Сменить имя администратора windows server

Если текущее имя пользователя Windows, отображаемое при входе или в меню Пуск вам не по душе, его сравнительно легко можно изменить как для локальной учетной записи, так и для локальной учетной записи Майкрософт. Если вы также хотите поменять имя папки пользователя — здесь сложнее, но и эту тему мы также затронем.

В этой пошаговой инструкции подробно о том, как переименовать пользователя Windows 11 или Windows 10 с локальной учетной записью или учетной записью Майкрософт, а также кратко об изменении имени папки пользователя.

Как переименовать локального пользователя

Если требуется переименование локальной учетной записи пользователя, сделать это можно одним из следующих способов.

Управление учетными записями пользователей

Первый вариант — использование утилиты управления учетными записями пользователей, порядок действий будет следующим:

1. Нажмите правой кнопкой мыши по кнопке «Пуск», выберите пункт «Выполнить» (или нажмите клавиши Win+R на клавиатуре), введите

   netplwiz

   или

   control userpasswords2

   и нажмите Enter.
2. В открывшемся окне выберите нужного пользователя и нажмите кнопку «Свойства».
3. Задайте новое имя пользователя и нажмите «Ок», затем — «Ок» в окне управления учетными записями.
4. Выйдите из системы и снова зайдите — имя вашего пользователя будет изменено.

Учитывайте, что несмотря на то, что имя пользователя изменится, название его папки останется прежним.

Локальные пользователи и группы

Второй способ подойдет только для Pro (Профессиональная) и Enterprise (Корпоративная) версий Windows 11/10. Необходимые шаги:

1. Нажмите клавиши Win+R на клавиатуре, введите

   lusrmgr.msc

   и нажмите Enter.

2. В окне «Локальные пользователи и группы» перейдите в раздел «Пользователи», нажмите правой кнопкой мыши по имени пользователя, которое нужно изменить и выберите пункт «Переименовать».
3. Укажите новое имя пользователя, закройте окно, выйдите из системы и снова зайдите.

Командная строка

Ещё одна возможность — изменение имени пользователя в командной строке Windows:

1. Запустите командную строку от имени администратора.
2. Введите команду

   wmic useraccount where name='старое_имя' rename новое_имя

   и нажмите Enter.

3. Закройте командную строку, выйдите из системы и вновь зайдите, уже под новым именем.

Изменение имени пользователя для учетной записи Майкрософт

Если вы используете учетную запись Майкрософт, изменение имени выполняется на соответствующем сайте:

1. Зайдите на страницу вашей учетной записи Майкрософт https://account.microsoft.com/ с вашими учетными данными.
2. Нажмите по вашему имени или перейдите на вкладку «Сведения».
3. Нажмите «Изменить имя» и укажите новые имя и фамилию (необязательно).

После применения сделанных настроек они, через некоторое время (не сразу и, возможно, после перезагрузки) будут синхронизированы с вашим устройством, и вы увидите, что имя пользователя в Windows также изменилось.

Изменение имени папки пользователя

Изменить имя папки пользователя, если оно вам не нравится, в принципе, возможно, но часто приводит к неожиданным результатам: от неработоспособности некоторых программ, для которых были прописаны абсолютные пути, до невозможности зайти в Windows из-за ошибок профиля пользователя.

Простой и безопасный способ

Если вам нужен простой и безопасный способ, рекомендую использовать следующий подход:

1. Создайте новую локальную учетную запись с нужным именем (рекомендую использовать латиницу), для нее будет создана папка с тем же именем, сделайте нового пользователя администратором. Подробно о том, как это сделать в статьях: Как создать пользователя Windows 11, Как создать пользователя Windows 10.
2. Зайдите под вновь созданным пользователем, и, если нужно, прикрепите учетную запись Майкрософт (это можно сделать в Параметрах).
3. Убедившись, что всё работает как нужно и перенеся все данные из старого профиля (например, хранящиеся в папках Документы, Изображения, Рабочий стол), удалите старого пользователя и работайте с новой учетной записью и новым именем папки.

Рискованный метод

Способ переименования папки текущего пользователя без создания нового выглядит иначе (и, ещё раз предупреждаю, небезопасный):

1. Выйдите из текущей учетной записи и зайдите в систему с другой учетной записью Администратора (не с той, для которой мы изменяем имя папки), можно включить скрытую учетную запись Администратор.
2. При желании измените имя пользователя, для которого меняется имя папки одним из способов, описанным ранее.
3. Перейдите в папку C:Пользователи (C:Users) и переименуйте папку нужного пользователя тем же способом, которым вы переименовываете другие папки.
4. Запустите редактор реестра и перейдите в раздел

   HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList

5. В подразделах этого раздела найдите такой, где для параметра с именем ProfileImagePath задан путь к изменяемой папке, дважды нажмите по этому параметру и измените путь на нужный.
6. Закройте редактор реестра, перезагрузите компьютер и попробуйте вновь зайти в учетную запись, для которой менялся путь к папке.

Несмотря на то, что этот метод описан на официальном сайте Майкрософт , он остается крайне ненадежным и, если на почти чистой системе обычно работает, на ОС с множеством установленных программ зачастую вызывает неожиданные проблемы.

Иногда бывает достаточным изменить старые пути на новые в реестре, выполнив поиск по старому имени папки, а иногда даже это не позволяет избежать проблем: от необходимости повторно настраивать OneDrive и проблем с WinGet до, уже упоминавшихся проблем с профилем пользователя. О случаях неудачных попыток вы можете прочесть, например, в комментариях к статье Как изменить имя папки пользователя в Windows 10.

Manage User Accounts in Windows Server Essentials

Applies To: Windows Server 2016 Essentials, Windows Server 2012 R2 Essentials, Windows Server 2012 Essentials

The Users page of the Windows Server Essentials Dashboard centralizes information and tasks that help you manage the user accounts on your small business network. For an overview of the Users Dashboard, see Dashboard Overview.

Managing user accounts

The following topics provide information about how to use the Windows Server Essentials Dashboard to manage the user accounts on the server:

• Add a user account

• Remove a user account

• View user accounts

• Change the display name for the user account

• Activate a user account

• Deactivate a user account

• Understand user accounts

• Manage user accounts using the Dashboard

Add a user account

When you add a user account, the assigned user can log on to the network, and you can give the user permission to access network resources such as shared folders and the Remote Web Access site. Windows Server Essentials includes the Add a User Account Wizard that helps you:

• Provide a name and password for the user account.

