Real Time Os
21
Name Licens e Sourc e mod el Target usage Stat us Platforms Abassi propri etary close d embedde d acti ve AVR, Coldfire, Cortex-M3, MSP 430, PIC32, 8051 AMX RTOS ? ? embedde d ? 680x0, 683xx, ARM, ColdFire, MIPS32, PowerPC ARTOS (Locamati on) propri etary ? embedde d acti ve x86 ARTOS (Robotu) propri etary ? embedde d acti ve ARM9+ Atomthrea ds BSD open sourc e embedde d acti ve AVR, STM8 AVIX propri etary close d embedde d acti ve Atmel AT91SAM3(U/S), Energy Micro EFM32, NXP LPC13x/LPC17x, ST MicroSTM32, Texas Instruments LM3S, Toshiba TMPM330, Microchip PIC32MX, Microchip PIC24F, PIC24H, dsPIC30F & dsPIC33F BeRTOS modifi edGNU GPL open sourc e embedde d acti ve DSP56K, I196, IA32, ARM, AVR BRTOS MIT Licens e open sourc e embedde d acti ve Freescale Coldfire V1, Freescale HCS08, Texas Instruments MSP430 and Atmel ATMEGA328/128 (Port for PIC18 in development CapROS GNU GPL open sourc e embedde d acti ve IA32, ARM9 ChibiOS/ RT Modifi edGNU GPL or propri etary open sourc e embedde d, smallfo otprint acti ve x86, ARM7, ARM9, Cortex-M0, C ortex-M3, Cortex-M4, PowerPC e200z, STM8,AVR, MSP430, Cold fire, H8S ChorusOS ? ? ? ? ? CMX RTOS propri etary ? embedde d acti ve IA32, ARM, AVR, H8, PIC, 8051 cocoOS BSD open embedde acti AVR, MSP430
-
Upload
willbark2day -
Category
Documents
-
view
181 -
download
5
Transcript of Real Time Os
Name License Source model
Target usage
Status Platforms
Abassi proprietary
closed embedded
active AVR, Coldfire, Cortex-M3, MSP430, PIC32, 8051
AMX RTOS ? ? embedded
? 680x0, 683xx, ARM, ColdFire, MIPS32, PowerPC
ARTOS (Locamation)
proprietary
? embedded
active x86
ARTOS (Robotu)
proprietary
? embedded
active ARM9+
Atomthreads BSD open source
embedded
active AVR, STM8
AVIX proprietary
closed embedded
active Atmel AT91SAM3(U/S), Energy Micro EFM32, NXP LPC13x/LPC17x, ST MicroSTM32, Texas Instruments LM3S, Toshiba TMPM330, Microchip PIC32MX, Microchip PIC24F, PIC24H, dsPIC30F & dsPIC33F
BeRTOS modifiedGNU GPL
open source
embedded
active DSP56K, I196, IA32, ARM, AVR
BRTOS MIT License
open source
embedded
active Freescale Coldfire V1, Freescale HCS08, Texas Instruments MSP430 and Atmel ATMEGA328/128 (Port for PIC18 in development
CapROS GNU GPL open source
embedded
active IA32, ARM9
ChibiOS/RT ModifiedGNU GPL orproprietary
open source
embedded, smallfootprint
active x86, ARM7, ARM9, Cortex-M0, Cortex-M3, Cortex-M4, PowerPC e200z, STM8,AVR, MSP430, Coldfire, H8S
ChorusOS ? ? ? ? ?CMX RTOS proprieta
ry ? embedde
dactive IA32, ARM, AVR, H8, PIC, 8051
cocoOS BSD open source
embedded
active AVR, MSP430
Concurrent CP/M
proprietary
closed (meanwhile: open source)
general purpose
defunct
8080, Z80, 8086
Concurrent DOS
proprietary
closed general purpose
defunct
8086, 286, 386, 68000, (also 8080/Z80 in dual-processor variants)
Contiki BSD open source
embedded
active MSP430, AVR
