Before you connect a workstation to the network, you must
create user accounts for all the individuals who will be logging on
using that workstation. The Windows SBS Console includes a link to the Add
A New User Account Wizard in the Getting Started Tasks list, as well as
on the Frequent Tasks And Community Links page and on the Users And
Groups page. The Users tab on the Users And Groups page also provides controls you can use to manage existing user accounts.
1. Creating a User Account
To create a new user account in the Windows SBS Console, use the following procedure:
-
Log on to your Windows SBS 2011 primary server using an account with
network Administrator privileges. The Windows SBS Console appears.
-
Click Users and groups, and make sure the Users tab is selected.
-
In the User tasks list, click Add a new user account. The Add A New User Account Wizard appears, displaying the Add A New User Account And Assign A User Role page.
-
In the First name and last name text boxes, type the name of the user that you want to add.
-
In the User Name field, select one of the suggested names from the
drop-down list or type a name of your own. The name that you specify
appears in the E-mail address text box.
Tip
If you select one of the suggested account names in the drop-down
list, the wizard remembers your selection and uses the same naming
convention when you create subsequent user accounts.
-
Add information to the Description and phone number text boxes, if desired.
-
In the User role drop-down list, select the role that you want to apply to the account and click Next. The Create A Password For Accessing Your Network page appears.
-
In the Password and confirm password text boxes, type a password that conforms to the requirements stated on the page.
Note
Windows SBS 2011 uses Group Policy settings to enforce the password
length and complexity requirements for domain user accounts. You can
modify these requirements by modifying the Password Policy settings in
the Default Domain Policy GPO.
Note
BEST PRACTICES In many cases, administrators assign the same temporary password
to all user accounts when they create them and then require the users
to supply their own passwords after they log on for the first time.
However, you can choose to assign a unique password to each user account when you create it and then supply the password to the user.
-
Click Add user account. The wizard creates the user account and the User Account [User Name] Has Been Successfully Added To The Network page appears.
Tip
Selecting the Do not show this text again check box streamlines the user creation process if you do not intend to add or assign a computer after creating
each user account. This page also contains links that enable you to
assign an existing computer to the user you just created or add a new
computer by proceeding directly to the Connect Computers To Your
Network Wizard.
-
Click Finish. The wizard closes, and the user account appears on the Users And Groups page.
As mentioned earlier, the Add A New User Account Wizard creates a new user object in the AD DS database, but it also performs the following tasks:
-
The wizard creates a folder, named for the user, in the
C:\Users\Shares folder on the server. This folder appears on the
network as \\server\UserShares, where server
is the name of your server. Everyone has the Allow Full Control share
permission for the UserShares folder, and each user has the Full
Control NTFS permission to his or her own folder. Users have no NTFS permissions for other users’ folders, but the Administrators group has the Allow Full Control permission.
-
The wizard creates a Microsoft Exchange Server mailbox for the user,
with a maximum mailbox size of 2 gigabytes (GB). Outlook Web Access is
enabled, as are the Messaging Application Programming Interface (MAPI), Post Office Protocol version 3 (POP3), and Internet Message Access Protocol (IMAP) client capabilities.
-
The wizard sets two storage quotas
for the user in the File Server Resource Manager Console: a 2-GB soft
quota, for the user’s Folder Redirections folder, and a 2-GB hard quota
for the user’s shared folder.
Note
MORE INFO In File Server Resource Manager, soft quotas merely warn the users when they reach their storage limit, while hard quotas prevent users from exceeding their limits.
-
The wizard sends an email to the user’s mailbox, welcoming the user to the domain.
-
The wizard adds the user account to several of the default groups
created by the Windows SBS 2011 setup program. The group memberships
are based on the user role you selected when creating the user. Table 1 lists the group memberships associated with each of the three default user roles.
Table 1. Group Memberships of the Windows SBS 2011 Default User Roles
| |
STANDARD USER |
STANDARD USER WITH ADMINISTRATION LINKS |
NETWORK ADMINISTRATOR |
|---|
|
All Users |
X |
X |
X |
|
Windows SBS Admin Tools Group | |
X |
X |
|
Windows SBS Administrators | |
X |
X |
|
Windows SBS Fax Administrators | | |
X |
|
Windows SBS Fax Users |
X |
X |
X |
|
Windows SBS Link Users |
X |
X |
X |
|
Windows SBS Remote Web Access Users |
X |
X |
X |
|
Windows SBS SharePoint_MembersGroup |
X |
X | |
|
Windows SBS SharePoint_OwnersGroup | | |
X |
|
Windows SBS SharePoint_VisitorsGroup | | | |
|
Windows SBS Virtual Private Network Users | | |
X |