• Define the account as either an administrator or as a standard user.

• Select which shared folders the user account can access.

• Specify if the user account has remote access to the network.

• Select email options if applicable.

• Assign a Microsoft Online Services account (referred to as a Microsoft 365 account in Windows Server Essentials) if applicable.

• Assign user groups ( Windows Server Essentials only).

[!NOTE]

• Non-ASCII characters are not supported in Microsoft Azure Active Directory (Azure AD). Do not use any non-ASCII characters in your password, if your server is integrated with Azure AD.
  • The email options are only available if you install an add-in that provides email service.

To add a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the Users Tasks pane, click Add a user account. The Add a User Account Wizard appears.

4. Follow the instructions to complete the wizard.

Remove a user account

When you choose to remove a user account from the server, a wizard deletes the selected account. Because of this, you can no longer use the account to log on to the network or to access any of the network resources. As an option, you can also delete the files for the user account at the same time that you remove the account. If you do not want to permanently remove the user account, you can deactivate the user account instead to suspend access to network resources.

[!IMPORTANT]
If a user account has a Microsoft online account assigned, when you remove the user account, the online account also is removed from Microsoft Online Services, and the user’s data, including email, is subject to data retention policies in Microsoft Online Services. If you want to retain user data for the online account, deactivate the user account instead of removing it. For more information, see Manage Online Accounts for Users.

To remove a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to remove.

4. In the <User Account> Tasks pane, click Remove the user account. The Delete a User Account Wizard appears.

5. On the Do you want to keep the files? page of the wizard, you can choose to delete the user’s files, including File History backups and the redirected folder for the user account. To keep the user’s files, leave the check box empty. After making your selection, click Next.

6. Click Delete account.

[!NOTE]
After you remove a user account, the account no longer appears in the list of user accounts. If you chose to delete the files, the server permanently deletes the user’s folder from the Users server folder and from the File History Backups server folder.

If you have an integrated email provider, the email account assigned to the user account will also be removed.

View user accounts

The Users section of the Windows Server Essentials Dashboard displays a list of network user accounts. The list also provides additional information about each account.

To view a list of user accounts

1. Open the Windows Server Essentials Dashboard.

2. On the main navigation bar, click Users.

3. The Dashboard displays a current list of user accounts.

To view or change properties for a user account

1. In the list of user accounts, select the account for which you want to view or change properties.

2. In the <User Account> Tasks pane, click View the account properties. The Properties page for the user account appears.

3. Click a tab to display the properties for that account feature.

4. To save any changes that you make to the user account properties, click Apply.

Change the display name for the user account

The display name is the name that appears in the Name column on the Users page of the Dashboard. Changing the display name does not change the logon or sign-in name for a user account.

To change the display name for a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to change.

4. In the <User Account> Tasks pane, click View the account properties. The Properties page for the user account appears.

5. On the General tab, type a new First name and Last name for the user account, and then click OK.

   The new display name appears in the list of user accounts.

Activate a user account

When you activate a user account, the assigned user can log on to the network and access network resources to which the account has permission, such as shared folders and the Remote Web Access site.

[!NOTE]
You can only activate a user account that is deactivated. You cannot activate a user account after you remove it from the server.

To activate a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list view, select the user account that you want to activate.

4. In the <User Account> Tasks pane, click Activate the user account.

5. In the confirmation window, click Yes to confirm your action.

[!NOTE]
After you activate a user account, the status for the account displays Active. The user account regains the same access rights that were assigned prior to account deactivation.

If you have an integrated email provider, the email account assigned to the user account will also be activated.

Deactivate a user account

When you deactivate a user account, account access to the server is temporarily suspended. Because of this, the assigned user cannot use the account to access network resources such as shared folders or the Remote Web Access site until you activate the account.

If the user account has a Microsoft online account assigned, the online account is also deactivated. The user cannot use resources in Microsoft 365 and other online services that you subscribe to, but the user’s data, including email, is retained in Microsoft Online Services.

[!NOTE]
You can only deactivate a user account that is currently active.

To deactivate a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list view, select the user account that you want to deactivate.

4. In the <User Account> Tasks pane, click Deactivate the user account.

5. In the confirmation window, click Yes to confirm your action.

[!NOTE]
After you deactivate a user account, the status for the account displays Inactive.

If you have an integrated email provider, the email account assigned to the user account will also be deactivated.

Understand user accounts

A user account provides important information to Windows Server Essentials, which enables individuals to access information that is stored on the server, and makes it possible for individual users to create and manage their files and settings. Users can log on to any computer on the network if they have a Windows Server Essentials user account and they have permissions to access a computer. Users access their user accounts with their user name and password.

There are two main types of user accounts. Each type gives users a different level of control over the computer:

• Standard accounts are for everyday computing. The standard account helps protect your network by preventing users from making changes that affect other users, such as deleting files or changing network settings.

• Administrator accounts provide the most control over a computer network. You should assign the administrator account type only when necessary.

Manage user accounts using the Dashboard

Windows Server Essentials makes it possible to perform common administrative tasks by using the Windows Server Essentials Dashboard. By default, the Users page of the Dashboard includes two tabs: Users and Users Groups.

[!NOTE]

• If you integrate your server that is running Windows Server Essentials with Microsoft 365, a new tab called Distribution Groups is also added within the Users page of the Dashboard.
  • In Windows Server Essentials, the Users page of the Dashboard includes only a single tab — Users.

The Users tab includes the following:

• A list of user accounts, which displays:

  • The name of the user.

  • The Logon name for the user account.

  • Whether the user account has Anywhere Access permission. Anywhere Access permission for a user account is either Allowed or Not allowed.

  • Whether the File History for this user account is managed by the server running Windows Server Essentials. The File History status for a user account is either Managed or Not managed.

  • The level of access that is assigned to the user account. You can assign either Standard user access or Administrator access for a user account.

  • The user account status. A user account can be Active, Inactive, or Incomplete.

  • In Windows Server Essentials, if the server is integrated with Microsoft 365 or Windows Intune, the Microsoft online account is displayed.

  • In Windows Server Essentials, if the server is integrated with Microsoft 365, the status of the account (known in Windows Server Essentials as the Microsoft online account) for the user account is displayed.