COS proprieta closed process defunc GEC 4000 series
ry control tDeos proprieta
ryclosed safety
criticalactive x86, PowerPC, PowerQUICC
DioneOS proprietary
available for licensee
embedded
active Texas Instruments MSP430, MSP430x
DNIX proprietary
closed general purpose
defunct
68000
GEC DOS proprietary
closed process control
defunct
GEC 4000 series
DrRtos free? open? ? active? ARM7DSPnano RTOS
Open Source and Commercial
Open Source
MCU, DSC, DSP SoC
active R8C, M16C, PIC24, dsPIC33
DSOS ? ? ? defunct
TI-980A minicomputer
eCos modifiedGNU GPL
open source
general purpose
active ARM/XScale, CalmRISC, 68000/Coldfire, fr30, FR-V, H8, IA32, MIPS, MN10300, OpenRISC, PowerPC, SPARC, SuperH, V8xx
eCosPro modifiedGNU GPLand eCosPro license
open source with non-free portions
general purpose
active ARM/XScale, CalmRISC, 68000/Coldfire, fr30, FR-V, H8, IA32, MIPS, MN10300, NIOS2, OpenRISC, PowerPC, SPARC, SuperH, V8xx
embOS proprietary
closed embedded
active 8/16/32 bit processors
Embox BSD License
open source
embedded
active ARM, LEON, MicroBlaze, x86
ERIKA Enterprise
GPL+Linking exception
Open Source
embedded
active ARM7, H8 (Hitachi), Nios2 (Altera), PIC24/dsPIC/PIC32 (Microchip), ST10 (ST Microelectronics)/C167 (Infineon), PPC z7 Mamba, AVR, Tricore1, Mico32, S12XS, H8
EROS GPL open source
experimentalresearch use
dormant
IA32
Femto OS GPLv3 open source
embedded
active AVR
FlexOS proprietary
closed general purpose
defunct
186, 286, 386, V60, V70, 68000
FreeOSEK GPLv3 open source
embedded
active Posix, Windows, ARM7
FreeRTOS modifiedGNU
open source
embedded
active ARM, AVR, AVR32, Freescale ColdFire, HCS12, IA32, MicroBlaze, MSP430, PIC,
GPL Renesas H8/S, 8052, STM32FunkOS modified
Sleepycat license
open source
embedded
active AVR, MSP430, Cortex-M3
Fusion RTOS free ? semi-general purpose
active ARM, Blackfin, StarCore, DSP 56800E
HeartOS proprietary
closed safety critical
active x86, PowerPC, PowerQUICC
Helium free ? ? ? Open-Source RTOS for HCS08 & AVR MCUsHP-1000/RTE ? ? ? ? ?Hybridthreads
? open source
FPGA active Xilinx Virtex-II Pro ML310, Xilinx Virtex-II Pro XUP
IBM 4680 OS proprietary
closed general purpose
defunct
286
IBM 4690 OS proprietary
closed general purpose
active 286, 386
INTEGRITY proprietary
closed embedded
active ARM, XScale, Blackfin, Freescale ColdFire, MIPS, PowerPC, x86
IntervalZero RTX
proprietary
closed MS Windows extension
active x86
ITRON, uITRON, microITRON
varies varies embedded
active ARM, MIPS, x86, and others
ioRTOS proprietary
closed embedded, safety critical
active TI TMS320 Families (x2812, c6416)
iRTOS GNU LGPL
open source
embedded
active AVR, ARM7
LynxOS proprietary
source code available
embedded
active Motorola 68010, x86/IA-32, ARM, Freescale PowerPC, PowerPC 970, LEON3
MaRTE OS GNU GPL open source
embedded
active IA-32
MAX II,IV proprietary
? ? ? Modcomp II,IV,...
