Chapter 12: Windows NT Groups

Chapter 12: Windows NT Groups

Overview

A large user population will generate a constant flow of demands for changing rights on a user?s account and permissions on resources. The same changes will often need to be applied to several accounts at the same time. Windows NT provides a convenient way to grant rights and assign permissions for several accounts in one operation by treating them as a group.

A Windows NT Group is an object stored in the account database of a domain (SAM) that enables a set of user accounts to be treated as a single entity. For example, by assigning to a group the right to be able to set the system time, all user accounts in that group receive the right. This is clearly very efficient when compared to assigning the right to each of the accounts in the group individually.

Similarly, the access control list on a resource object can include groups. Setting resource access permissions for a group in a single operation is more convenient than setting the resource access permissions for each account in the group.

Tests for group membership can be made in scripts or from a program, allowing actions to be taken dependent upon which groups a user is a member of. However groups are used it is critical that there is a convention associated with their usage or they will ultimately become a burden and not a benefit. As groups and group usage are closely related to the domain structure...

< Previous Excerpt Next Excerpt >

Purchase This Book

Windows NT Infrastructure Design

TABLE OF CONTENTS

Chapter 12: Windows NT Groups

Contact Preferences

This is embarrasing...

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

This is embarrasing...