• A details pane with additional information about a selected user account.

• A tasks pane that includes:

  • A set of user account administrative tasks such as viewing and removing user accounts, and changing passwords.

  • Tasks that allow you to globally set or change settings for all user accounts in the network.

  The following table describes the various user account tasks that are available from the Users tab. Some of the tasks are user account-specific, and they are only visible when you select a user account in the list.

[!NOTE]
If you integrate Microsoft 365 with Windows Server Essentials, additional tasks will become available. For more information, see Manage Online Accounts for Users.

User account tasks in the Dashboard

Managing passwords and access

The following topics provide information about how to use the Windows Server Essentials Dashboard to manage user account passwords and user access to the shared folders on the server:

• Change or reset the password for a user account

• What you should know about password policies

• Change the password policy

• Level of access to shared folders

• Retain and manage access to files for removed user accounts

• Synchronize the DSRM password with the network administrator password

• Give user accounts remote desktop permission

• Enable users to access resources on the server

• Change remote access permissions for a user account

• Change virtual private network permissions for a user account

• Change access to internal shared folders for a user account

• Allow user accounts to establish a remote desktop session to their computer

Change or reset the password for a user account

To change or reset a user account password, follow these steps.

To reset the password for a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to reset.

4. In the <User Account> Tasks pane, click Change the user account password. The Change User Account Password Wizard appears.

5. Type a new password for the user account, and then type the password again to confirm it.

6. Click Change password.

7. Provide the new password to the user.

   [!IMPORTANT]

   • You may not be able to change your password if the password policy for your account has been set to Passwords never expire.
     • Non-ASCII characters are not supported in Azure AD. Therefore, if your server is integrated with Azure AD, do not use any non-ASCII characters in your password.
     • If a Microsoft online account (known in Windows Server Essentials as a Microsoft 365 account) is assigned to the user, the password is synchronized with the online account password. The user will use the new password to sign in on the server or sign in to Microsoft 365. For more information, see Manage Online Accounts for Users.

What you should know about password policies

The password policy is a set of rules that define how users create and use passwords. The policy helps to prevent unauthorized access to user data and other information that is stored on the server. The password policy is applied to all user accounts that access the network.

The Windows Server Essentials password policy consists of three primary elements as follows:

• Password length. The longer a password is, the more secure it is. Blank passwords are not secure.

• Password complexity. Complex passwords contain a mixture of uppercase and lowercase letters (a-z, A-Z), base numbers (0-9), and non-alphabetic symbols (such as; !,@,#,_,-). Complex passwords are much less susceptible to unauthorized access. Passwords that contain user names, birthdates, or other personal information do not provide adequate security.

• Password age. Windows Server Essentials requires that users change their password at least once every 180 days. As an option, you can choose to have passwords never expire.

  To make it easier to implement a password policy on your computer network, Windows Server Essentials provides a simple tool that allows you to set or change the password policy to any of the following four pre-defined policy profiles:

• Weak. Users can specify any password that is not blank.

• Medium. These passwords must contain at least 5 characters. A complex password is not required.

• Medium Strong. These passwords must contain at least 5 characters, and must include letters, numbers, and symbols.

• Strong. These passwords must contain at least 7 characters, and must include letters, numbers, and symbols. These passwords are more secure, but may be more difficult for users to remember.

  [!NOTE]
  Passwords cannot contain the user name or email address.

  If you integrate with Microsoft 365, the integration enforces the Strong password policy, and updates the policy to include the following requirements:

  • Passwords must contain 8 �16 characters.
    • Passwords cannot contain a space or the Microsoft 365 email name.

  By default, server installation sets the default password policy to the Strong option.

Change the password policy

Use the following procedure to set or change the password policy to any of four pre-defined policy profiles.

To change the password policy

1. Open the Windows Server Essentials Dashboard, and then click Users.

2. In the Users Tasks pane, click Set the password policy.

3. On the Change the Password Policy screen, set the level of password strength by moving the slider.

   Microsoft recommends that you set the password strength to Strong.

   [!NOTE]
   As an option, you can also select Passwords never expire. This setting is less secure, and so it is not recommended.

4. Click Change policy.

Level of access to shared folders

As a best practice, you should assign the most restrictive permissions available that still allow users to perform required tasks.

You have three access settings available for the shared folders on the server:

• Read/Write. Choose this setting if you want to allow the user account permission to create, change, and delete any files in the shared folder.

• Read only. Choose this setting if you want to allow the user account permission to only read the files in the shared folder. User accounts with read-only access cannot create, change, or delete any files in the shared folder.

• No access. Choose this setting if you do not want the user account to access any files in the shared folder.

Retain and manage access to files for removed user accounts

The network administrator can remove a user account and choose to keep the user’s files for future use. In this scenario, the removed user account can no longer be used to sign in to the network; however, the files for this user will be saved in a shared folder, which can be shared with another user.

[!IMPORTANT]
Be aware that if you remove a user account that has a Microsoft online account assigned, the online account is also removed, and the user data, including email, is subject to data retention policies in Microsoft Online Services. To retain the user data for the online account, deactivate the user account instead of removing it. For more information, see Manage Online Accounts for Users.

To remove a user account but retain access to the user’s files

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to remove.

4. In the <User Account> Tasks pane, click Remove the user account. The Delete a User Account Wizard appears.

5. On the Do you want to keep the files? page, make sure that the Delete the files including File History backups and redirected folder for this user account check box is clear, and then click Next.

   A confirmation page appears warning you that are deleting the account but keeping the files.

6. Click Delete account to remove the user account.

   After the user account is removed, the administrator can give another user account access to the shared folder.

To give a user account permission to access a shared folder

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Storage, and then click the Server Folders tab.

3. In the list of folders, select the Users folder.

4. In the Users Tasks pane, click Open the folder. Windows Explorer opens and displays the contents of the Users folder.

5. Right-click the folder for the user account that you want to share, and then click Properties.

6. In <User Account> Properties, click the Sharing tab, and then click Share.

7. In the File Sharing window, type or select the user account name with whom you want to share the folder, and then click Add.

8. Choose the Permission Level that you want the user account to have, and then click Share.

Synchronize the DSRM password with the network administrator password

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. The operating system uses DSRM to log on to the computer if Active Directory fails or needs to be restored. If your network administrator password and the DSRM password are different, DSRM will not load.

