Embed Size (px)
Citation preview
by Rashid Khan
Lesson 8-Crowd Control: Controlling Access to Resources Using Groups
by Rashid Khan
Overview Windows Server 2003 group accounts. Manage folder, file, and printer access. Troubleshoot share and access control
problems.
by Rashid Khan
Windows Server 2003 Group Accounts Group accounts are used to assign
permissions to groups of users. Windows Server 2003 offers domain local
groups, global groups, and universal groups.
by Rashid Khan
Windows Server 2003 Group Accounts Group scope and membership rules. Best practices for using group accounts.
by Rashid Khan
Group Scope and Membership Rules The scope of a group determines:
The group’s ability to access resources within the logical structure of the network.
The accounts that can join a group as a member, and whether or not each group can join other groups.
by Rashid Khan
Group Scope and Membership Rules
Domain Local Groups Scope and Membership Rules
by Rashid Khan
Group Scope and Membership Rules
Global Groups Scope and Membership Rules
by Rashid Khan
Group Scope and Membership Rules
Universal Groups Scope and Membership Rules
by Rashid Khan
Best Practices for Using Group Accounts Group accounts are created in the Active
Directory. Most group management tasks are
performed using the group’s properties dialog box.
by Rashid Khan
Best Practices for Using Group Accounts
Group’s Properties dialog box
by Rashid Khan
Best Practices for Using Group Accounts Domain local groups can be used to
represent the resources being shared on the network.
Global groups should be used to hold user and/or computer accounts that are similar in function and/or their need to access resources.
Universal groups are used to provide users in one domain access to resources in any other domain in the forest.
by Rashid Khan
Manage Folder, File, and Printer Access Share permissions NTFS permissions Printer permissions
by Rashid Khan
Share Permissions
Permissions dialog box for a shared folder
by Rashid Khan
Share Permissions The Read permission enables users to:
Run programs. Open and view data files. View the names of all files and folders within
the shared folder.
by Rashid Khan
Share Permissions The Change permission enables users to:
Change data files. Add and remove files and subfolders within the
shared folder.
by Rashid Khan
Share Permissions Full Control permission is used to:
Change permissions on the shared folder. Add new users and set their access level.
by Rashid Khan
NTFS Permissions NTFS permissions:
Determine what users can do with the files and folders stored on an NTFS-formatted hard drive.
Apply whether the files or folders are accessed over the network or locally.
by Rashid Khan
NTFS Permissions Standard permissions Special permissions Inheritance Ownership Effective permissions
by Rashid Khan
Standard Permissions
NTFS permissions for a folder
by Rashid Khan
Standard Permissions
NTFS Standard Permissions As They Apply to Folders and Files
by Rashid Khan
Special Permissions
Advanced Security Settings dialog box for a folder
by Rashid Khan
Special Permissions
Permission Entry dialog box for a folder
by Rashid Khan
Inheritance By default, all permissions applied to the
parent folder are inherited by the files and subfolders it contains.
Inheritance can be modified through the Advanced Security Settings dialog box.
by Rashid Khan
Ownership The Owner tab is used to change the
owner of a file or folder. By default, the ownership of a file or folder
belongs to the account that created it.
by Rashid Khan
Effective Permissions The Effective Permissions tab provides a
quick analysis of the effective permission for a user or group account.
Effective permission is the overall effect of all combined permissions inherited from group membership.
by Rashid Khan
Printer Permissions Standard printer permissions. Special printer permissions.
by Rashid Khan
Standard Printer Permissions The standard printer permissions are:
Print Manage Printers Manage Documents
by Rashid Khan
Standard Printer Permissions
Printer permissions are found on the Security tab of the printer’s properties dialog box.
by Rashid Khan
Special Printer Permissions
Special printer permissions
by Rashid Khan
Troubleshoot Share and Access Control Problems Check share and NTFS partitions. Use the Effective Permissions utility.
by Rashid Khan
Troubleshoot Share and Access Control Problems Check group membership. Check special permissions.
by Rashid Khan
Summary Windows Server 2003 offers domain local
groups, global groups, and universal groups.
Share and NTFS permissions must be properly configured for file and folder resources to be usable.
Share permissions include Read, Change, and Full Control.
by Rashid Khan
Summary NTFS standard permissions include Write, Read,
List Folder Contents, Read & Execute, Modify, and Full Control.
The standard printer permissions are Print, Manage Printers, and Manage Documents.
Aspects such as share and NTFS permissions, group membership, and special permissions must be checked to troubleshoot share and access control problems.