MenuetOS ? ? ? ? ?Milos GNU GPL open
sourceembedded
active Cortex-M3
MP/M proprietary
closed (meanwhile: open source)
general purpose
defunct
8080, Z80, 8086
MQX proprieta compli embedde active Freescale Power, ColdFire, Kinetis Cortex
ry mentary source code available
d ARM, List of Freescale products,
MERT ? ? ? inactive
PDP-11
Multiuser DOS
proprietary
closed general-purpose
defunct
386
Nano-RK mixed open source
embedded
active AVR, MSP430
Neutrino proprietary
some source code provided
microkernel
active ARM, MIPS, PPC, SH, x86, XScale
Nokia OS ? ? embedded GSM devices
? ARM
Nucleus OS proprietary
source code provided
embedded
active ARM (Cortex-M3, M4, R4, R4F, A8, A9, ARM7, ARM9, ARM11), PowerPC, MIPS32, MIPS16e, microMIPS, Coldfire, SuperH
NuttX RTOS BSD open source
embedded, small footprint
active Linux user mode, ARM7, ARM9, 8052, SH-1, Renesas MC16C/26, Zilog Z16F, Zilog eZ80 Acclaim!, Zilog Z8Encore!, Z80, partial ports for MIPS
On Time RTOS-32
proprietary
source code available
embedded
active 32/64-bit x86
OS4000 proprietary
closed process control
maintenance only
GEC 4000 series
OpenRTOS proprietary?
source code available
embedded
active see FreeRTOS
OSA BSD open source
embedded
active PIC10-PIC24, AVR 8bit, STM8
OSE proprietary
closed general purpose
active ARM, PowerPC, MIPS, IXP2400, TI OMAP, …
OS-9 proprietary
available to customers
embedded
active ARM/strongARM, MIPS, PowerPC, SuperH, x86/Pentium, XSCALE, Motorola 6809, Motorola 68000-series
OSEK n/a specific embedde active engine control units
ation dPhar Lap ETS ? ? ? ? ?PaulOS GNU GPL open
sourceembedded
? ?
PICOS18 GNU GPL open source
embedded
? PIC18
picoOS Modified BSD License
open source
embedded
discontinued
6502, 80x86, ARM7, AVR, PowerPC
Phoenix-RTOS
GNU GPL open source
embedded
? ARM7, X86, PowerPC
PikeOS proprietary
available to customers
safety critical, virtualization
active PPC, x86, ARM, MIPS, SPARC/Leon, SuperH
Portos proprietary
source code provided
embedded, small footprint
active DSP/BIOS (ARM soon)
POK BSD open source
embedded
active x86, PowerPC, SPARC
PowerTV proprietary
? ? ? ?
Prex BSD open source
microkernel
active ARM, IA32
pSOS proprietary
? ? discontinued
Motorola 680x, Motorola 68000
QNX mixed ? general purpose
active IA32, MIPS, PowerPC, SH-4, ARM, StrongARM, XScale
Q-Kernel proprietary
available to customers
embedded
active PIC-30, PIC-24, dsPIC, PIC32MX
QP Open Source and Commercial
Open Source
MCU, DSC, DSP SoC
active ARM7/9, ARM Cortex-M3/Cortex-M0, MSP430, TMS320C28x, AVR, AVRXmega, ColdFire, 68HC08, M16C/R8C, H8, 8051, 80251, PIC18, PIC24/dsPIC33, Nios II, PSoC1
RDOS proprietary
? general purpose
defunct
Data General Nova, Data General Eclipse
ReaGOS proprietary
closed, available with license
embedded
active x86, ATmega, ARM, portable
REAL/32 proprietary
closed general-purpose
active 386
Real-time GPLv2 open general active same as Linux
Linux (CONFIG_RT_PREEMPT)
source purpose
RMX ? ? ? active 8080, 8086, 80386 or higherRSX-11 proprieta
ry ? ? histori
cPDP-11
RT-11 proprietary
? general purpose
defunct
PDP-11
RTAI GNU GPL open source
general purpose
active x86, ARM
RTEMS modifiedGNU GPL
open source
embedded
active ARM, Blackfin, ColdFire, TI C3x/C4x, H8/300, x86, 68k, MIPS, Nios II, PowerPC, SuperH, SPARC, ERC32, LEON, Mongoose-V
rt-kernel mixed available to customers
embedded