During a clean, first-time installation of Windows Server Essentials, the program sets the DSRM password to the network administrator account password that you specify during setup or in the migration answer file. When you change your network administrator password (as recommended typically every 60 days for increased server security), the password change is not forwarded to DSRM. This results in a password mismatch. If this occurs, you can use the following solutions to manually or automatically synchronize your network administrator’s password with the DSRM password.

To manually synchronize the DSRM password to a network administrator account

1. At a command prompt, run ntdsutil.exe to open the ntdsutil tool.

2. To reset the DSRM password, type set dsrm password.

3. To synchronize the DSRM password on a domain controller with the current network administrator’s account, type:

   sync from domain account <current_network_administrator_account>, and then press Enter.

   Because you will periodically change the password for the network administrator account, to ensure that the DSRM password is always the same as the current password of the network administrator, we recommend that you create a schedule task to automatically synchronize the DSRM password to the network administrator password daily.

To automatically synchronize the DSRM password to a network administrator account

1. From the server, open Administrative Tools, and then double-click Task Scheduler.

2. In the Task Scheduler Actions pane, click Create Task.

3. In the Name text box, type a name for the task such as AutoSync DSRM Password, and then select the Run with highest privileges option.

4. Define when the task should run:

   1. In the Create Task dialog box, click the Triggers tab, and then click New.

   2. In the New Trigger dialog box, select your recurrence option, specify the recurrence interval, and choose a start time.

      [!NOTE]
      As a best practice, you should set the task to run daily during non-business hours.

   3. Click OK to save your changes and return to the Create Task dialog box.

5. Define the task actions:

   1. Click the Actions tab, and then click New. The New Action dialog box appears.

   2. In the Action list, click Start a program, and then browse to C:WINDOWSSYSTEM32ntdsutil.exe.

   3. In the Add arguments(optional) text box, type the following (you must include the quotation marks): set dsrm password sync from domain account SBS_network_administrator_account q q where SBS_network_administrator_account is the current network administrator’s account name.

6. Click OK twice to save the task and close the Create Task dialog box. The new task appears in the Active Tasks section of Task Schedule.

Give user accounts remote desktop permission

In the default installation of Windows Server Essentials, network users do not have permission to establish a remote connection to computers or other resources on the network.

Before network users can establish a remote connection to network resources, you must first set up Anywhere Access. After you set up Anywhere Access, users can access files, applications, and computers in your office network from a device in any location with an Internet connection.

The Set up Anywhere Access Wizard allows you to enable two methods of remote access:

• Virtual private network (VPN)

• Remote Web Access

  When you run the wizard, you can also choose to allow Anywhere Access for all current and newly added user accounts.

  To set up Anywhere Access, open the Dashboard Home page, click SETUP, and then click Set up Anywhere Access.

  For more information about Anywhere Access, see Manage Anywhere Access.

Enable users to access resources on the server

This section applies to a server running Windows Server Essentials or Windows Server Essentials, or to a server running Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter with the Windows Server Essentials Experience role installed.

If you want users to use remote access, and/or have individual user accounts, after you finish connecting a computer to the server, you can create new network user accounts for the users of the networked computer on the server by using the Dashboard. For more information about creating a user account, see Add a user account. After creating the user accounts, you must provide the network user name and password information to the users of the client computer so that they can access resources on the server by using the Launchpad.

For each user account that you create you can set access for the following through the user account properties:

• Shared folders. By default, network administrators have Read/Write permission to all the shared folders, and standard user accounts have Read-only permissions to the Company folder. If media streaming is enabled, you can assign folder access permissions for individual standard user accounts for the following shared folders: Music, Pictures, Recorded TV, and Videos. You can set permissions for user accounts to access shared folders on the Shared folders tab of the user account properties.

• Anywhere Access. By default, network administrators can use either VPN or Remote Web Access to access server resources. For standard user accounts, you must set user account permissions on the Anywhere Access tab.

• Computer access. By default, network administrators can access all the computers in the network. However, for standard user accounts you can set individual user account permissions for accessing computers on the network on the Computer access tab of the user account properties.

To edit user account properties in Windows Server Essentials 2012 R2

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account that you want to edit.

4. In the <User Account> Tasks pane, click View the account properties.

5. In the <User Account> Properties, do the following:

   1. On the Shared folders tab, set the appropriate folder permissions for each shared folder as needed.

   2. On the Anywhere Access tab:

      1. To allow a user to connect to the server by using VPN, select the Allow Virtual Private Network (VPN) check box.

      2. To allow a user to connect to the server by using Remote Web Access, select the Allow Remote Web Access and access to web services applications check box.

   3. On the Computer access tab, select the network computers that you would like the user to have access to.

To edit user account properties in Windows Server Essentials 2012

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account that you want to edit.

4. In the <User Account> Tasks pane, click Properties.

5. In the <User Account> Properties, do the following:

   1. On the General tab, select User can view network health alerts if the user account needs to access network health reports.

   2. On the Shared folders tab, set the appropriate folder permissions for each shared folder as needed.

   3. On the Anywhere Access tab:

      1. To allow a user to connect to the server by using VPN, select the Allow Virtual Private Network (VPN) check box.

      2. To allow a user to connect to the server by using Remote Web Access, select the Allow Remote Web Access and access to web services applications check box.

   4. On the Computer access tab, select the network computers that you would like the user to have access to.

Change remote access permissions for a user account

A user can access resources located on the server from a remote location by using a virtual private network (VPN), Remote Web Access, or other web services applications. By default, remote access permissions are turned on for network users when you configure Anywhere Access in Windows Server Essentials by using the Dashboard.

To change remote access permissions for a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to change.

4. In the <User Account> Tasks pane, click View the account properties. The Properties page for the user account appears.

5. On the Anywhere Access tab, do the following:

   • Select the Allow Virtual Private Network (VPN) check box to allow a user to connect to the server by using VPN.

   • Select the Allow Remote Web Access and access to web services applications check box to allow a user to connect to the server by using Remote Web Access.

6. Click Apply, and then click OK.

Change virtual private network permissions for a user account

You can use a virtual private network (VPN) to connect to Windows Server Essentials and access all your resources that are stored on the server. This is especially useful if you have a client computer that is set up with network accounts that can be used to connect to a hosted Windows Server Essentials server through a VPN connection. All the newly created user accounts on the hosted Windows Server Essentials server must use VPN to log on to the client computer for the first time.

