System Administration and Maintenance (Module 3) PDF

Summary

This document is a module on system administration and maintenance, specifically focusing on user and group management. It covers topics such as learning outcomes, overview of user accounts, components of user accounts, groups, and importance of secure user management.

Full Transcript

Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

MODULE 3: User and Group Management

I. Learning Outcomes
By the end of this session, students should be able to:
1. Learn how to create, modify, and delete users and groups.
2. Understand the importance of user management in system security.
3. Be able to implement basic access control measures.

II. Overview of User Accounts
A user account is a collection of information that enables a user to access
computer system resources and perform operations. Each account is uniquely identified
by credentials, which includes essential details like username, password, and user-
specific settings, allowing users to perform tasks within their assigned permissions.

Components of User Accounts
1. Username is a unique identifier assigned to each user. It's how the system
recognizes and differentiates users.
2. Password is a secret key that, when paired with the username, grants access to
the user's account. Passwords should be strong to prevent unauthorized access.
3. User ID (UID) is a unique numerical identifier assigned to each user. This is used
internally by the system to reference the user account.
4. Group ID (GID) is a unique numerical identifier assigned to the user's primary
group. We can use this to determine the default group permissions for the user
account.
5. Home Directory is the directory where a user's personal files and settings are
stored. This provides a dedicated space for storing user-specific data.
6. User-specific Settings are preferences and configurations unique to each user.
It customizes the user experience, including desktop settings, application
preferences, and more.
7. Account Expiry is the date after which the user account becomes inactive. It is
useful for temporary accounts or managing access over time.
8. Comments/Description are additional information about the user, such as full
name or role. This provides context and details about the user account, aiding in
identification and management.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

Types of User Accounts
 Administrator Accounts have full access to the system, allowing users to install
software, manage settings, and perform administrative tasks.
 Standard User Accounts have limited access, primarily intended for personal use
and basic operations.
 Guest Accounts are designed for temporary access, these accounts are used by
individuals who do not have a permanent account.

Purpose of User Accounts
The purpose of user accounts is twofold:
1. Personalization
 Allows users to customize their environment.
 Preferences and settings are saved and restored every time the user
logs in, making the experience consistent across sessions.
2. Security: Each user is isolated with their permissions, preventing unauthorized
access to sensitive resources.
 Segregates users and their permissions.
 Protects sensitive data and resources by restricting access based on
user roles and privileges.

III. Groups
A group is a collection of user accounts managed as a single unit.
Groups simplify permission management by assigning permissions to all users within the
group rather than individually.

Common Groups
 Administrators
o Users with administrative privileges.
o Capable of managing system-wide settings, install software, configure
network settings, manage user permissions.
o Typically reserved for IT personnel or trusted users.
 Users
o Regular accounts with basic permissions for day-to-day activities.
o Capable of running applications, access personal files, modify personal
settings.
o However, they cannot alter system-wide settings, install software affecting
all users.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

 Guests
o Users with restricted permissions, designed for temporary access.
o Capable of basic access to applications and files.
o Cannot install software, change settings, or access sensitive data.

Other Important Groups
 Power Users
o Users who need more privileges than standard users but not full
administrative rights.
o Capable to install and run software, change time and date settings.
o Cannot modify system files or settings.
 Remote Desktop Users
o Users who need access to the system via remote desktop.
o Capable of remote access to the system, perform tasks as allowed by
their permissions.
o Typically used by employees working remotely or IT staff for maintenance

Purpose and Benefits of Using Groups
1. Efficiency in Management
 Simplifies the process of assigning and revoking permissions.
 Reduces the risk of human error when managing permissions individually.
2. Security
 Ensures users have only the permissions necessary for their role.
 Minimizes the risk of unauthorized access or accidental changes to syste
m settings.
3. Scalability
 Easily accommodate new users by adding them to existing groups.
 Streamlines the onboarding process for new employees.
4. Consistency
 Ensures uniform application of permissions across all users in a group.
 Maintains a standard security posture within the organization.

