<p/> <A NAME="387"><H1>Lesson 2: Implementing Built-In Local Groups</H1></A> <p/>Windows 2000 has two categories of built-in groups: local and system. Built-in groups have a predetermined set of user rights or group membership. Windows 2000 creates these groups for you so you don't have to create groups and assign rights and permissions for commonly used functions.<p/> <font class=Quote>After this lesson, you will be able to</font> <p/>Describe the Microsoft Windows 2000 built-in groups.<p/> <p/><font class=Quote>Estimated lesson time: 10 minutes</font><p/><p/><A NAME="388"><h2>Built-In Local Groups</H2></A> <p/>All stand-alone servers, member servers, and computers running Windows 2000 Professional have built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources. Windows 2000 places the built-in local groups into the Groups folder in Computer Management.<p/>Table 11.2 describes the capabilities that members of the most commonly used built-in local groups have. Except where noted, there are no initial members in these groups.<p/><font class=Quote>Table 11.2</font> Built-In Local Groups<p/><table valign="top" cellpadding="5" width="95%"> <tr> <th>Local group</th> <th>Description</th> </tr> <tr> <td valign="top">Administrators</td> <td valign="top">Members can perform all administrative tasks on the computer. By default, the built-in Administrator user account for the computer is a member. <p/>When a member server or a computer running Client for Microsoft Networks joins a domain, Windows 2000 adds the Domain Admins group to the local Administrators group.<p/></td> </tr> <tr> <td valign="top">Backup Operators</td> <td valign="top">Members can use Windows Backup to back up and restore the computer.</td> </tr> <tr> <td valign="top">Guests</td> <td valign="top">Members can perform only tasks for which you have specifically granted rights and can gain access only to resources for which you have assigned permissions; members can't make permanent changes to their desktop environment. By default, the built-in Guest account for the computer is a member. <p/>When a member server or a computer running Client for Microsoft Networks joins a domain, Windows 2000 adds the Domain Guests group to the local Guests group.<p/></td> </tr> <tr> <td valign="top">Power Users</td> <td valign="top">Members can create and modify local user accounts on the computer and share resources.</td> </tr> <tr> <td valign="top">Replicator</td> <td valign="top">Supports file replication in a domain.</td> </tr> <tr> <td valign="top">Users</td> <td valign="top">Members can perform only tasks for which you have specifically granted rights and can gain access only to resources for which you have assigned permissions. By default, Windows 2000 adds local user accounts that you create on the computer to the Users group. When a member server or a computer running Windows 2000 Professional joins a domain, Windows 2000 adds the Domain Users group to the local Users group.</td> </tr> </table> <p/><A NAME="389"><h2>Built-In System Groups</H2></A> <p/>Built-in system groups exist on all computers running Windows 2000. System groups don't have specific memberships that you can modify, but they can represent different users at different times, depending on how a user gains access to a computer or resource. You don't see system groups when you administer groups, but they are available for use when you assign rights and permissions to resources. Windows 2000 bases system group membership on how the computer is accessed, not on who uses the computer. Table 11.3 describes the most commonly used built-in system groups.<p/><font class=Quote>Table 11.3</font> Commonly Used Built-In System Groups<p/><table valign="top" cellpadding="5" width="95%"> <tr> <th>System group</th> <th>Description</th> </tr> <tr> <td valign="top">Everyone</td> <td valign="top">Includes all users who access the computer. Be careful if you assign permissions to the Everyone group and enable the Guest account. Windows 2000 will authenticate a user who does not have a valid user account as Guest. The user automatically gets all rights and permissions that you have assigned to the Everyone group.</td> </tr> <tr> <td valign="top">Authenticated Users</td> <td valign="top">Includes all users with a valid user account on the computer (or if your computer is part of a domain, it includes all users in Active Directory directory services). Use the Authenticated Users group instead of the Everyone group to prevent anonymous access to a resource.</td> </tr> <tr> <td valign="top">Creator Owner</td> <td valign="top">Includes the user account for the user who created or took ownership of a resource. If a member of the Administrators group creates a resource, the Administrators group is owner of the resource.</td> </tr> <tr> <td valign="top">Network</td> <td valign="top">Includes any user with a current connection from another computer on the network to a shared resource on the computer.</td> </tr> <tr> <td valign="top">Interactive</td> <td valign="top">Includes the user account for the user who is logged on at the computer. Members of the Interactive group gain access to resources on the computer at which they are physically located. They log on and gain access to resources by &quot;interacting&quot; with the computer.</td> </tr> <tr> <td valign="top">Anonymous Logon</td> <td valign="top">Includes any user account that Windows 2000 didn't authenticate.</td> </tr> <tr> <td valign="top">Dialup</td> <td valign="top">Includes any user who currently has a dial-up connection.</td> </tr> </table> <p/><A NAME="390"><h2>Lesson Summary</H2></A> <p/>In this lesson, you learned that Windows 2000 has two categories of built-in groups: local and system. You also learned that built-in groups have a predetermined set of user rights or group membership. Windows 2000 creates these groups for you so you don't have to create groups and assign rights and permissions for commonly used functions.<p/> - Microsoft Windows 1002000 Professional [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Microsoft Windows 1002000 Professional [Electronic resources] - نسخه متنی