active ARM7, ARM9, Cortex-M3, Cortex-A8, Blackfin, PowerPC, Windows (simulation)
RTLinux GNU GPL open source
general purpose
active same as Linux
RT-Thread GPLv2 open source
embedded
active ARM, IA-32, AVR32,M16C, MIPS
RTXC Quadros
proprietary
source available
embedded
active ARM - Atmel/Freescale/NXP/ST/TI, Blackfin, Coldfire/68K, PowerPC, StarCore, TI/Luminary Stellaris, TI OMAP, XScale
Salvo proprietary
closed embedded
active 8051, ARM ARM7TDMI and Cortex-M3, Atmel AVR and Mega AVR, Epson S1C17, Motorola M68HC11, TI MSP430, PICmicro 12/14000/16/17/18, PIC24, dsPIC, PIC32, TMS320C2000
SCIOPTA proprietary
closed, source available
embedded, safety related
active ARM, Cortex-M3, Cortex-M0, XScale, PowerPC, ColdFire, HCS12, M16C,MSP430, Windows(simulation)
scmRTOS free open source
embedded
active ARM, Cortex-M3, Blackfin, MSP430, AVR
SDPOS GNU LGPL
open source
embedded
active ARM, Cortex-M3, Blackfin, PIC18, PIC24, i386 win32/linux synthetic targets
SHaRK GNU GPL open source
? ? ?
SimpleAVROS
GPLv3 open source
embedded
active, beta
AVR only
SINTRAN III ? ? ? ? Norsk Data computersSirius RTOS proprieta
ryavailable under license
embedded
active x86, i386+, ARM, 68k, 8051, ...
SMX RTOS proprietary
available under license
embedded
active ARM, Cortex, ColdFire, PowerPC, x86, ...
SOOS Project free open source
embedded
active, beta
H8/300
Symbian OS Eclipse Public License
open source
embedded
active ARM
Talon DSP RTOS
proprietary
? embedded DSP
active TMS320
TargetOS proprietary
available to customers
embedded
? ARM, Freescale ColdFire, Freescale PowerPC
T-Kernel free under T-License
source available
embedded RTOS
active ARM/MIPS/SH/others
THEOS ? ? ? ? ?ThreadX proprieta
ryavailable to customers
? active ARC, ARM/Thumb, AVR32, BlackFin, ColdFire/68K, H8/300H, Luminary Micro Stellaris, M-CORE, MicroBlaze, PIC24/dsPIC, PIC32, MIPS, V8xx, Nios II, PowerPC, SH, SHARC, StarCore, STM32, StrongARM, TMS320C54x, TMS320C6x, x86/x386, XScale, Xtensa/Diamond, ZSP
Trampoline Operating System (OSEK and AUTOSAR)
GNU LGPL
open source
embedded
active AVR, H8/300H, POSIX, NEC V850e, ARM7, Infineon C166, HCS12 or PowerPC
TNKernel BSD open source
embedded
active ARM, PIC24/dsPIC, HCS08
Transaction Processing Facility
proprietary
? general purpose
active IBM System/360 derivatives
TRON Project
open? mixed mixed active any: not an implementation, but a specification
TUD:OS GNU GPL open source
? ? IA-32
Unison RTOS Open Source and Commercial
Open Source
MCU, DSC, DSP SoC
active Pic32, ARM Cortex (TI Stellaris, ST STM32, NXP LPC1700), SH2A, SH2AFPU, R32C, MIPS4K, {SHARC, Coldfire, TMS320, Altera NIOS, Xilinx Microblaze, Proprietary}
µC/OS-II proprietary
Available under license
embedded
active ARM7/9/11/Cortex M1/3, AVR, HC11/12/S12, Coldfire, Blackfin, Microblaze, NIOS, 8051, x86, Win32, H8S,
M16C, M32C, MIPS, 68000, PIC24/dsPIC33/PIC32, MSP430, PowerPC, SH, StarCore, STM32, …
µC/OS-III proprietary
Available under license
embedded
active ARM7/9/11/Cortex M1/3, AVR, HC11/12/S12, Coldfire, Blackfin, Microblaze, NIOS, 8051, x86, Win32, H8S, M16C, M32C, MIPS, 68000, PIC24/dsPIC33/PIC32, MSP430, PowerPC, SH, StarCore, STM32, …
UNIX-RTR ? ? ? ? PDP-11uSmartx ? open
sourceembedded
? ARM7TDMI, AVR, H8
µTasker proprietary
Open-code. Free for non-commercial or with support license
embedded
active Coldfire M522XX, AVR32, SAM7X, Luminary Micro, LPC2XXX, STR91X, NE64
u-velOSity ? ? microkernel
active ?