IV. Permissions and Access Control
Permissions dictate the actions that users or groups can perform on system
resources like files or directories. They form the backbone of system security, ensuring
specific types of users have the appropriate level of access to perform their tasks without
compromising the system's integrity.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

Types of Permissions
1. Read (R)
 Grants users the ability to view the contents of a file or directory.
 Example: Viewing a text document, listing the files in a directory.
2. Write (W)
 Allows users to modify, add to, or delete a file or directory.
 Example: Editing a document, adding new files to a directory, deleting a
file.
3. Execute (X)
 Permits users to run a file as a program or script.
 Example: Executing a script to perform automated tasks, launching a soft
ware application.

Levels of Access Control
1. Owner/Creator
 Full Control: Often has all permissions (read, write, execute) on the files
they create.
 Responsibilities: Can change permissions for other users.
2. Group
 Shared Access: Permissions granted to a group of users.
 Example: A team working on a project might have read and write
permissions on the project directory.
3. Others/World
 General Access: Permissions granted to all other users on the system.
 Example: Publicly accessible files might have read permissions for all
users.

Applying Permissions
1. Access Control Lists (ACLs)
 Detailed lists specifying the permissions of individual users or groups.
 Example: An ACL might specify that User A can read a file, User B can
write to it, and User C can execute it.
2. Role-Based Access Control (RBAC)
 Permissions are assigned based on user roles within the organization.
 Example: An admin role might have full access to all systems, while a
guest role has minimal access.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

3. Mandatory Access Control (MAC)
 Enforces strict policies set by the system administrator, often used in high
ly secure environments.
 Example: Military or government systems where access is based on
security clearance levels.

V. User Profiles
A user profile encompasses personalized settings and data for an individual user,
including desktop settings, application preferences, and personal files.
User profiles are essential for maintaining a seamless, secure, and efficient user experie
nce across different sessions and devices. They ensure that users can personalize their
environment, access their data securely, and work productively.

Components of a User Profile
1. Desktop Settings
 Includes wallpaper, screen resolution, icon arrangement, and themes.
 Purpose: Customizes the visual interface to suit user preferences,
enhancing usability and comfort.
2. Application Preferences
 Settings specific to software applications, such as browser
bookmarks, email client configurations, and productivity tool settings.
 Purpose: Ensures applications work in a way that's most efficient and
comfortable for the user, streamlining tasks and workflows.
3. Personal Files
 Documents, images, videos, and other personal data stored in user-
specific directories.
 Purpose: Keeps user data organized and easily accessible, ensuring
privacy and security by isolating personal files from other users on the
system.
4. Profile Data
 Information about the user's activities, such as recent documents,
browsing history, and application usage.
 Helps in restoring the user's session and preferences.
5. User-Specific Registry Settings
 Configuration settings stored in the Windows Registry, specific to the user
 Defines user-specific system and application behaviors.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

6. Account Information
 Usernames, user IDs (UIDs), and other account-specific information.
 Identifies and authenticates the user within the system.

Importance of User Profiles
1. Consistency Across Sessions
 Maintains a consistent user experience by storing and applying user-
specific settings and preferences each time the user logs in.
 Example: A user logs in and finds their desktop exactly as they left it,
with all open applications and files restored.
2. Personalization
 Allows users to customize their digital workspace to their liking.
 Example: Custom toolbars, preferred color schemes, and application
settings tailored to individual work habits.
3. Security
 Enhances security by isolating user environments.
 Example: Prevents unauthorized access to personal files and settings,
protecting sensitive information.
4. Productivity
 Increases productivity by providing a familiar and optimized working
environment.
 Example: Quick access to frequently used applications and files,
reducing time spent on configuration and setup.

User Profile Management
1. Creation and Initialization
 Profiles are created when a new user account is established. Initial
settings may be based on default templates.
 Example: A new employee starts and logs in for the first time, triggering
the creation of their user profile.
2. Customization and Preferences
 Users adjust settings and preferences to suit their needs.
 Example: A user changes their desktop background, sets up email filters,
and saves bookmarks.
3. Backup and Recovery
 Profiles can be backed up and restored to prevent data loss.
 Example: A user profile is saved to a cloud service or external drive,
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

allowing it to be restored in case of system failure.
4. Profile Roaming
 In networked environments, profiles can be configured to follow users
across different machines.
 Example: A user logs into any computer within a corporate network and
accesses their personalized settings and files.

