A system administrator has to make sure that people who are authorized to have access to a network resource get it quickly and easily, but make sure that people who aren’t authorized cannot gain access, no matter how hard they try. This balancing act is made a little easier with the new Active Directory structure of Windows 2000.
The Microsoft Management Console (MMC), also discussed in Part I, is the primary way to manage accounts and resources in Windows 2000. The MMC itself is only a framework, but there are several components, called snap-ins, that provide the functionality needed to perform almost any administration task. The MMC is customized to include all the snap-ins that have been added to it.
There are three types of user profiles supported in Windows 2000: local, roaming, and mandatory. A local user profile is established automatically the first time a user logs in to a Windows 2000 computer. Whatever changes the user makes are stored in the local profile, so the next time they log in to that computer, the configuration will be the same as when they last logged out.
Roaming user profiles (RUP) allow a user to log in to any computer in the domain and be presented their personal settings. An administrator can store profile information on a server, rather than on a local machine, so when a user logs in, the configuration information is transferred to that computer. If the user makes changes to their profile, ...