Local Users And Group


It allow us to login the system it is the authenticated person to access the services according to the assigned limit.

According to domain users there are two types of users.

  • Local Users (Local users are created on local machine and only can login on local machine.)
  • Domain Users (Created on domain controller on "ex-PDC,ADC" and can login in any where in the domain environment or clients of domain )


It is the collection of users and objects.

Note:- Policy are applied on -Group, Organization but
             Permission applied -on users.

Types of Accounts 

  • Administrator    -Full Permision.
  • Limited Access  -Limited Permision.
  • Guest Account  -Work as Guest.


Types Of Built-In Groups 

  • Administrator
  • Account Operator
  • Backup Operator
  • Print Operator
  • Remote Operator
  • Domain User


User Profile

It stores the personal settings of the user like My Documents, My Pictures

Desktop etc.

There are two types of users as i said earlier.

Local User (There are only one type of Local User Profile)

  1. Local Profile.


Domain User (There are three types)

  1. Local Profile.
  2. Romaing Profile.
  3. Mandatory Profile (It is also a type of Roaming Profile)

Note:- Profile creates when users login first
          SAM is a name of file which is responsible for profile settings

          NATUSER.DAT is also a file name which is responsible for user                          settings.




Creating The Roaming Profile Of Domain User



    • Create an user in Active Directory
    • start
    • run
    • dsa.msc (enter)
    • expand domain name
    • right click on user folder
    • click new user (enter the details of user like-user name,password and user attributes)
    • next
    • now create a share folder in NTFS drive and give the full permissions
    • now go to Active Directory user and computer wizard
    • right click on user properties
    • click on profile tab
    • and fill the following details
      Profile Path:-\\ip address of file server\share folder name\user name
      Local Path:-C:\share folder name (C:\ is the drive where shared folder exists)
    • apply
    • ok
    • now go to the client of domain and login with the domain user
    • finish




Converting The Roaming Profile Into Mandatry Profile


    • login with the administrator account and give the permission allow log on locally to the Domain user from the group policy for make the member of print operator group from Active Directory user and computer
    • start
    • dsa.msc
    • expand domain name
    • click on Built-In Groups
    • right click and properties of print operator
    • click members
    • add (enter the name of user and click check names)
    • ok
    • apply
    • ok
    • log off and login with the Domain user
    • now go to home folder of user profile
    • right click on profile folder
    • properties
    • security
    • edit
    • add and check the name of administrator
    • ok
    • give the full permision
    • apply
    • ok
    • log off and login with the administrator
    • now go to home folder of user profile
    • double click on profile folder
    • tools
    • folder options
    • view
    • show hidden files and folders
    • and uncheck
    • show hide extension
    • show hide protected
    • ok
    • apply
    • ok go to the folder and you can see the file NTUSER.DAT
    • right click and convertit into NTUSER.MAN
    • now remove the user from printer operator group
    • now go to the client machine and login with the domain user now your setting of the desktop or any other setting will not be save
    • finish