To change VPN permissions for network users

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account to which you want to grant permissions to access the desktop remotely.

4. In the <User Account> Tasks pane, click Properties.

5. In the <User Account> Properties, click the Anywhere Access tab.

6. On the Anywhere Access tab, to allow a user to connect to the server by using VPN, select the Allow Virtual Private Network (VPN) check box.

7. Click Apply, and then click OK.

Change access to internal shared folders for a user account

You can manage access to any shared folders on the server by using the tasks on the Server Folders tab of the Dashboard. By default, the following server folders are created when you install Windows Server Essentials:

• Client Computer Backups. Used to store client computer backups created by Windows Server backup. This server folder is not shared.

• Company. Used to store and access documents related to your organization by network users.

• File History Backups. By default, Windows Server Essentials stores file backups created by using File History. This server folder is not shared.

• Folder Redirection. Used to store and access folders that are set up for folder redirection by network users. This server folder is not shared.

• Music. Used to store and access music files by network users. This folder is created when you turn on media sharing.

• Pictures. Used to store and access pictures by network users. This folder is created when you turn on media sharing.

• Recorded TV. Used to store and access recorded TV programs by network users. This folder is created when you turn on media sharing.

• Videos. Used to store and access videos by network users. This folder is created when you turn on media sharing.

• Users. Used to store and access files by network users. A user-specific folder is automatically generated in the Users server folder for every network user account that you create.

To change access to a shared folder for a user account

1. Open the Windows Server Essentials Dashboard.

2. Click STORAGE, and then click Server Folders.

3. Navigate to and select the server folder for which you want to modify permissions.

4. In the task pane, click View the folder properties.

5. In <FolderName> Properties, click Sharing, and select the appropriate user access level for the listed user accounts, and then click Apply.

   [!NOTE]
   You cannot modify the sharing permissions for File History Backups, Folder Redirection, and Users server folders. Hence, the folder properties of these server folders do not include a Sharing tab.

Allow user accounts to establish a remote desktop session to their computer

This section applies to a server running Windows Server Essentials or Windows Server Essentials, or to a server running Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter with the Windows Server Essentials Experience role installed.

The network administrator can grant permissions to network users that allow them to access their network computers from a remote location.

To enable users to access their network computers from a remote location

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account that you want to grant permissions for accessing the desktop remotely.

4. In the <User Account> Tasks pane, click Properties.

5. In the <User Account> Properties, click the Computer Access tab.

6. Select the computers that you want this user account to be able to access remotely, and then click OK.

Additional References

• Manage Online Accounts for Users

• Get Connected

• Use Windows Server Essentials

• Manage Windows Server Essentials

Manage User Accounts in Windows Server Essentials

Applies To: Windows Server 2016 Essentials, Windows Server 2012 R2 Essentials, Windows Server 2012 Essentials

The Users page of the Windows Server Essentials Dashboard centralizes information and tasks that help you manage the user accounts on your small business network. For an overview of the Users Dashboard, see Dashboard Overview.

Managing user accounts

The following topics provide information about how to use the Windows Server Essentials Dashboard to manage the user accounts on the server:

• Add a user account

• Remove a user account

• View user accounts

• Change the display name for the user account

• Activate a user account

• Deactivate a user account

• Understand user accounts

• Manage user accounts using the Dashboard

Add a user account

When you add a user account, the assigned user can log on to the network, and you can give the user permission to access network resources such as shared folders and the Remote Web Access site. Windows Server Essentials includes the Add a User Account Wizard that helps you:

• Provide a name and password for the user account.

• Define the account as either an administrator or as a standard user.

• Select which shared folders the user account can access.

• Specify if the user account has remote access to the network.

• Select email options if applicable.

• Assign a Microsoft Online Services account (referred to as a Microsoft 365 account in Windows Server Essentials) if applicable.

• Assign user groups ( Windows Server Essentials only).

[!NOTE]

• Non-ASCII characters are not supported in Microsoft Azure Active Directory (Azure AD). Do not use any non-ASCII characters in your password, if your server is integrated with Azure AD.
  • The email options are only available if you install an add-in that provides email service.

To add a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the Users Tasks pane, click Add a user account. The Add a User Account Wizard appears.

4. Follow the instructions to complete the wizard.

Remove a user account

When you choose to remove a user account from the server, a wizard deletes the selected account. Because of this, you can no longer use the account to log on to the network or to access any of the network resources. As an option, you can also delete the files for the user account at the same time that you remove the account. If you do not want to permanently remove the user account, you can deactivate the user account instead to suspend access to network resources.

[!IMPORTANT]
If a user account has a Microsoft online account assigned, when you remove the user account, the online account also is removed from Microsoft Online Services, and the user’s data, including email, is subject to data retention policies in Microsoft Online Services. If you want to retain user data for the online account, deactivate the user account instead of removing it. For more information, see Manage Online Accounts for Users.

To remove a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to remove.

4. In the <User Account> Tasks pane, click Remove the user account. The Delete a User Account Wizard appears.

5. On the Do you want to keep the files? page of the wizard, you can choose to delete the user’s files, including File History backups and the redirected folder for the user account. To keep the user’s files, leave the check box empty. After making your selection, click Next.

6. Click Delete account.

[!NOTE]
After you remove a user account, the account no longer appears in the list of user accounts. If you chose to delete the files, the server permanently deletes the user’s folder from the Users server folder and from the File History Backups server folder.

If you have an integrated email provider, the email account assigned to the user account will also be removed.

View user accounts

The Users section of the Windows Server Essentials Dashboard displays a list of network user accounts. The list also provides additional information about each account.

To view a list of user accounts

1. Open the Windows Server Essentials Dashboard.

2. On the main navigation bar, click Users.

3. The Dashboard displays a current list of user accounts.

To view or change properties for a user account

1. In the list of user accounts, select the account for which you want to view or change properties.

2. In the <User Account> Tasks pane, click View the account properties. The Properties page for the user account appears.

3. Click a tab to display the properties for that account feature.

4. To save any changes that you make to the user account properties, click Apply.

Change the display name for the user account

The display name is the name that appears in the Name column on the Users page of the Dashboard. Changing the display name does not change the logon or sign-in name for a user account.

To change the display name for a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to change.

