User accounts

3.3 Explain important concepts pertaining to identity and access management for server administration.

📘CompTIA Server+ (SK0-005) 

1. What is a User Account?

A user account is a digital identity created on a server or system that allows a person, application, or service to:

  • Log in (authenticate)
  • Access resources (files, applications, services)
  • Perform specific actions based on permissions

Every user account contains:

  • Username (unique ID)
  • Authentication method (password, key, etc.)
  • Permissions/privileges
  • Group memberships

👉 In server administration, user accounts are essential for controlling who can access what.

2. Types of User Accounts

Understanding account types is very important for the exam.

a. Standard User Account

  • Basic account for daily operations
  • Limited permissions
  • Cannot make major system changes

Example (IT environment):

  • A help desk staff member logging into a system to view logs but not modify system settings

b. Administrator (Privileged) Account

  • Full control over the system
  • Can install software, change configurations, manage users

⚠️ High risk if misused or compromised

Example:

  • System administrator managing server roles, permissions, and updates

c. Service Account

  • Used by applications or services to run automatically
  • Not used by humans for login

Example:

  • A database service using a service account to access storage and run queries

d. Shared Account

  • Multiple users share the same login credentials

⚠️ Not recommended because:

  • No accountability
  • Difficult to track actions

e. Guest Account

  • Temporary access with very limited permissions
  • Often disabled for security reasons

f. Root Account (Linux) / Built-in Administrator (Windows)

  • Highest privilege account
  • Full system control

⚠️ Should be protected, monitored, and rarely used directly

3. Account Components

Every user account has important components:

a. Username

  • Unique identifier for login
  • Must follow naming conventions

b. Password / Authentication Method

  • Used to verify identity
  • Must follow strong password policies

c. User ID (UID) / Security Identifier (SID)

  • Internal system ID for tracking users
  • More important than username for system processes

d. Group Memberships

  • Determines access rights based on group
  • Simplifies permission management

4. Account Lifecycle Management

User accounts go through a lifecycle. This is important for security and exam questions.

a. Provisioning (Creation)

  • Creating new user accounts
  • Assigning permissions and groups

b. Modification

  • Updating permissions when roles change

c. Deprovisioning (Deletion/Disabling)

  • Removing access when user leaves or no longer needs access

⚠️ Best practice:

  • Disable first, then delete later

5. Account Policies

These policies define how accounts are managed and secured.

a. Password Policy

Controls password strength:

  • Minimum length
  • Complexity (uppercase, lowercase, numbers, symbols)
  • Expiration period
  • Password history (prevent reuse)

b. Account Lockout Policy

  • Locks account after multiple failed login attempts
  • Prevents brute-force attacks

c. Logon Restrictions

  • Time-based access (e.g., only working hours)
  • Location-based access
  • Device-based restrictions

6. Privilege Management

a. Principle of Least Privilege (PoLP)

  • Users should have only the permissions they need
  • Reduces risk of misuse or attack

b. Role-Based Access Control (RBAC)

  • Permissions assigned based on roles

Example:

  • Database Admin → full database access
  • Support Staff → read-only access

c. Separation of Duties

  • Critical tasks divided among multiple users
  • Prevents fraud and mistakes

7. Authentication Methods for User Accounts

User accounts require authentication to verify identity.

Common methods:

  • Passwords
  • Multi-Factor Authentication (MFA)
  • Smart cards
  • Biometrics (fingerprint, face)
  • SSH keys (Linux servers)

8. Account Security Best Practices

For the exam, remember these key practices:

a. Disable Unused Accounts

  • Prevent unauthorized access

b. Rename Default Accounts

  • Makes attacks harder

c. Use Strong Passwords

  • Enforce complexity and expiration

d. Enable MFA

  • Adds extra security layer

e. Monitor Account Activity

  • Use logs to detect suspicious behavior

f. Avoid Shared Accounts

  • Always use individual accounts

g. Use Privileged Access Management (PAM)

  • Control and monitor admin accounts

9. Common Risks Related to User Accounts

You should understand these risks for the exam:

  • Weak passwords → easy compromise
  • Excessive permissions → misuse or damage
  • Orphaned accounts → unused but still active
  • Shared accounts → no accountability
  • Default accounts → common attack targets

10. Practical IT Scenario (Exam Style Understanding)

In a server environment:

  • A new employee joins → account is created (provisioning)
  • Employee moves to a new role → permissions updated
  • Employee leaves → account disabled/deleted
  • Admin accounts → restricted and monitored
  • Services → run using service accounts

Final Exam Tips

Focus on these key points:

  • Know types of accounts (standard, admin, service, etc.)
  • Understand account lifecycle
  • Remember least privilege principle
  • Learn password and lockout policies
  • Know why shared accounts are bad
  • Understand authentication methods
  • Be familiar with security best practices
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by