70-282 Exam Cram: SBS 2003 User Templates

Good Monday to you! I am the publisher of the Microsoft Small Business Specialist Primer book that is typically used for the 70-282 exam cram. I like to hold virtual book readings like this 🙂 by posting up a passage or two. BTW – my SBS 2008 book is here – so rock on!

Small Business Server User Templates

The “SBS experience” is kinda like a popular USA beer commercial: “Tastes great and is less filling.” SBS has been maligned in a marketing sense in the haughty enterprise community because it looks like a toy and it’s too easy. However, don’t let the pretty SBS interface fool you. Some very sophisticated concepts (that’s the “tastes great” part of the beer commercial) are being applied via simple-to-use (and we state MUST USE) SBS-specific tools. One such tool set is the SBS User Templates, which contribute favorably to the SBS experience (and make it easier to use).

IMPORTANT: There is really no need to go into Active Directory via the Active Directory Users and Computers snap-in to create users and apply settings. There is nothing to stop you from using the Active Directory Users and Computers console. However, we’re here to discourage you from such under-the-hood shenanigans unless spe­cifically called for by a guru or Microsoft Product Support Service (PSS). Take a look at figure 6.2, which is a screen cutout of Active Directory on an SBS server. Note the MyBusiness OU and its sub­OUs, Computers, Distribution Groups, Security Groups, and Users, which has another OU SBS Users nested below it. The SB team set up these OUs on purpose and all objects (users, computers, etc.) created using SBS wizards will be placed in these OUs, which have Group Policies applied to them. Hence, if you were to create a user using the Active Directory Users and Computers console and not an SBS wizard, that user account would end up in the Users container on the bottom of the cutout, and none of the pre-configured SBS Group Policies would apply to this container.

Default User Templates

User Templates, selected from the Template Selection screen of the Add User Wizard (Figure 6.2), specify many account properties and permissions when selected for the user you are creating. There are four user templates by default in SBS 2003 and these are defined in Table 6.1. With the default four user templates, all properties like group membership, SharePoint site groups, and disk

quotas have already been set. Remember that the Add User Wizard is launched from the Add Users and Computers link from the To Do List (accessed via the Server Management console).

Figure 6-2

Observing user templates.

User Templates

I can’t imagine things getting any easier than this. SBS comes with four preconfigured user templates that determine the user rights and permissions. Just in case they do not work for you, they can be easily modified or you can create a new user template by using the User Template Wizard to fit your organization’s needs. But let’s take a look at the four basic templates first:

User Template allows access to:

o Internet.

o E-mail.

o Shared Folders.

o Printers and faxes.

o Remote Desktop (to a Windows XP client, not a server).

Chapter 6Securing Windows Small Business Server 2003

·          Mobile User Template has all the permissions from the user tem­plate plus:

o VPN and dial- up access permissions.

·          Power User Template has all the permissions from the mobile tem­plate, plus:

o Perform delegated tasks such as manage users, groups, printers, shared folders, and faxes.

o Log on remotely to the server, but cannot log on locally.

·           Administrator Template:

o Unrestricted system access.

User Templates can be migrated by using the Export Templates link and then imported at another site with the Import Template Wizard. Users should be managed by use of the Change User Permission Wizard, which changes permissions by assigning a new user template to a user. When assigning permissions with this wizard, you remove all previously assigned permissions from the user account and grant the new permission settings, which encompass changes to the security group membership, distribution group membership, access to WSS, and disk quotas.

IMPORTANT: Only a domain administrator can create and modify User Templates. However, when creating user accounts, you can assign Power Users the right to use a custom template.

Take another look at figure 6.2. You may select the Display selected template’s default settings in the wizard checkbox to show how all of the above settings are applied. Very cool. You may also select the Do not use a template to define user settings radio button to effectively add a user the non-SB S way. Very uncool! Another thing that is very uncoool is that if you add a user directly to Active Directory, you do not participate in the SBS user template concept.


Harry Brelsford, CEO at SMB Nation (www.smbnation.com)

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here!


Leave a comment

Filed under Book

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s