SSH Tectia Server does not need a user management program of its own – the user accounts are created with the standard Windows User Manager.

	Note
	User login requires the rights to log on locally and access this computer from the network. On domain controllers, these rights are disabled by default. If SSH Tectia Server has been installed on a domain controller, the log on locally and access this computer from the network permissions must be enabled on the domain controller for the Domain Users group.

The following general considerations apply to the username handling irrespective of which user authentication method you use: password, public keys, certificates, keyboard-interactive, or GSSAPI.

	Note
	SSH Tectia Server 5.2 (and later) on Windows treats logon usernames differently depending on whether the server machine is a part of a Windows Domain or not.

Normally when logging on to a server, you specify the machine and optionally your username, for example:

$ sshg3 win-server

OR

$ sshg3 user@win-server

If the Windows server belongs to a domain, the username is assumed to be a domain username (or if you have not specified a username, your local username is assumed to be a domain username on the remote machine). In this case, the above examples are equal to specifying:

On a Windows client:

> sshg3.exe DOMAIN\user@win-server

On a Unix client, the backslash has to be escaped:

$ sshg3 DOMAIN\\user@win-server

If the Windows server does not belong to a domain, the username is assumed to be a local username (or if you have not specified a username, your local username is assumed to be a local username on the remote machine). In this case, the above examples are equal to specifying:

On a Windows client:

> sshg3.exe MACHINE\user@win-server

On a Unix client, the backslash has to be escaped:

$ sshg3 MACHINE\\user@win-server

If you want to log on to a Windows Domain machine using a local account, you have to explicitly specify the local machine name as the domain part of the username, as shown above.