1 Module 4 Setting Up Group Accounts. 2 Overview Introduction to Groups Planning a Group Strategy...
-
Upload
anne-powell -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Module 4 Setting Up Group Accounts. 2 Overview Introduction to Groups Planning a Group Strategy...
1
Module 4
Setting Up Group Accounts
2
Overview
Introduction to Groups
Planning a Group Strategy
Creating Local and Global Groups
Implementing Built-in Groups
Best Practices
3
Introduction to Groups
Groups Are Collections of User Accounts
Group Members Get All Group Permissions and Rights
Local Groups Provide Access to Resources and Rights to Perform System Tasks
Global Groups Organize Users
ResourcesResources Global Group“Sales”
Global Group“Sales”
PermissionsPermissionsPermissionsPermissions
Local Group“Resources”Local Group“Resources”
4
Local and Global Groups Summary
Local GroupsLocal GroupsLocal GroupsLocal Groups
Provide users with permissions or rightsProvide users with permissions or rights
Can include (from any domain): User accounts Global groups
Can include (from any domain): User accounts Global groups
Cannot include other local groupsCannot include other local groups
Are assigned permissions and rights in the local domainAre assigned permissions and rights in the local domain
On Windows NT Workstation or member server, can only be assigned to local resources
On Windows NT Workstation or member server, can only be assigned to local resources
On a PDC, can be assigned resourceson any domain controller in the domain
On a PDC, can be assigned resourceson any domain controller in the domain
Organize domain users Organize domain users
Global GroupsGlobal GroupsGlobal GroupsGlobal Groups
Can only include user accounts in the domain where it residesCan only include user accounts in the domain where it resides
Cannot contain local or global groupsCannot contain local or global groups
Are added to a local group to give its members rightsAre added to a local group to give its members rights
Are not assigned to local resourcesAre not assigned to local resources
Must be created on a PDC in the domain where the accounts resideMust be created on a PDC in the domain where the accounts reside
5
Planning a Group Strategy
Logically Organize Users Based on Common Needs Create Global Groups and Add User Accounts Create Local Groups Based on Resource Access Needs Assign Permissions to Local Groups Add Global Groups to Local Groups
6
Creating Local and Global Groups
You Must Be a Member of Administrators or Account Operators Group
You Can Create Local Groups on Any Windows NT Computer
You Create Global Groups on a PDC from Any Computer Running User Manager for Domains
Group Names Must Be Unique to the Domain
User Manager - DOMAIN1
User View Policies Options HelpUser
New User...
New Global Group...
New Local Group...
Copy... F8Delete DelRename...Properties... EnterSelect Users...
Select Domain
Exit
New Global Group...
7
Creating Global Groups
New Global Group
QuebecGroup Name:
Description: Quebec domain users
OK
Cancel
HelpMembers:
Eric Blondel Eric
< - Add
Remove - >
Not Members:
Account adminstra AcctmanLinda Kobora LindaSandy Alto SandyRyan Calafato RyanKathryn Yusi KathrynSusan Stevenson SusanRick Wallace RickAdministrator
Account adminstraAcctman
8
Creating Local GroupsNew Local Group
SalesGroup Name:
Description:
Show Full Names
Add...
Remove
Members:
StefanH
OK
Cancel
Help
Sales Personnel Add Users and Groups
Names:List Names From:
Administrators Members can fully administer the computAccount Operators Members can administer domain user an
CancelOK Help
Backup Operators Members can bypass file security to bacDomain Admins Designated administrators for the domainDomain Guests All domains guests
Everyone All UsersGuests Users granted guest access to the comp
Type of Access:
CLASSROOM\Domain Users
Show UsersAddAdd Members...Members... Search...
Add Names:
CLASSROOM*
Read
Domain Users All domains users
DomainsDomainsDomainsDomains
9
Deleting Groups
New User...
New Global Group...
New Local Group...
Copy... F8Delete DelRename...Properties... EnterSelect Users...
Select Domain
Exit
Delete Del
User Manager - DOMAIN_A
User View Policies Options HelpUser
Deleting a Group:
Permanently removes permissions and rights associated with it
Does not delete the member user accounts
10
Implementing Built-in Groups
Built-in Local Groups
Give users rights to perform system tasks
Built-in Global Groups
Give administrators a way of controlling domain resources
System Groups
Organize users for system use
Membership is automatic and cannot be modified
User Rights Policy
Show Advanced User Rights
Computer: User-1
Cancel
OK
Help
Add...
Remove
Grant to:
EveryonePower Users
Administrators
Right: Access this computer from network
11
Built-in Groups on All Windows NT Computers
UsersUsersUsersUsers
Ordinary usersOrdinary users
AdministratorsAdministratorsAdministratorsAdministrators
AdministratorAdministrator
GuestsGuestsGuestsGuests
GuestGuest
Backup Backup OperatorsOperatorsBackup Backup
OperatorsOperators
No membersNo members
Power UsersPower UsersPower UsersPower Users
No membersNo members
Windows NT ServerDomain Controller
Windows NT ServerDomain Controller
Windows NT ServerMember Server
Windows NT ServerMember Server
Windows NT WorkstationWindows NT Workstation
12
Built-in Groups on Domain Controllers Only
Domain ControllerDomain Controller
Local GroupsLocal Groups
Account OperatorsAccount
Operators
PrinterOperators
PrinterOperators
ServerOperators
ServerOperators
Global GroupsGlobal Groups
UsersUsersUsersUsers
DomainUsers
AdministratorsAdministratorsAdministratorsAdministrators
DomainAdmins
GuestsGuestsGuestsGuests
DomainGuests
DomainUsers
DomainUsers
DomainGuests
DomainGuests
DomainAdminsDomainAdmins
13
Built-in System Groups
Reside on All Computers
Membership Cannot Be Modified
Users Become Members Automatically During Network Activity
Two Key System Groups
Everyone
Creator Owner
14
Best Practices
Add Users to Built-in Groups that Are Most RestrictiveAdd Users to Built-in Groups that Are Most Restrictive
Add Domain Admins from Other Domains to Local Administrators Add Domain Admins from Other Domains to Local Administrators
Assign Rights to Users Only If Built-in Groups Don’t Meet Your NeedsAssign Rights to Users Only If Built-in Groups Don’t Meet Your Needs
Use Domain Users Instead of Everyone (Medium and High Security)Use Domain Users Instead of Everyone (Medium and High Security)
15
Review
Introduction to Groups
Planning a Group Strategy
Creating Local and Global Groups
Implementing Built-in Groups
Best Practices