VI. Importance of Secure User Management
1. Protecting Sensitive Data
 For data integrity, an effective user management ensures that only
authorized users can access sensitive information. This helps in
maintaining the accuracy and consistency of the data over its lifecycle.
 For data confidentiality, by limiting access to authorized personnel only,
organizations can prevent sensitive information from being exposed to
unauthorized users, thereby protecting confidentiality.
2. Preventing Unauthorized Access
 By effectively managing user accounts, groups, and permissions,
organizations can set up robust access controls. This minimizes the risk of
unauthorized access to systems and data.
 By effectively managing user accounts, groups, and permissions,
organizations can set up robust access controls. This minimizes the risk of
unauthorized access to systems and data.
 Adds an extra layer of security by requiring two forms of verification before
granting access, further preventing unauthorized access.
3. Accountability
 Proper management includes keeping detailed logs of user activities. This
is crucial for tracking user actions, identifying suspicious behavior, and in
vestigating security incidents.
 Many industries are subject to regulatory requirements that mandate strict
user management practices. Compliance ensures that the organization a
dheres to legal standards, avoiding fines and legal issues.
 Knowing who accessed what and when is vital for incident response and r
ecovery efforts. It allows organizations to quickly pinpoint the source of an
issue and take corrective action.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

Practical Steps for Secure User Management
1. Regular Audits
 Conduct regular audits to review user access rights and ensure they align
with current job responsibilities.
 Revoke access for users who no longer need it, such as former
employees or those who have changed roles.
2. User Training
 Educate users on the importance of strong passwords, recognizing
phishing attempts, and following security policies.
 Regular training helps users understand their role in maintaining security.
3. Automated Tools
 Utilize automated tools for identity and access management (IAM) to
streamline the process of managing user accounts and permissions.
 Automation reduces the risk of human error and ensures consistency in
applying security policies.
4. Password Policies
 Implement strong password policies, such as requiring complex
passwords and regular updates.
 Encourage the use of password managers to securely store and manage
passwords.

VII. User Management in Windows
User and group management is a fundamental aspect of system administration,
ensuring secure and organized access to system resources. In windows, users are
managed through Command Prompt, PowerShell, or Graphical User Interface (GUI).

User Identification
 User Accounts, identified by usernames.
 Groups are collections of user accounts for easier management of permissions.

Using Administrator: Command Prompt
1. net user [username] [userpassword] /add
 This command is useful for adding a new user.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

Common Options:
 /fullname:"Full Name" is an option that sets the full name of the user.
 /comment:"User Description" is useful when adding a description or
comment about the user.
 /expires:MM/DD/YYYY sets the account expiry date (not directly available,
handled via GUI).
 /passwordchg:yes/no determines if the user can change their password.
 /logonhours:times sets permitted logon hours.
 /homedir:directory specifies the user’s home directory.
 /profilepath:path specifies the user profile path.

2. net user [username] [newpassword]
 Modifying a User (e.g., Changing the Password)

3. net user [username] /delete
 This command is useful for deleting a specific user’s details.

4. net user
 Listing all users currently in the system.

5. net user [username]
 View the details of a specific user.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

VIII. Group Management in Windows
1. net localgroup [groupname] /add
 For creating a new group.
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

2. net localgroup [groupname] [username] /add
 For adding a user to a group.

3. net localgroup [groupname] [username] /delete
 To remove a user from a group.

4. net localgroup [groupname] /delete
 To delete a group.

5. net localgroup
 Viewing all groups.

IX. Assessment Tasks
 Republic of the Philippines
BOHOL ISLAND STATE UNIVERSITY
Magsija, Balilihan, 6342, Bohol, Philippines
Office of Instruction
Balance I Integrity I Stewardship I Uprightness

System Administration and Maintenance

o Assignment
o Activity
o Quiz