server when the user logs off. This profile is created by a system administrator and is stored in a shared folder on a server.
The first time that a user logs on at a computer, Windows Server 2003 copies all documents to the local computer. Thereafter, when the user logs on to the computer, Windows Server 2003 compares the locally stored user profile files and the roaming user profile files. It copies only the files that have changed since the last time the user logged on at the computer, which makes the logon process shorter.
Mandatory User Profiles
To specify a profile for individuals or an entire group of users, you can set up mandatory user profiles. A mandatory user profile is a read-only roaming profile, based at the server and downloaded to the local computer every time a user logs on. It is available at any workstation or server computer on the network. Users can modify the desktop settings of the computer while they are logged on, but none of these changes are saved when they log off. The next time that the user logs on, the profile is the same as the last time that he or she logged on. Only system administrators can make changes to mandatory user profiles. The mandatory profile settings are downloaded to the local mcitp enterprise administrator computer each time the user logs on. You can assign one mandatory profile to multiple users who require the same desktop settings. If you need to change the desktop environment for this set of users, you can do so by changing only one profile.
Preferably, profiles should be managed by using Group Policy. Although mandatory user profiles are permitted, they are more likely to create administration problems. For information about Group Policy, see Chapter 11, “Administering Group Policy.”
Local User Profiles
A local user profile is based at the local computer and is available at only the local com?puter. When a user logs on to the client computer running Windows Server 2003, he or she always receives his or her individual desktop settings and connections, regardless of how many users share the same client computer. Windows Server 2003 automatically creates a local user profile the first time that a user logs on to a workstation or server computer. The local user profile is stored in the C:\Documents and SettingsX User_logon_name folder on the computer, where C is the name of your system drive and User_logon_name is the name the user types when logging on to the system.
A user changes his or her local user profile by changing desktop settings. For example, a user might make a new network connection or add a file to My Documents. Then, when a user logs off, Windows Server 2003 incorporates the changes into the user profile stored on the computer. The next time the user logs on to the local a certification exam computer, the new network connection and the file are present.

Read more on Roaming User Profiles…