SR

ITEC 325 - Systems Administration & Maintenance

USER MANAGEMENT & ADMINISTRATION

USER ACCOUNT TYPES

  • User accounts are essential for authenticating, tracing, logging, and monitoring services across various Operating Systems (OS).

  • Upon installation of an OS, several essential user accounts are created automatically, categorized into four types:

    • System Account

    • Administrator/Super User Account

    • User Account

    • Guest Account

SYSTEM ACCOUNTS

  • Definition: System accounts are utilized by various services within an operating system to access system resources.

  • Function: These accounts verify whether a service requesting access is authorized.

  • Creation: Typically, these accounts are created by the services themselves during installation.

  • Security Note: Security best practices mandate that these accounts should not permit interactive login to enhance security.

ADMINISTRATOR/SUPER USER ACCOUNT

  • Definition: This account type holds the highest privileges within the OS.

  • Capabilities: Administrators can perform a wide range of privileged tasks, including but not limited to:

    • Changing system files

    • Installing and removing software

    • Starting/stopping services

    • Creating and deleting user accounts

  • Terminology:

    • Windows: Administrator

    • Linux: Super User (SU) or Root

  • Fun Fact: The command sudo in Linux stands for Super User DO.

USER ACCOUNTS

  • Definition: A user account that holds moderate privileges, which depend on the user's role within an organization.

  • Limitations: Users of this account type cannot modify system files or properties. They can perform tasks like:

    • Creating files and folders

    • Running applications

    • Customizing environment variables

  • Role Assignment: Accounts can be assigned to individuals or roles according to organizational needs. Different configurations may apply, such as for educational institutions:

    • Faculty

    • Staff

    • Students

GUEST ACCOUNT

  • Definition: This account type comes with the lowest privileges, designed for short-term, limited access to system resources.

  • Capabilities: Users can engage in activities like browsing the internet, watching movies, and playing games, but cannot modify system files.

  • Authentication: Guests do not require a password or unique login to access the system, allowing for anonymous usage.

  • Creation:

    • Windows: Created automatically during OS installation but is disabled by default.

    • Linux: Requires manual creation if needed.

LOCAL ACCOUNTS VS. NETWORK ACCOUNTS

  • Local User Accounts:

    • Definition: Provide access and privileges on an individual (local) computer or server.

    • Existence: The account exists solely on the specific device and can take any of the four previously mentioned roles.

  • Network User Accounts:

    • Definition: Provide access and privileges across computers and servers in a corporate network.

    • Existence: These accounts exist on a central management server, allowing access to multiple systems.

  • Terminology:

    • Windows Network Accounts: Domain Accounts

    • Unix/Linux: Shell Accounts

GROUP TYPES

  • Purpose: To manage user accounts and their privileges more efficiently, using groups is a recommended best practice for Systems Administrators.

  • Description: Groups combine users with similar attributes into manageable organizational units. Attributes can include:

    • Work location

    • Position

    • Shift

    • Department

  • Types: Groups can be either local or networked.

  • Permission Assignment: It is recommended that permissions be assigned at the group level rather than at the individual user account level.

BUILT-IN VS. USER CREATED (CUSTOM)

  • Built-in Accounts:

    • Definition: Accounts or groups pre-configured as part of the OS/system installation, equipped with specific privileges.

  • User Created Accounts:

    • Definition: Accounts or groups tailored by an administrator to better fit the needs of specific users or groups they serve.

  • Existence: Both built-in and user-created accounts and groups can exist on local or network servers.

MANAGE LOCAL ACCOUNTS

  • Tools: Operating systems include built-in tools for managing local user and group permissions (authorization).

  • Permissions: These permissions dictate the type of access a user or group possesses, such as:

    • Read-only access

    • Read/write access

  • Terminology:

    • Also referred to as "user/group rights,"

    • Additionally known as "user/group authorizations" and "user/group privileges."

  • Examples of Tools:

    • Windows: Local Group Policy & Local Security Policy

    • Unix/Linux: Settings & Shell

MANAGE NETWORK ACCOUNTS

  • Distinct Requirement: Unlike local accounts and groups, network accounts necessitate a Directory Server within the network.

  • Directory Servers:

    • Function: They act as a central repository for storing and managing various forms of information, including:

    • Identity profiles

    • Access privileges

    • Application and network resources

    • Printers, network devices, and manufactured components

  • Examples of Directory Servers:

    • Windows: Domain Controller with Active Directory, Group Policy

    • Unix/Linux: Samba 4, OpenLDAP, FreeIPA

  • Note: It’s customary for Windows Domain Controllers to manage directory services for networks containing Linux servers.

ONBOARDING

  • Definition: In human resources, onboarding refers to the systematic process of introducing newly hired employees into an organization.

  • Importance: It plays a crucial role in helping employees comprehend their new position and job responsibilities.

  • System Administrator's Role: Administrators are responsible for account creation and provisioning within this onboarding process.

OFFBOARDING

  • Definition: Offboarding denotes the formal process of separation between an employee and a company due to resignation, termination, or retirement.

  • System Administrator's Responsibility: Administrators are tasked with de-provisioning user resources during offboarding.