velOSity ? ? ? active Power Architecture, ARM/XScale, MIPS, x86/Pentium, ColdFire, Blackfin, OMAP, DaVinci
VRTX ? ? ? ? ARM, MIPS, PowerPC, RISCVxWorks proprieta
ry ? embedde
dactive ARM, IA32, MIPS, PowerPC, SH-4,
StrongARM, xScaleWindows CE proprieta
ryMicrosoft Shared Source
embedded
active x86, MIPS, ARM, SuperH
Xenomai GPLv2 Open Source
general active x86, x86_64, PowerPC, ARM, Analog Devices Blackfin BF52x, BF53x, BF54x and BF56x
xPC Target proprietary
closed real-time testing/embedded
active x86
Y@SOS GNU LGPL
Open Source
embedded
active Cortex-M3, STM32
MontaVista Linux
? ? embedded
active ?
µnOS ? ? ? historic
Motorola 68k
uOS GNU GPL Open Source
embedded
active AVR, ARM, MIPS32, MSP430, Intel i386, Linux386
An early example of a large-scale real-time operating system was the Transaction Processing
Facility developed by American Airlines and IBM for the Sabre Airline Reservations System.
Currently the best known, most widely deployed, real-time operating systems are[citation needed]
LynxOS
OSE
QNX
RTLinux
VxWorks
Windows CE
Authentication mechanisms
An authentication mechanism defines rules about security information, such as whether a credential is forwardable to another Java process, and the format of how security information is stored in both credentials and tokens.
Authentication is the process of establishing whether a client is who or what it claims to be in a particular context. A client can be either an end user, a machine, or an application. An authentication mechanism in WebSphere Application Server typically collaborates closely with a user registry. The user registry is the user and groups account repository that the authentication mechanism consults with when performing authentication. The authentication mechanism is responsible for creating a credential, which is an internal product representation of a successfully authenticated client user. Not all credentials are created equally. The abilities of the credential are determined by the configured authentication mechanism.
Although this product provides multiple authentication mechanisms, you can configure only a single active authentication mechanism at one time. The active authentication mechanism is selected when configuring WebSphere Application Server global security.
Authentication processThe figure demonstrates the authentication process. Authentication is required for enterprise bean clients and Web clients when they access protected resources. Enterprise bean clients, like a servlet or other enterprise beans or a pure client, send the authentication information to a Web application server using one of the following protocols:
Common Secure Interoperability Version 2 (CSIv2) Secure Authentication Service (SAS)
Note:
Web clients use the HTTP or HTTPS protocol to send the authentication information, as shown in the previous figure.
The authentication data can be from a basic authentication (user ID and password), a credential token (in the case of Lightweight Third Party Authentication (LTPA)), or a client certificate. The Web authentication is performed by the Web Authentication module.
The enterprise bean authentication is performed by the Enterprise JavaBean (EJB) authentication module, which resides in the CSIv2 and SAS layer.
The enterprise bean authentication is performed by the Enterprise JavaBean (EJB) authentication module
The authentication module is implemented using the Java Authentication and Authorization Service (JAAS) login module. The Web authenticator and the EJB authenticator pass the authentication data to the login module (2), which can use the following mechanisms to authenticate the data:
LTPA Simple WebSphere Authentication Mechanism (SWAM)
The authentication module uses the registry that is configured on the system to perform the authentication (4). Three types of registries are supported: local OS, Lightweight Directory Access Protocol (LDAP), and custom registry. External registry implementation following the registry interface that is specified by IBM can replace either the local OS or the LDAP user registry.
The login module creates a JAAS subject after authentication and stores the credential that is derived from the authentication data in the public credentials list of the subject. The credential is returned to the Web authenticator or to the enterprise beans authenticator (5).
The Web authenticator and the enterprise beans authenticator store the received credentials in the Object Request Broker (ORB) current for the authorization service to use in performing further access control checks. If the credentials are forwardable, they are sent to other application servers.
The first type authentication is accepting proof of identity given by a credible person which has evidence
on the said identity or on the originator and the object under assessment as his artifact respectively.
The second type authentication is comparing the attributes of the object itself to what is known about
objects of that origin. For example, an art expert might look for similarities in the style of painting, check
the location and form of a signature, or compare the object to an old photograph. An archaeologist might
use carbon dating to verify the age of an artifact, do a chemical analysis of the materials used, or
compare the style of construction or decoration to other artifacts of similar origin. The physics of sound
and light, and comparison with a known physical environment, can be used to examine the authenticity of
audio recordings, photographs, or videos.
Attribute comparison may be vulnerable to forgery. In general, it relies on the fact that creating a forgery
indistinguishable from a genuine artifact requires expert knowledge, that mistakes are easily made, or that
the amount of effort required to do so is considerably greater than the amount of money that can be
gained by selling the forgery.
In art and antiques certificates are of great importance, authenticating an object of interest and value.
Certificates can, however, also be forged and the authentication of these pose a problem. For instance,
the son of Han van Meegeren, the well-known art-forger, forged the work of his father and provided a
certificate for its provenance as well; see the article Jacques van Meegeren.
Criminal and civil penalties for fraud, forgery, and counterfeiting can reduce the incentive for falsification,
depending on the risk of getting caught.
The third type authentication relies on documentation or other external affirmations. For example,
the rules of evidence in criminal courts often require establishing the chain of custody of evidence
presented. This can be accomplished through a written evidence log, or by testimony from the police
detectives and forensics staff that handled it. Some antiques are accompanied by certificates attesting to
their authenticity. External records have their own problems of forgery and perjury, and are also
vulnerable to being separated from the artifact and lost.
Currency and other financial instruments commonly use the first type of authentication method. Bills,
coins, and cheques incorporate hard-to-duplicate physical features, such as fine printing or engraving,
distinctive feel, watermarks, and holographic imagery, which are easy for receivers to verify.
Consumer goods such as pharmaceuticals, perfume, fashion clothing can use either type of
authentication method to prevent counterfeit goods from taking advantage of a popular brand's reputation
(damaging the brand owner's sales and reputation). A trademark is a legally protected marking or other
identifying feature which aids consumers in the identification of genuine brand-name goods.
[edit]Authentication factors and identity
AUTHENTOCATION ALGO
Windows Vista and later operating systems support the following 802.11 authentication algorithms:
IEEE 802.11 Open System algorithm.
IEEE 802.11 Shared Key algorithm.
Wi-Fi Protected Access (WPA) algorithm. This algorithm is supported only for infrastructure basic
service set (BSS) networks.
WPA algorithm that uses preshared keys (PSK). This algorithm is supported only for
infrastructure BSS networks.
IEEE 802.11i Robust Security Network Association (RSNA) algorithm. This algorithm is supported
only for infrastructure BSS networks.
