Escolar Documentos
Profissional Documentos
Cultura Documentos
Primary groups are used by NT to be sure that users are members of at least one group. The users default primary group is "Domain Users". The user must first be added to another group to remove them from the domain users group. Groups must be managed from the PDC although it can be done remotely.
Local Groups - Are only used on the local computer. The windows server's local administration can only be managed by local administrators. They may contain o Local user accounts o This domain user accounts o Trusted domain user accounts o This Domain Global Groups o Trusted Domains' global groups They may not contain other local groups.
Global Groups - It can be used across domains. They may contain: o Domain user accounts, they may not contain user accounts from trusted domains.
Local groups can exist on workstations, member servers, and domain controllers (PDC and BDC). Local groups reside on NT systems only (servers and workstations). NT workstations and Member servers only contain local groups. Domain controllers contain local and global groups. Global Groups - Are used on the domain across the network and applies to all computers in the domain. Global groups can only reside on PDCs and BDCs. Adding users/global groups to local groups on a domain PDC gives rights to perform that group's rights (such as backup operators local group) on BDCs also.
Therefore any global groups must be added to the local groups on domain controllers for access. These machines come initially configured with some global groups as members of local groups such as GLOBAL ADMINS is a member of the local ADMINISTRATORS group. Only PDCs or BDCs can be
used to create global groups unless domain client software is installed on the workstation or server. May contain:
Domain Admins - It is automatically a member of the administrators local group on all machines that are a member of the domain. This way global administrators may remotely administer any machine in the domain. It initially contains the Administrator user account. Domain Users - Contains all created domain user accounts. On the domain controller, this group is a member of the users local group. It initially contains all users in the domain except for guests. Domain Guests - Contains the domain Guest account.
Account Operators - This group has privileges to to create and manage local and global users and groups in the domain. This group can also shut down the domain controller. This group is only on domain controllers. Administrators - Those who administer the domain and the server. It initially contains the DOMAIN ADMINS global group. Backup Operators - Those who can save file to tape backup media. This group is on all NT servers. Print Operators - This local group can control the sharing of printers, along with shutting down the domain controller. Replicator - Used to perform directory replication. This group is on all NT servers. Server Operators - Basically this group can do anything on the NT server. They can format the hard drive, restore or backup files or
directories, create and control shared directories, control the sharing of printers, lock/unlock the server, shut down the domain controller locally or remotely, and modify the system time. Users - Those who use the server. Guests - Should be empty
Administrators and server operators can create network shares. A password can't be specified for a network share.
Special Groups
Special groups are managed by the operating system.
Everyone Guests - Anonomous users that don't have an account. This group is part of the everyone group, do be sure not to give the everyone group access to sensitive data.
Administrator Rights
Access the security log. Backup and restore files and directories. Change time. Control user rights.
Create and remove network shares. Create and remove printer shares. Create local groups and manage them. Create global groups and manage them. Create user accounts and manage them. Format the hard drive on the server. Keep a local profile on the server. Log on locally. Lock the server and bypass the lock. Manage auditing. Shutdown the system locally or remotely. Take ownership of files. Use the network to access servers.
Backup and restore files and directories. Change time. Create and remove network shares. Create and remove printer shares? Create local groups and manage them. Keep a local profile on the server. Log on locally. Lock the server and bypass the lock. Shutdown the system locally or remotely.
Add computer accounts to a domain. Create local groups and manage them. Create global groups and manage them. Create user accounts and manage them. Keep a local profile on the server. Log on locally. Shutdown the system locally. Cannot manage Administrator accounts, or Administrators, backup operators, server operators, print operators, account operators local groups or any members of these groups or any global groups in these groups. They cannot administer security policies.
Create and remove printer shares. Keep a local profile on the server. Log on locally. Shutdown the system locally.
Backup and restore files and directories. Keep a local profile on the server. Log on locally. Shutdown the system locally.
Replicator Groups
Actual users are not placed in this group, only a user for the replicator service.
Add computers to the domain - Administrators and Server Operators. Use the "Add workstations and member servers to domain" right to give users this right exclusively. Audit log and security log viewing - Administrators Back up and restore files and directories - Administrators, Server Operators, Backup Operators Change time - Administrators, Server Operators. Load and unload device drivers - Administrators. Local log on - Administrators, Server Operators, Account Operators, Print Operators, Backup Operators Shut the system down - Administrators, Server Operators, Account Operators, Print Operators, Backup Operators Shut the system down remotely - Administrators, Server Operators. Take ownership of files and folders - Administrators