4. In the <User Account> Tasks pane, click View the account properties. The Properties page for the user account appears.

5. On the General tab, type a new First name and Last name for the user account, and then click OK.

   The new display name appears in the list of user accounts.

Activate a user account

When you activate a user account, the assigned user can log on to the network and access network resources to which the account has permission, such as shared folders and the Remote Web Access site.

[!NOTE]
You can only activate a user account that is deactivated. You cannot activate a user account after you remove it from the server.

To activate a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list view, select the user account that you want to activate.

4. In the <User Account> Tasks pane, click Activate the user account.

5. In the confirmation window, click Yes to confirm your action.

[!NOTE]
After you activate a user account, the status for the account displays Active. The user account regains the same access rights that were assigned prior to account deactivation.

If you have an integrated email provider, the email account assigned to the user account will also be activated.

Deactivate a user account

When you deactivate a user account, account access to the server is temporarily suspended. Because of this, the assigned user cannot use the account to access network resources such as shared folders or the Remote Web Access site until you activate the account.

If the user account has a Microsoft online account assigned, the online account is also deactivated. The user cannot use resources in Microsoft 365 and other online services that you subscribe to, but the user’s data, including email, is retained in Microsoft Online Services.

[!NOTE]
You can only deactivate a user account that is currently active.

To deactivate a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list view, select the user account that you want to deactivate.

4. In the <User Account> Tasks pane, click Deactivate the user account.

5. In the confirmation window, click Yes to confirm your action.

[!NOTE]
After you deactivate a user account, the status for the account displays Inactive.

If you have an integrated email provider, the email account assigned to the user account will also be deactivated.

Understand user accounts

A user account provides important information to Windows Server Essentials, which enables individuals to access information that is stored on the server, and makes it possible for individual users to create and manage their files and settings. Users can log on to any computer on the network if they have a Windows Server Essentials user account and they have permissions to access a computer. Users access their user accounts with their user name and password.

There are two main types of user accounts. Each type gives users a different level of control over the computer:

• Standard accounts are for everyday computing. The standard account helps protect your network by preventing users from making changes that affect other users, such as deleting files or changing network settings.

• Administrator accounts provide the most control over a computer network. You should assign the administrator account type only when necessary.

Manage user accounts using the Dashboard

Windows Server Essentials makes it possible to perform common administrative tasks by using the Windows Server Essentials Dashboard. By default, the Users page of the Dashboard includes two tabs: Users and Users Groups.

[!NOTE]

• If you integrate your server that is running Windows Server Essentials with Microsoft 365, a new tab called Distribution Groups is also added within the Users page of the Dashboard.
  • In Windows Server Essentials, the Users page of the Dashboard includes only a single tab — Users.

The Users tab includes the following:

• A list of user accounts, which displays:

  • The name of the user.

  • The Logon name for the user account.

  • Whether the user account has Anywhere Access permission. Anywhere Access permission for a user account is either Allowed or Not allowed.

  • Whether the File History for this user account is managed by the server running Windows Server Essentials. The File History status for a user account is either Managed or Not managed.

  • The level of access that is assigned to the user account. You can assign either Standard user access or Administrator access for a user account.

  • The user account status. A user account can be Active, Inactive, or Incomplete.

  • In Windows Server Essentials, if the server is integrated with Microsoft 365 or Windows Intune, the Microsoft online account is displayed.

  • In Windows Server Essentials, if the server is integrated with Microsoft 365, the status of the account (known in Windows Server Essentials as the Microsoft online account) for the user account is displayed.

• A details pane with additional information about a selected user account.

• A tasks pane that includes:

  • A set of user account administrative tasks such as viewing and removing user accounts, and changing passwords.

  • Tasks that allow you to globally set or change settings for all user accounts in the network.

  The following table describes the various user account tasks that are available from the Users tab. Some of the tasks are user account-specific, and they are only visible when you select a user account in the list.

[!NOTE]
If you integrate Microsoft 365 with Windows Server Essentials, additional tasks will become available. For more information, see Manage Online Accounts for Users.

User account tasks in the Dashboard

Managing passwords and access

The following topics provide information about how to use the Windows Server Essentials Dashboard to manage user account passwords and user access to the shared folders on the server:

• Change or reset the password for a user account

• What you should know about password policies

• Change the password policy

• Level of access to shared folders

• Retain and manage access to files for removed user accounts

• Synchronize the DSRM password with the network administrator password

• Give user accounts remote desktop permission

• Enable users to access resources on the server

• Change remote access permissions for a user account

• Change virtual private network permissions for a user account

• Change access to internal shared folders for a user account

• Allow user accounts to establish a remote desktop session to their computer

Change or reset the password for a user account

To change or reset a user account password, follow these steps.

To reset the password for a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to reset.

4. In the <User Account> Tasks pane, click Change the user account password. The Change User Account Password Wizard appears.

5. Type a new password for the user account, and then type the password again to confirm it.

6. Click Change password.

7. Provide the new password to the user.

   [!IMPORTANT]

   • You may not be able to change your password if the password policy for your account has been set to Passwords never expire.
     • Non-ASCII characters are not supported in Azure AD. Therefore, if your server is integrated with Azure AD, do not use any non-ASCII characters in your password.
     • If a Microsoft online account (known in Windows Server Essentials as a Microsoft 365 account) is assigned to the user, the password is synchronized with the online account password. The user will use the new password to sign in on the server or sign in to Microsoft 365. For more information, see Manage Online Accounts for Users.

What you should know about password policies

The password policy is a set of rules that define how users create and use passwords. The policy helps to prevent unauthorized access to user data and other information that is stored on the server. The password policy is applied to all user accounts that access the network.

The Windows Server Essentials password policy consists of three primary elements as follows:

• Password length. The longer a password is, the more secure it is. Blank passwords are not secure.

• Password complexity. Complex passwords contain a mixture of uppercase and lowercase letters (a-z, A-Z), base numbers (0-9), and non-alphabetic symbols (such as; !,@,#,_,-). Complex passwords are much less susceptible to unauthorized access. Passwords that contain user names, birthdates, or other personal information do not provide adequate security.

• Password age. Windows Server Essentials requires that users change their password at least once every 180 days. As an option, you can choose to have passwords never expire.

  To make it easier to implement a password policy on your computer network, Windows Server Essentials provides a simple tool that allows you to set or change the password policy to any of the following four pre-defined policy profiles:

• Weak. Users can specify any password that is not blank.

