Data Network Resource
       Earn on the Web


16. Setting Up Group Accounts




A group is a collection of user accounts that take on the permissions of the group account. Local Groups are used to grant permissions to users to access network resources and perform certain system tasks. There are some built-in local groups. Global Groups are used to organise user accounts typically used in multi-domain networks where users need to access resources in different domains. They are always created on the PDC in the domain where the account resides.

You cannot place global groups into global groups nor can you place local groups into local groups. You can put global groups into local groups. A good rule is Accounts -> Global -> Local -> Permissions.

The printer has to be attached to the Member server that the local group is connected because the local group is only available domain-wide when it is on a domain controller.

Follow these guidelines:

  • Logically organise users based on common needs
  • Create global groups then add user accounts
  • Create local groups based on resource access needs
  • Assign permissions to local groups
  • Add global groups to local groups

Groups are set up using User Manager for Domains. NT Workstation uses User Manager and cannot create Global groups only local groups. To create a group you must be a member of the Administrators or Acount Operators group. The local group can be created from any NT machine. A global groupmcan be created from any machine running User Manager for domains. Under the User menu select create New Global grup or New Local Group.

Type the Global group name (up to 20 characters) and a description. Select the users in the Not Members box and add them to the Members box. For the Local group you need to describe the function of the group (up to 256 characters). when you click on Add, the Add Users and Groups box appears. If you wish to add global groups from another domain, then select the domain from the List Names From box and the group.

There are three types of built-in groups:

  • Built-in Local Groups - on all NT computers these are Users, Administrators, Guests, Backup Operators and Replicators. On domain controllers there are also Account operators, Server operators and Printer Operators.
  • Built-in Global groups - on domain controllers and these are Domain Admins, Domain Users and Domain Guests.
  • System Groups - on all NT workstations automatically assign users for system use. These are Everyone, Creator Owner, Network and Interactive.


Valid HTML 4.01 Transitional




Earn on the Web    


All rights reserved. All trademarks, logos, and copyrights are property of their respective owners.