Aug 5

New User

Server 2008 R2 Workstation , , , Add Comment (5)

For security reasons it’s wise to not work on an Administrator account during your daily work and/or entertainment. In the following steps will be explained how to create a new (limited) user which also has permission to shutdown the computer.

1. In the Start menu click Run and type control userpasswords2.
User Accounts Manager (more advanced via lusrmgmt.msc)

2. In the User Accounts window which comes up click Add, fill in the User name and optionally Full name and Description fields and click Next.
Add New User window

3. Fill in a password twice and click Next.
Enter password twice

4. In the ‘level of access’ screen choose Standard User to create a limited account to work with which is recommended from a security perspective, then click Finish to add the user!
Choose type of user account

Shutdown Permission

5. If you selected Standard User as level of access, you have to give non-Administrator users permission to shutdown the PC. To do this click Run in the menu Start, then type gpedit.msc and click OK. In the Local Group Policy Editor browse to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment. In the right pane scroll to Shut down the system.
"Shut down the system" policy in the Group Policy Editor

6. Double click the Shut down the system policy and click Add User or Group.
Add User or Group

7. Enter INTERACTIVE to give all users which can login into the Windows Desktop permission to shut down. If you don’t want to allow all interactive users to shutdown the pc you can also enter the username of the user you want to give permission to shut down. After entering the group or username click OK twice to save the Shutdown policy change.
Allow INTERACTIVE or a user to shutdown the computer

Permission to burn CDs and DVDs

8. Now browse to Computer Configuration -> Administrative Templates -> System -> Removable Storage Access.
Removable Storage Access

9. Double click the CD and DVD: Deny write access policy, set it to Disabled and click OK.
CD and DVD: Deny write acces

 

Continue to configure Automatic Logon of a user or skip it and continue to remove password restrictions


5 comments so far...

  • GMan Said on February 23rd, 2010 at 10:46 am:

    Added new user (Standard), click “finish”, and immediately crashed the New User App.

    Check to see if an account was created, no,
    Notice “User Account Control” was active (Default)
    Will attempt again after deactivating

    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: netplwiz.exe
    Application Version: 6.0.6001.18000
    Application Timestamp: 47918e62
    Fault Module Name: ntdll.dll

    Fault Module Version: 6.0.6002.18005
    Fault Module Timestamp: 49e03821
    Exception Code: c0000005
    Exception Offset: 0002dc6e
    OS Version: 6.0.6002.2.2.0.272.7
    Locale ID: 1033
    Additional Information 1: ab07
    Additional Information 2: 0c42daa3c648561d1d27116fcd5c2ca7
    Additional Information 3: 8b58
    Additional Information 4: 3c48300a8cc64574eaa586e67b5c59b7

  • GMan Said on February 23rd, 2010 at 11:14 am:

    It crashed again. So I just added user thru “add user”

    Arris: That’s a good alternative indeed, but it’s weird netplwiz crashes when adding a new user…

  • Daniel Said on February 25th, 2010 at 3:58 am:

    Had the same thing happen to me – looks like it crashes if you attempt to make a user with a password that doesn’t meet the complexity requirements.

  • Spark99 Said on September 20th, 2010 at 5:30 am:

    I Administer Server 2008 R2 Servers at work and I can tell you the best way to add users is to hit Ctrl+Alt+Del > Add User from the Grey Screen.

    Then go to Computer Management > Local Users and Groups and Tweak the Settings for the Group and User.

    Then the Group Policy Editor to add any additional permissions.

    Sets up a cleaner User Environment.

  • Spark99 Said on September 22nd, 2010 at 1:47 am:

    Sorry… I meant to say that the best place to change Passwords is at the Login Screen

    Arris: That’s indeed the quickest method to change a users’ password: just one key combination and one click :)

leave a reply