Special thanks to our member for creating this content: John Korduba
Contents
Q&A
Is a machine connected to a Domain or to a Workgroup?
Am I logged in to the domain or am I logged in locally?
How to know if you are logging in to the Domain
Q&A
Is a machine connected to a Domain or to a Workgroup?
Question: How can we tell if a machine is a Workgroup connected machine or a domain connected machine?
Answer: See steps following.
Right-click on the desktop
(menu displays)
Click System
(“Settings” screen displays)
Scroll down.
Click System Info.
In the “Computer name, domain and workgroup settings” area, “Workgroup” displays. So, this machine is part of a workgroup.
You could also enter “whoami” on the command line, as per below. (Press ENTER) No domain is listed.
If “helpdesk” user were on a machine that was joined to a domain, the netBIOS name would be listed as a prefix.
You could also enter “whoami /fqdn”on the command line (as per above) and press ENTER. The “ERROR: unable to get fully Qualified Distinguished Name…” message indicates that there is no domain.
Am I logged in to the domain or am I logged in locally?
Question: How can you tell if you are a local machine user, or a domain user?
Answer: See steps below.
At command line, type “whoami” and press ENTER.
(Results display)
“helpdesk” is a local user. There is no domain name preceding his name. “helpdeskdh” is a client machine name, not a domain.
How to know if you are logging in to the Domain
Sign out of your current account, if needed.
NOTE: If you sign in to the current (“helpdesk”) user account, you are logging in as a local user, not a domain user.
Click Other user.
(“Sign in to [domain name]” displays)
Put in your credentials.
Press ENTER.
(You are logged in).
Are you logged in to the domain?
At the command line, type “whoami” and press ENTER.
(Results display).
“helpdesk” is the user account. “helpdesk” is logged into the “dcdh0” domain.
Password policy
Question: How do I find out what a company’s password policy is?
Answer: See steps following.
Go to the server.
In Active Directory, open Administrative Tools.
Open Group Policy Management.
Expand the folders until Default Domain Policy is visible.
Select Default Domain Policy.
(“Group Policy Management Console” prompt may appear).
Click Okay.
(“Default Domain Policy” displays).
Click Settings tab.
(“Settings” tab displays)
Expand Security Settings.
Expand Account Policies/ Password Policy.
(Password policy displays).
Lockout Policy
Lockout Policy refers to a user account getting locked out as a result of some action – typically repeated unsuccessful login attempts.
Viewing the Lockout Policy
Go to the server.
In Active Directory, open Administrative Tools.
Open Group Policy Management.
Expand the folders until Default Domain Policy is visible.
Select Default Domain Policy.
Click Settings tab
Expand Security settings.
Expand Account Policies/ Account Lockout Policy.
(Lockout policy displays)
Enabling Lockout Policy
The lockout policy must be enabled.
Right-click Default Domain Policy.
(menu displays)
Click Edit.
(“Default Domain Policy [server name]” with sub-items displays)
Under “Computer Configuration” expand Policies.
(“Policies” sub items display).
Expand Windows Settings
(“Windows Settings” sub items display)
Expand Security Settings
(“Security Settings” sub items display).
Expand Account Policies.
(“Account Policies” sub items display).
Select Account Lockout Policy.
(“Account Lockout Policies” display in right pane).
In the right pane, double click Account lockout duration.
(“Account lockout duration” Properties displays.
Check Define this lockout setting.
Set lockout duration (e.g., “30”) in minutes field.
Click Apply.
(“Suggested Value Changes” prompt displays)
The lockout policy is connected with other lockout policies, which now need to be updated.
If you agree with the suggested changes, click OK.
The lockout policy will implement following a reboot.
Forcing the Lockout policy
Normally, the lockout policy will implement upon either reboot, or when the user logs out and back in.
To force the Lockout policy, follow these steps.
In the Command line, enter “gpupdate /force”.
Press ENTER.
(Policy is implemented).
Q&A
User is locked out.
Question: How to unlock a locked user account?
Answer: See steps below.
In Active Directory, open user account.
Right-click the account
(Menu displays.)
Click Properties.
(“[Username] Properties” dialog box displays).
Click Account tab.
Check Unlock account.
Click Apply and OK.
Special thanks to our member for creating this content: John Korduba
0 responses on "IT Support Skills | Assorted Topics and Questions"