ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahq_5.4.0.1/rzahqctmpi.htm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights                   -->
<!-- Use, duplication or disclosure restricted by            -->
<!-- GSA ADP Schedule Contract with IBM Corp.                -->
<meta name="dc.date" scheme="iso8601" content="2005-09-13" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Create user templates</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link --> 
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>


<a name="rzahqctmpi"></a>
<h2 id="rzahqctmpi">Create user templates</h2>
<p>A user enrollment template is a tool to help you enroll users from i5/OS&trade; to the Windows environment more efficiently. Rather than manually configuring
many new users, each with identical settings, use a user enrollment template
to automatically configure them. You can learn more about user enrollment
templates at <a href="rzahqtmcco.htm#rzahqtmcco">User Enrollment Templates</a>.</p>
<p>Follow these steps to create a Windows template:</p>
<p><span class="bold">For a Windows 2000 Server or Windows Server 2003 domain:</span></p>
<ol type="1">
<li>At the integrated server console click <span class="bold">Start &mdash;>
Programs &mdash;> Administrative Tools &mdash;> Active Directory Users and
Computers</span>.</li>
<li>Click the domain name.</li>
<li>Right-click <span class="bold">Users</span>, then select <span class="bold">New&mdash;>User</span>.</li>
<li>In the <span class="bold">Username</span> and <span class="bold">Logon name</span> fields, enter a distinctive name for the template, such as <span class="italic">stduser</span>  or <span class="italic">admtemp</span>. Click <span class="bold">Next</span>.</li>
<li>It is recommended that you also deselect the <span class="bold">User must
change password at next logon</span> check box and select the <span class="bold">User cannot change password</span>, <span class="bold">Password never expires</span>, and <span class="bold">Account is disabled</span> checkboxes. This prevents
anyone using the template account itself to access the integrated server.</li>
<li>Do not enter a password for a template account.</li>
<li>Click <span class="bold">Finish</span>.</li>
<li>To set up group memberships, double-click the template name in the list
of domain users and groups that appear in the right pane. Click the <span class="bold">Member of</span> tab and then click <span class="bold">Add</span> to add the groups
that you want.</li></ol>
<p><span class="bold">For a Windows 2000 Server or Windows Server 2003 server:</span></p>
<ol type="1">
<li>From the integrated server console 
<ul>
<li>In Windows 2000 Server click <span class="bold">Start &mdash;> Programs &mdash;>
Administrative Tools &mdash;> Computer Management &mdash;> Local Users and
Groups</span>.</li>
<li>In Windows Server 2003 click <span class="bold">Start &mdash;> Programs &mdash;>
Administrative Tools &mdash;> Computer Management &mdash;> System Tools &mdash;>
Local Users and Groups</span>.</li></ul></li>
<li>Select <span class="bold">System Tools</span> &mdash;> <span class="bold">Local
Users and Groups</span>.</li>
<li>Right-click <span class="bold">Users</span> and select <span class="bold">New
User</span>.</li>
<li>In the <span class="bold">User name</span> field, enter a distinctive name
for the template, such as  <span class="italic">stduser</span> or <span class="italic">admtemp</span>.</li>
<li>It is recommended that you also deselect the <span class="bold">User must
change password at next logon</span> check box and select the <span class="bold">Password never expires</span>, <span class="bold">User cannot change password</span>, and <span class="bold">Account is disabled</span> checkboxes. This prevents
anyone using the template account itself to access Windows server.</li>
<li>Click <span class="bold">Create</span>, then <span class="bold">Close</span>.</li>
<li>Click <span class="bold">Users</span> or refresh to show the new user template.</li>
<li>To set up group memberships, double-click the template name in the list
of domain users and groups that appears in the right pane. Click the <span class="bold">Member of</span> tab and then click <span class="bold">Add</span> to add the groups
that you want.</li></ol>
<p>You can make a user template a member of any Windows server group, whether
you enrolled that group from i5/OS or not. You can enroll users with a template
that is a member of a group that was not enrolled from i5/OS. If you do
this you can only remove users from the group by using the User Manager program
on Windows server.</p>
<p>If you are creating a template that will be used to enroll administrators,
you may want to make the template a member of the Windows server group <span class="italic">Administrators</span>. Likewise, if you want to protect Windows
users from accidental deletion from i5/OS, enroll the template in the <span class="italic">AS400_Permanent_Users</span> (or OS400_Permanent_Users) group.</p>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>