16. Setting Up Group Accounts
A group is a collection of user accounts that take on the permissions of the group account.
Local Groups are used to grant permissions to users to access network resources and perform
certain system tasks. There are some built-in local groups. Global Groups are used to
organise user accounts typically used in multi-domain networks where users need to access resources
in different domains. They are always created on the PDC in the domain where the account resides.
You cannot place global groups into global groups nor can you place local groups
into local groups. You can put global groups into local groups. A good rule is Accounts ->
Global -> Local -> Permissions.
The printer has to be attached to the Member server that the local group is connected because the
local group is only available domain-wide when it is on a domain controller.
Follow these guidelines:
- Logically organise users based on common needs
- Create global groups then add user accounts
- Create local groups based on resource access needs
- Assign permissions to local groups
- Add global groups to local groups
Groups are set up using User Manager for Domains. NT Workstation uses User Manager and cannot create Global groups
only local groups.
To create a group you must be a member of the Administrators or Acount Operators group. The local group can
be created from any NT machine. A global groupmcan be created from any machine running User Manager for domains.
Under the User menu select create New Global grup or New Local Group.
Type the Global group name (up to 20 characters) and a description. Select the users in the Not Members
box and add them to the Members box. For the Local group you need to describe the function of the group
(up to 256 characters). when you click on Add, the Add Users and Groups box appears. If you wish to
add global groups from another domain, then select the domain from the List Names From box and the
group.
There are three types of built-in groups:
- Built-in Local Groups - on all NT computers these are Users, Administrators,
Guests, Backup Operators and Replicators.
On domain controllers there are also Account operators, Server operators and Printer Operators.
- Built-in Global groups - on domain controllers and these are Domain Admins, Domain Users
and Domain Guests.
- System Groups - on all NT workstations automatically assign users for system use. These are Everyone, Creator
Owner, Network and Interactive.
|