 | Once you have configured the Active Directory: Before other users can connect via the network to a Windows 2000 server, they need to be configured in the “Active Directory Users and Computers“ Select in the left window the option for “Users“, which will display the list of pre-defined : –  users–  groups.Different levels of permissions are assinged to a group, a User is assigned these permissions by being a member of a group with the permissions. |
 | To create a new user, either make a Right-Click on “Users” in the left window or select from the menu: “Action” “New” / “User“ |
 | a wizard is prompting for the information of the new user: – your name (first, initial, last) – your Logon name the logon name can be different for on Windows2000 systems (full username in my example: [email protected], which could be the same as your Internet e-mail address) and pre-Windows2000 systems (using the NetBIOS domain-name, in my example: JHHOME\jhelmig) . |
 | On the next screen, you need to define the password to be used for the logon, and whether the user will be required to change the password at the next logon: you as administrator have entered the initial password, so if the user is not changing the password, you could logon under that name and have access to the data of the user. (security issue). Forcing the user to define a new password make sure that only that user has access to his data (unless the administrator uses “brut force and take Ownership of the data ) |
 | All information is collected and displayed for verification. Select “Finish” to create this new user. |
 | To view / modify the information for a user, display the Properties. There a 12 information tabs ! I will only show here a few of them. |
 | tab: “Account“ User names and account options |
 | tab: Profile Defines a script to be executed on the client-computer when making a logon to the domain (this script is to be stored in the NETLOGON – share, more info below). Definition of the HOME-directory/Folder. |
 | tab: Member Of Allows to add/delete the user to Groups |
 | tab: Dial-in Defines whether a user is allowed to connect to the server via a dial-in using a modem or VPN-connection (usually required for traveling personal to get access to their company- e-mail, like using Outlook to connnect to a MS-Exchange server) |
 | tab: Environment used to configure the setting for Terminal Services |
If you defined on the tab: Profiles to use Logon-scripts, then you need to store these script-files
in the NETLOGON-share for the client systems to be able to locate and execute these scripts.
By default, the NETLOGON-share is Read-only, so you should create/modify the scripts to the
NETLOGON-share folder via the file-system (using Windows Explorer or “My Computer” ).
To identify the location of the NETLOGON-share on your system, check in the Control-Panel
in “Computer Management” / “System Tools” / “Shared Folders” / “Shares“:
The NETLOGON-share will be defined on the NTFS-disk-partition defined during the
configuration of the Active Directory(in my example: on my F-drive).
