Exam 70-290: Objective 2.3

Before you can effectively start working with groups in Windows Server 2003, you need to first understand what groups are and why they are used. A group is a collection of user and/or computer accounts, contacts, and even other groups that are managed as a single object. The users and computers that belong to the group are known as group members. In Windows, as with most operating systems, groups are used to simplify the administrative process of assigning permissions and rights to a large number of user and computer accounts at the same time, resulting in these groups members having inherited (or implicit) permissions from the group. This is contrary to the older and more labor-intensive practice of applying permissions and rights directly to users, which are then known as explicit permissions.

A set of default groups is created during the installation of Windows Server 2003 on a computer and are known as local groups. Computers that are part of an Active Directory domain environment also have a set of default groups, but these are objects that reside within the Active Directory database structure. You can create additional groups as required for both workstation and domain-based computers. For the purposes of this discussion, assume that you are working in an Active Directory environment when creating and management of groups.

When using groups in Active Directory, you are provided with three major benefits:

• Security groups enable you to simplify and reduce administrative...