Users have all sorts of strange requests or habits when it comes to using resources provided for them. This tip lists the five major habits that users have when using network resources for both Windows NT/Windows 2000 and ways to deal with them.
Most company policies require that users be prompted to change their logon passwords at a minimum of every 30 days. When a user changes a logon password, they have a tendency to write it down somewhere in order to avoid forgetting it; alternatively, users make the password as simple as possible to remember. You have to educate your users about the importance of password protection, which is only one step in protecting the company's data. Employees should protect their passwords in the same way they protect the PIN number on their credit cards. Although the following points have been discussed time and again mentioning them again would not hurt:
- User account passwords should be at a minimum of eight characters in length.
- The user account should lock out after three unsuccessful attempts at logging on.
- Only the administrator should unlock a user account.
- Don't set a user-account password that never expires.
- Never let users write passwords on sticky notes.
Not logging off from a workstation
Users often have a tendency not to log off from their workstations. This is especially egregious at the end of the workday. As a form of security, they may have a screen-saver password, but this can be easily bypassed. Establishing hours of logging off for user accounts can help reduce the number of users that are still online at the end of the workday. In Windows NT/2000, you can specify hours of logon/logoff for each user account.
Ownership of files/folders
Users like to have ownership of files/folders in their home directories; they don't want to have anyone else poking into their folders for information that they consider private. The only other account that should have access to files/folders on the network servers is the administrator account. Security should never be compromised when it comes to securing users' data. Ensuring that ownership rights are assigned to the right folders can greatly improve user confidence.
Many users, especially the computer-savvy ones, may have a problem being a member of the Standard Users group. To them, this is a limitation in itself. Belonging to the Power Users group will grant them many more privileges. As an administrator, you are the judge of which group users should belong to.
If you want to assign a user to the Power User group, but you want to remove the ability of that user to create user accounts on the workstation, perform the following steps:
- Go to Control Panel.
- Open Administrative Tools.
- Launch the Computer Management Application.
- Open the Local Users Groups snap-in.
- Double-click on Power Users located in the right pane.
- Select NT AUTHORITYINTERACTIVE and click Remove.
Browsing the Network Neighborhood
Users like to browse the network through Network Neighborhood in their quest for any visible shares present on any workstation or server. But you might not want all users to be able to see all shares. We know of course that you can hide shared folders through the use of the $ symbol. However to hide an entire server from the browser list perform the following steps:
In Windows NT or Window 2000 Server, go to the command prompt and the type the following:
NET CONFIG SERVER /HIDDEN: YES
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
This was first published in September 2002