• Mail Server: Installs a basic POP3 and SMTP server for e-mail. • Terminal Server: Allows other users to run applications on the server via the network. • Remote AccessVPN Server: Enables dialup and VPN connections. • Domain Controller: Enables Active Directory and designates the server as a domain controller. • DNS Server: Enables the DNS server for DNS name resolution. • DHCP Server: Enables the DHCP server to dynamically assign IP addresses to client computers. • Streaming Media Server: Enables the Streaming Media Server. • WINS Server: Enables the WINS server for Windows-based name resolution. Managing User Accounts Every user who accesses a network must have a user account. User accounts let you control who can access the network and who can’t. In addition, user accounts let you specify what network resources each user can use. Without user accounts, all your resources would be open to anyone who casually dropped by your network. Figure 19-2: Configuring server roles. 253

Chapter 19: Windows Server 2003

Understanding Windows User Accounts User accounts are one of the basic tools for managing a Windows server. As a network administrator, you’ll spend a large percentage of your time dealing with user accounts: creating new ones, deleting expired accounts, resetting passwords for forgetful users, granting new access rights, and so on. Before I get into the specific procedures of creating and managing user accounts, this section presents an overview of user accounts and how they work. Local accounts versus domain accounts A local account is a user account stored on a particular computer; the account applies only to that computer. Typically, each computer on your network will have a local account for each person who uses that computer. In contrast, a domain account is a user account that’s stored by Active Directory and can be accessed from any computer that’s a part of the domain. Domain accounts are centrally managed. This chapter deals primarily with setting up and maintaining domain accounts. User account properties Every user account has a number of important account properties that specify the characteristics of the account. The three most important account proper- ties are: ⻬ Username: A unique name that identifies the account. The user must enter the username when logging in to the network. The username is public information. In other words, other network users can and often should find out your username. ⻬ Password: A secret word that must be entered in order to gain access to the account. You can set up Windows so it enforces password policies, such as the minimum length of the password, whether the password must contain a mixture of letters and numerals, and how long the pass- word remains current before the user must change it. ⻬ Group membership: Indicates the group or groups to which the user account belongs. Group memberships are the key to granting access rights to users so they can access various network resources, such as file shares or printers, or to perform certain network tasks, such as cre- ating new user accounts or backing up the server. Many other account properties record information about the user, such as the user’s contact information, whether the user is allowed to access the system only at certain times or from certain computers, and so on. I describe some of these features in later sections of this chapter, and some are described in more detail in Chapter 4 of this book. 254 Part IV: Network Operating Systems The Administrator account Windows comes with a built-in account named Administrator that has com- plete access to all the features of the server. As a network administrator, you’ll frequently log on using the Administrator account to perform mainte- nance chores. Because the Administrator account is so powerful, you should always enforce good password practices for it. In other words, don’t use your dog’s name as the Administrator account password. Instead, pick a random combination of letters and numbers. Then change the password periodically. For an account of password policymaking that only a spymaster or a network administrator could love, take a good look at Chapter 13. Write down the Administrator account password, and keep it in a secure loca- tion. Note that by “secure location,” I don’t mean “taped to the front of the monitor.” Keep it in a safe place where you can retrieve it if you forget it, but where it won’t easily fall into the hands of someone looking to break into your network. Creating a New User To create a new domain user account in Windows Server 2003, follow these steps: