1 / 14

Setting Up Group Accounts

Setting Up Group Accounts Overview Introduction to Groups Planning a Group Strategy Creating Local and Global Groups Implementing Built-in Groups Best Practices Permissions Global Group “Sales” Local Group “Resources” Resources 3 Introduction to Groups

jaden
Download Presentation

Setting Up Group Accounts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Setting Up Group Accounts

  2. Overview • Introduction to Groups • Planning a Group Strategy • Creating Local and Global Groups • Implementing Built-in Groups • Best Practices

  3. Permissions Global Group “Sales” Local Group “Resources” Resources 3 Introduction to Groups • Groups Are Collections of User Accounts • Group Members Get All Group Permissions and Rights • Local Groups Provide Access to Resources and Rights to Perform System Tasks • Global Groups Organize Users

  4. Local Groups Global Groups Provide users with permissions or rights Organize domain users • Can include (from any domain): • User accounts • Global groups Can only include user accounts in the domain where it resides Cannot include other local groups Cannot contain local or global groups Are assigned permissions and rights in the local domain Are added to a local group to give its members rights On a computer running Windows NT Workstation or a member server, can only be assigned to local resources Are not assigned to local resources On a PDC, can be assigned resourceson any domain controller in the domain Must be created on a PDC in the domain where the accounts reside Local and Global Groups Summary

  5. Planning a Group Strategy • Logically Organize Users Based on Common Needs • Create Global Groups, and then Add User Accounts • Create Local Groups Based on Resource Access Needs • Assign Permissions to Local Groups • Add Global Groups to Local Groups

  6. User Manager - DOMAIN1 User View Policies Options Help User New User... New Global Group... New Local Group... Copy... F8 Delete Del Rename... Properties... Enter Select Users... Select Domain Exit New Global Group... Creating Local and Global Groups • You Must Be a Member of the Administrators or Account Operators Group • You Can Create Local Groups on Any Computer Running Windows NT • You Create Global Groups on a PDC from Any Computer Running User Manager for Domains • Group Names Must Be Unique to the Domain

  7. New Global Group OK Quebec Group Name: Cancel Quebec domain users Description: Help Members: Not Members: Account adminstra Acctman Linda Kobora Linda Sandy Alto Sandy Ryan Calafato Ryan Kathryn Yusi Kathryn Susan Stevenson Susan Rick Wallace Rick Administrator Eric Blondel Eric Account admin... Acctman < - Add Remove - > 3 Creating Global Groups

  8. New Local Group Sales OK Group Name: Add Users and Groups Sales Personnel Description: Domains List Names From: CLASSROOM* Members: Names: StefanH Account Operators Members can administer domain user an Administrators Members can fully administer the comput Backup Operators Members can bypass file security to bac Domain Admins Designated administrators for the domain Domain Guests All domains guests Domain Users All domains users Everyone All Users Guests Users granted guest access to the comp Add Show Users Members... Search... Add Names: CLASSROOM\Domain Users Type of Access: Read 3 OK Cancel Help Creating Local Groups

  9. User Manager - DOMAIN_A User View Policies Options Help User New User... New Global Group... New Local Group... Copy... F8 Delete Del Rename... Properties... Enter Select Users... Select Domain Exit Delete Del Deleting Groups • Deleting a Group: • Permanently removes permissions and rights associated with it • Does not delete the member user accounts

  10. User Rights Policy Computer: User-1 OK Right: Access this computer from network Cancel Help Grant to: Everyone Power Users Administrators Add... Remove Show Advanced User Rights Implementing Built-in Groups • Built-in Local Groups • Give users rights to perform system tasks • Built-in Global Groups • Give administrators a way of controlling domain resources • System Groups • Organize users for system use • Membership is automatic and cannot be modified

  11. Users Ordinary users Administrators Windows NT Server Domain Controller Administrator Guests Guest Power Users Windows NT Server Member Server No members Backup Operators No members 3 Windows NT Workstation Built-in Groups on All Windows NT–Based Computers

  12. Local Groups Global Groups Users Account Operators Server Operators Domain Users Domain Users Printer Operators Administrators Domain Admins Domain Admins Guests Domain Guests Domain Guests Domain Controller Built-in Groups on Domain Controllers Only

  13. Built-in System Groups • Reside on All Computers • Membership Cannot Be Modified • Users Become Members Automatically During Network Activity • Two Key System Groups • Everyone • Creator Owner

  14. Use Domain Users Instead of Everyone (Medium and High Security) Add Domain Admins from Other Domains to Local Administrators Assign Rights to Users Only If Built-in Groups Don’t Meet Your Needs Add Users to Built-in Groups that Are Most Restrictive 3 Best Practices

More Related