Rick Wallace

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید






Lesson 2: Implementing Built-In Local Groups


Windows 2000 has two categories of built-in groups: local and system. Built-in groups have a predetermined set of user rights or group membership. Windows 2000 creates these groups for you so you don't have to create groups and assign rights and permissions for commonly used functions.


After this lesson, you will be able to

Describe the Microsoft Windows 2000 built-in groups.


Estimated lesson time: 10 minutes

Built-In Local Groups


All stand-alone servers, member servers, and computers running Windows 2000 Professional have built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources. Windows 2000 places the built-in local groups into the Groups folder in Computer Management.

Table 11.2 describes the capabilities that members of the most commonly used built-in local groups have. Except where noted, there are no initial members in these groups.

Table 11.2 Built-In Local Groups






























Local groupDescription
AdministratorsMembers can perform all administrative tasks on the computer. By default, the built-in Administrator user account for the computer is a member.

When a member server or a computer running Client for Microsoft Networks joins a domain, Windows 2000 adds the Domain Admins group to the local Administrators group.

Backup OperatorsMembers can use Windows Backup to back up and restore the computer.
GuestsMembers can perform only tasks for which you have specifically granted rights and can gain access only to resources for which you have assigned permissions; members can't make permanent changes to their desktop environment. By default, the built-in Guest account for the computer is a member.

When a member server or a computer running Client for Microsoft Networks joins a domain, Windows 2000 adds the Domain Guests group to the local Guests group.

Power UsersMembers can create and modify local user accounts on the computer and share resources.
ReplicatorSupports file replication in a domain.
UsersMembers can perform only tasks for which you have specifically granted rights and can gain access only to resources for which you have assigned permissions. By default, Windows 2000 adds local user accounts that you create on the computer to the Users group. When a member server or a computer running Windows 2000 Professional joins a domain, Windows 2000 adds the Domain Users group to the local Users group.

Built-In System Groups


Built-in system groups exist on all computers running Windows 2000. System groups don't have specific memberships that you can modify, but they can represent different users at different times, depending on how a user gains access to a computer or resource. You don't see system groups when you administer groups, but they are available for use when you assign rights and permissions to resources. Windows 2000 bases system group membership on how the computer is accessed, not on who uses the computer. Table 11.3 describes the most commonly used built-in system groups.

Table 11.3 Commonly Used Built-In System Groups


































System groupDescription
EveryoneIncludes all users who access the computer. Be careful if you assign permissions to the Everyone group and enable the Guest account. Windows 2000 will authenticate a user who does not have a valid user account as Guest. The user automatically gets all rights and permissions that you have assigned to the Everyone group.
Authenticated UsersIncludes all users with a valid user account on the computer (or if your computer is part of a domain, it includes all users in Active Directory directory services). Use the Authenticated Users group instead of the Everyone group to prevent anonymous access to a resource.
Creator OwnerIncludes the user account for the user who created or took ownership of a resource. If a member of the Administrators group creates a resource, the Administrators group is owner of the resource.
NetworkIncludes any user with a current connection from another computer on the network to a shared resource on the computer.
InteractiveIncludes the user account for the user who is logged on at the computer. Members of the Interactive group gain access to resources on the computer at which they are physically located. They log on and gain access to resources by "interacting" with the computer.
Anonymous LogonIncludes any user account that Windows 2000 didn't authenticate.
DialupIncludes any user who currently has a dial-up connection.

Lesson Summary


In this lesson, you learned that Windows 2000 has two categories of built-in groups: local and system. You also learned that built-in groups have a predetermined set of user rights or group membership. Windows 2000 creates these groups for you so you don't have to create groups and assign rights and permissions for commonly used functions.

/ 156