IEEE 802.11i RSNA algorithm that uses PSK. This algorithm is supported for infrastructure BSS
networks. This algorithm is also supported for independent BSS (IBSS) networks when used in
conjunction with the AES-CCMP cipher algorithm.
Data authentication
Common
functionsMD5 · SHA-1 · SHA-2
Functions FSB · SHA-3 · ECOH · GOST · HAS-160 · HAVAL · LM hash · MDC-2 · MD2 · MD4 · N-Hash · RadioGatún · RIPEMD
SHA-3 finalists BLAKE · Grøstl · JH · Keccak · Skein
MAC algorithms DAA · CBC-MAC · HMAC · OMAC/CMAC · PMAC · VMAC · UMAC · Poly1305-AES
Authenticated
encryption modesCCM · CWC · EAX · GCM · IAPM · OCB
Attacks Collision attack · Preimage attack · Birthday attack · Brute force attack · Rainbow table · Distinguishing attack · Side-channel attack
Misc. Avalanche effect · Hash collision · Merkle–Damgård construction · Salt
Standardization CRYPTREC · NESSIE · NIST hash function competition
Authorization Strategies
Authorization controls user access to resources. Using access control lists (ACLs), security groups, and NTFS file permissions, you can make sure that users have access only to needed resources, such as files, drives, network shares, printers, and applications.
Security Groups
Security groups, user rights, and permissions can be used to manage security for numerous resources while maintaining fine-grained control of files and folders and user rights. The four main security groups include:
Domain local groups Global groups Universal groups Computer local groups
Using security groups can streamline the process of managing access to resources. You can assign users to security groups, and then grant permissions to those groups. You can add and remove users in security groups according to their need for access to new resources. To create local users and place them within local security groups, use the Computer Management snap-in of MMC or the User Accounts option in Control Panel.
Within the domain local and computer local security groups there are preconfigured security groups to which you can assign users.
Administrators
Members of this group have total control of the local computer and have permissions to complete all tasks. A built-in account called Administrator is created and assigned to this group when Windows Vista is installed. When a computer is joined to a domain, the Domain Administrators group is added to the local Administrators group by default.
Power Users
Members of this group have read/write permissions to other parts of the system in addition to their own profile folders, can install applications, and can perform many administrative tasks. Members of this group have the same level of permissions as Users and Power Users in Windows XP Professional.
Users
Members of this group are authenticated users with read-only permissions for most parts of the system. They have read/write access only within their own profile folders. Users cannot read other users' data (unless it is in a shared folder), install applications that require modifying system directories or the registry, or perform administrative tasks.
Guests
Members of this group can log on using the built-in Guest account to perform limited tasks, including shutting down the computer. Users who do not have an account on the computer or whose account has been disabled (but not deleted) can log on using the Guest account. You can set rights and permissions for this account, which is a member of the built-in Guests group by default. The Guest account is enabled by default.
You can configure access control lists (ACLs) for resource groups or security groups and add or remove users or resources from these groups as needed. The ability to add and remove users makes user permissions easier to control and audit. It also reduces the need to change ACLs.
You can grant users permissions to access files and folders, and specify what tasks users can perform on them. You can also allow permissions to be inherited, so that permissions for a folder apply to all its subfolders and the files in them.
Group Policy
You can use Group Policy settings to assign permissions to resources and grant rights to users as follows:
To restrict which types of users can run certain applications. This reduces the risk of exposing the computer to unwanted applications, such as viruses.
To configure many rights and permissions for client computers. You can also configure rights and permissions on an individual computer to be used as the base image for desktop installations, to ensure standardized security management even if you do not use Active Directory.
Auditing features allow you to detect attempts to disable or circumvent protections on resources.
You can use preconfigured security templates that meet the security requirements for a given workstation or network. Security templates are files with preset security settings that can be applied to a local computer or to client computers in a domain by using Active Directory.
