Creating Windows NT User and Group Accounts

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

You must have system administrator permissions on the server to create user and group accounts on a Windows NT Server. Before you can create SQL Server logins and database roles, you should create the appropriate Windows NT accounts for users and groups that will be working with the team solutions.

To make managing solution users easier, it is recommended you create Windows NT group accounts corresponding to the database roles in your team solution. It is easier to manage only the Windows NT group account rather than managing SQL Server logins and database role membership for many users.

The following activities are all performed using the Windows NT Administrative Tools found on the Start menu, under Programs and then Administrative Tools (Common).

• Creating a New Windows NT User Account

• Creating a New Local Group Account

• Creating a New Global Group Account

For additional information about accounts, see your Windows NT documentation.

After creating the necessary Windows NT accounts, you can create the SQL Server logins. For details, see Creating SQL Server Logins.

Naming Rules

A user or group name cannot be identical to any other user or group name on the domain or computer being administered. It can contain up to 20 uppercase or lowercase characters except for the following:

" /  \ [  ] :  ; |  = ,  + *  ? <  >

A user or group name cannot consist solely of periods (.) and spaces.

For additional information on naming conventions for Windows NT accounts, see your Windows NT documentation.

Creating a New Windows NT User Account

Because SQL Server uses Windows NT user authentication, your SQL Server users must have valid Windows NT accounts. Before creating SQL Server logins, use the following steps to create Windows NT user accounts.

In addition, before you can add users to Windows NT groups, each user must have a valid Windows NT domain account.

To create a new user account

1. From the Start menu, select Programs, then Administrative Tools (Common), and then UserManager for Domains.

2. From the User menu, select New User.

3. Type appropriate information in the dialog box:

   • In Username, type a user name.

   • In Full Name, type the user's complete name.

   • In Description, type a description of the user or the user account.

   • In both Password and Confirm Password, type a password of up to 14 characters.

   • Click to select or clear the check boxes for User Must Change Password at Next Logon, User Cannot Change Password, Password Never Expires, and Account Disabled.

4. To administer a Group, Profile, or Dialin associated with the New User box, click the button, and complete the dialog box that appears. Then click OK.

5. Click Add.

To add another user account, repeat steps 2 through 5.

Note   The buttons available in the New User dialog box depend on whether you are administering domains or workstations.

• The Groups, Profile, and Dialin buttons always appear.

• The Hours, Logon From, and Account buttons appear only when you administer domains.

Creating a New Local Group Account

A local group name cannot be identical to any other group or user name on the domain or computer being administered. It can contain up to 256 uppercase or lowercase characters except for the backslash character (\).

You can add user accounts and global groups from this domain and from trusted domains.

To create a new local group

1. From the Start menu, select Programs, then Administrative Tools (Common), and then User Manager for Domains.

2. In the User Manager for Domains window, do one of the following:

   • Select the user accounts you want as the initial members of the new group.

   • Select any group to ensure no user accounts are initially selected.

3. From the User menu, click New Local Group.

4. In the Group Name field, type a name for the new group.

5. If necessary, click Show Full Names.

   Note   This can be a lengthy operation if the group is large.

6. In the Description field, type a description of the new group.

7. To add members, click Add, and then complete the Add Users and Groups dialog box.

8. To remove members from the new group, select one or more names in Members, and then click Remove.

Creating a New Global Group Account

The New Global Group option is unavailable when Low Speed Connection is selected or when you administer a computer running Windows NT Workstation or a Windows NT Server that is not a domain controller.

Note   You must have domain administrator privileges to create a global group.

To create a new global group

1. From the Start menu, select Programs, then Administrative Tools (Common), and then User Manager for Domains.

2. In the User Manager for Domains window, do one of the following:

   • Select the user accounts you want as the initial members of the new group.

   • Select any group to ensure no user accounts are initially selected.

3. From the User menu, select New Global Group.

4. In the Group Name field, type a group name.

5. In the Description field, type a description for the group.

6. To add members, select one or more user accounts in Not Members, and then click Add.

7. To remove members from the new group, select one or more user accounts in Members, and then click Remove.