• Medium. These passwords must contain at least 5 characters. A complex password is not required.

• Medium Strong. These passwords must contain at least 5 characters, and must include letters, numbers, and symbols.

• Strong. These passwords must contain at least 7 characters, and must include letters, numbers, and symbols. These passwords are more secure, but may be more difficult for users to remember.

  [!NOTE]
  Passwords cannot contain the user name or email address.

  If you integrate with Microsoft 365, the integration enforces the Strong password policy, and updates the policy to include the following requirements:

  • Passwords must contain 8 �16 characters.
    • Passwords cannot contain a space or the Microsoft 365 email name.

  By default, server installation sets the default password policy to the Strong option.

Change the password policy

Use the following procedure to set or change the password policy to any of four pre-defined policy profiles.

To change the password policy

1. Open the Windows Server Essentials Dashboard, and then click Users.

2. In the Users Tasks pane, click Set the password policy.

3. On the Change the Password Policy screen, set the level of password strength by moving the slider.

   Microsoft recommends that you set the password strength to Strong.

   [!NOTE]
   As an option, you can also select Passwords never expire. This setting is less secure, and so it is not recommended.

4. Click Change policy.

Level of access to shared folders

As a best practice, you should assign the most restrictive permissions available that still allow users to perform required tasks.

You have three access settings available for the shared folders on the server:

• Read/Write. Choose this setting if you want to allow the user account permission to create, change, and delete any files in the shared folder.

• Read only. Choose this setting if you want to allow the user account permission to only read the files in the shared folder. User accounts with read-only access cannot create, change, or delete any files in the shared folder.

• No access. Choose this setting if you do not want the user account to access any files in the shared folder.

Retain and manage access to files for removed user accounts

The network administrator can remove a user account and choose to keep the user’s files for future use. In this scenario, the removed user account can no longer be used to sign in to the network; however, the files for this user will be saved in a shared folder, which can be shared with another user.

[!IMPORTANT]
Be aware that if you remove a user account that has a Microsoft online account assigned, the online account is also removed, and the user data, including email, is subject to data retention policies in Microsoft Online Services. To retain the user data for the online account, deactivate the user account instead of removing it. For more information, see Manage Online Accounts for Users.

To remove a user account but retain access to the user’s files

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to remove.

4. In the <User Account> Tasks pane, click Remove the user account. The Delete a User Account Wizard appears.

5. On the Do you want to keep the files? page, make sure that the Delete the files including File History backups and redirected folder for this user account check box is clear, and then click Next.

   A confirmation page appears warning you that are deleting the account but keeping the files.

6. Click Delete account to remove the user account.

   After the user account is removed, the administrator can give another user account access to the shared folder.

To give a user account permission to access a shared folder

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Storage, and then click the Server Folders tab.

3. In the list of folders, select the Users folder.

4. In the Users Tasks pane, click Open the folder. Windows Explorer opens and displays the contents of the Users folder.

5. Right-click the folder for the user account that you want to share, and then click Properties.

6. In <User Account> Properties, click the Sharing tab, and then click Share.

7. In the File Sharing window, type or select the user account name with whom you want to share the folder, and then click Add.

8. Choose the Permission Level that you want the user account to have, and then click Share.

Synchronize the DSRM password with the network administrator password

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. The operating system uses DSRM to log on to the computer if Active Directory fails or needs to be restored. If your network administrator password and the DSRM password are different, DSRM will not load.

During a clean, first-time installation of Windows Server Essentials, the program sets the DSRM password to the network administrator account password that you specify during setup or in the migration answer file. When you change your network administrator password (as recommended typically every 60 days for increased server security), the password change is not forwarded to DSRM. This results in a password mismatch. If this occurs, you can use the following solutions to manually or automatically synchronize your network administrator’s password with the DSRM password.

To manually synchronize the DSRM password to a network administrator account

1. At a command prompt, run ntdsutil.exe to open the ntdsutil tool.

2. To reset the DSRM password, type set dsrm password.

3. To synchronize the DSRM password on a domain controller with the current network administrator’s account, type:

   sync from domain account <current_network_administrator_account>, and then press Enter.

   Because you will periodically change the password for the network administrator account, to ensure that the DSRM password is always the same as the current password of the network administrator, we recommend that you create a schedule task to automatically synchronize the DSRM password to the network administrator password daily.

To automatically synchronize the DSRM password to a network administrator account

1. From the server, open Administrative Tools, and then double-click Task Scheduler.

2. In the Task Scheduler Actions pane, click Create Task.

3. In the Name text box, type a name for the task such as AutoSync DSRM Password, and then select the Run with highest privileges option.

4. Define when the task should run:

   1. In the Create Task dialog box, click the Triggers tab, and then click New.

   2. In the New Trigger dialog box, select your recurrence option, specify the recurrence interval, and choose a start time.

      [!NOTE]
      As a best practice, you should set the task to run daily during non-business hours.

   3. Click OK to save your changes and return to the Create Task dialog box.

5. Define the task actions:

   1. Click the Actions tab, and then click New. The New Action dialog box appears.

   2. In the Action list, click Start a program, and then browse to C:WINDOWSSYSTEM32ntdsutil.exe.

   3. In the Add arguments(optional) text box, type the following (you must include the quotation marks): set dsrm password sync from domain account SBS_network_administrator_account q q where SBS_network_administrator_account is the current network administrator’s account name.

6. Click OK twice to save the task and close the Create Task dialog box. The new task appears in the Active Tasks section of Task Schedule.

Give user accounts remote desktop permission

In the default installation of Windows Server Essentials, network users do not have permission to establish a remote connection to computers or other resources on the network.

Before network users can establish a remote connection to network resources, you must first set up Anywhere Access. After you set up Anywhere Access, users can access files, applications, and computers in your office network from a device in any location with an Internet connection.

The Set up Anywhere Access Wizard allows you to enable two methods of remote access:

• Virtual private network (VPN)

• Remote Web Access

  When you run the wizard, you can also choose to allow Anywhere Access for all current and newly added user accounts.

  To set up Anywhere Access, open the Dashboard Home page, click SETUP, and then click Set up Anywhere Access.

  For more information about Anywhere Access, see Manage Anywhere Access.

Enable users to access resources on the server

This section applies to a server running Windows Server Essentials or Windows Server Essentials, or to a server running Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter with the Windows Server Essentials Experience role installed.

If you want users to use remote access, and/or have individual user accounts, after you finish connecting a computer to the server, you can create new network user accounts for the users of the networked computer on the server by using the Dashboard. For more information about creating a user account, see Add a user account. After creating the user accounts, you must provide the network user name and password information to the users of the client computer so that they can access resources on the server by using the Launchpad.

For each user account that you create you can set access for the following through the user account properties:

• Shared folders. By default, network administrators have Read/Write permission to all the shared folders, and standard user accounts have Read-only permissions to the Company folder. If media streaming is enabled, you can assign folder access permissions for individual standard user accounts for the following shared folders: Music, Pictures, Recorded TV, and Videos. You can set permissions for user accounts to access shared folders on the Shared folders tab of the user account properties.

• Anywhere Access. By default, network administrators can use either VPN or Remote Web Access to access server resources. For standard user accounts, you must set user account permissions on the Anywhere Access tab.

• Computer access. By default, network administrators can access all the computers in the network. However, for standard user accounts you can set individual user account permissions for accessing computers on the network on the Computer access tab of the user account properties.

To edit user account properties in Windows Server Essentials 2012 R2

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account that you want to edit.

4. In the <User Account> Tasks pane, click View the account properties.

5. In the <User Account> Properties, do the following:

   1. On the Shared folders tab, set the appropriate folder permissions for each shared folder as needed.

   2. On the Anywhere Access tab:

      1. To allow a user to connect to the server by using VPN, select the Allow Virtual Private Network (VPN) check box.

      2. To allow a user to connect to the server by using Remote Web Access, select the Allow Remote Web Access and access to web services applications check box.

   3. On the Computer access tab, select the network computers that you would like the user to have access to.

To edit user account properties in Windows Server Essentials 2012

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account that you want to edit.

4. In the <User Account> Tasks pane, click Properties.

5. In the <User Account> Properties, do the following:

   1. On the General tab, select User can view network health alerts if the user account needs to access network health reports.

   2. On the Shared folders tab, set the appropriate folder permissions for each shared folder as needed.

   3. On the Anywhere Access tab:

      1. To allow a user to connect to the server by using VPN, select the Allow Virtual Private Network (VPN) check box.

      2. To allow a user to connect to the server by using Remote Web Access, select the Allow Remote Web Access and access to web services applications check box.

   4. On the Computer access tab, select the network computers that you would like the user to have access to.

Change remote access permissions for a user account

A user can access resources located on the server from a remote location by using a virtual private network (VPN), Remote Web Access, or other web services applications. By default, remote access permissions are turned on for network users when you configure Anywhere Access in Windows Server Essentials by using the Dashboard.

To change remote access permissions for a user account

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click Users.

3. In the list of user accounts, select the user account that you want to change.

4. In the <User Account> Tasks pane, click View the account properties. The Properties page for the user account appears.

5. On the Anywhere Access tab, do the following:

   • Select the Allow Virtual Private Network (VPN) check box to allow a user to connect to the server by using VPN.

   • Select the Allow Remote Web Access and access to web services applications check box to allow a user to connect to the server by using Remote Web Access.

6. Click Apply, and then click OK.

Change virtual private network permissions for a user account

You can use a virtual private network (VPN) to connect to Windows Server Essentials and access all your resources that are stored on the server. This is especially useful if you have a client computer that is set up with network accounts that can be used to connect to a hosted Windows Server Essentials server through a VPN connection. All the newly created user accounts on the hosted Windows Server Essentials server must use VPN to log on to the client computer for the first time.

To change VPN permissions for network users

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account to which you want to grant permissions to access the desktop remotely.

4. In the <User Account> Tasks pane, click Properties.

5. In the <User Account> Properties, click the Anywhere Access tab.

6. On the Anywhere Access tab, to allow a user to connect to the server by using VPN, select the Allow Virtual Private Network (VPN) check box.

7. Click Apply, and then click OK.

Change access to internal shared folders for a user account

You can manage access to any shared folders on the server by using the tasks on the Server Folders tab of the Dashboard. By default, the following server folders are created when you install Windows Server Essentials:

• Client Computer Backups. Used to store client computer backups created by Windows Server backup. This server folder is not shared.

• Company. Used to store and access documents related to your organization by network users.

• File History Backups. By default, Windows Server Essentials stores file backups created by using File History. This server folder is not shared.

• Folder Redirection. Used to store and access folders that are set up for folder redirection by network users. This server folder is not shared.

• Music. Used to store and access music files by network users. This folder is created when you turn on media sharing.

• Pictures. Used to store and access pictures by network users. This folder is created when you turn on media sharing.

• Recorded TV. Used to store and access recorded TV programs by network users. This folder is created when you turn on media sharing.

• Videos. Used to store and access videos by network users. This folder is created when you turn on media sharing.

• Users. Used to store and access files by network users. A user-specific folder is automatically generated in the Users server folder for every network user account that you create.

To change access to a shared folder for a user account

1. Open the Windows Server Essentials Dashboard.

2. Click STORAGE, and then click Server Folders.

3. Navigate to and select the server folder for which you want to modify permissions.

4. In the task pane, click View the folder properties.

5. In <FolderName> Properties, click Sharing, and select the appropriate user access level for the listed user accounts, and then click Apply.

   [!NOTE]
   You cannot modify the sharing permissions for File History Backups, Folder Redirection, and Users server folders. Hence, the folder properties of these server folders do not include a Sharing tab.

Allow user accounts to establish a remote desktop session to their computer

This section applies to a server running Windows Server Essentials or Windows Server Essentials, or to a server running Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter with the Windows Server Essentials Experience role installed.

The network administrator can grant permissions to network users that allow them to access their network computers from a remote location.

To enable users to access their network computers from a remote location

1. Open the Windows Server Essentials Dashboard.

2. On the navigation bar, click USERS.

3. In the list of user accounts, select the user account that you want to grant permissions for accessing the desktop remotely.

4. In the <User Account> Tasks pane, click Properties.

5. In the <User Account> Properties, click the Computer Access tab.

6. Select the computers that you want this user account to be able to access remotely, and then click OK.

Additional References

• Manage Online Accounts for Users

• Get Connected

• Use Windows Server Essentials

• Manage Windows Server Essentials