Friends
mercredi 30 janvier 2008
Security Groups
Security groups, which represent collections of user accounts, are another type of security principal. (A security principal is any entity that can be authenticated. In Windows XP or Windows 2000, a user, group, computer, or service can be a security principal.) Security groups provide a way to organize user accounts into groups of users with similar security needs. For example, you might want to create a security group at home for the kids in your family; in the office, you might create a group that includes all the people in the accounting department. You can then assign security permissions to the group rather than to individual users. A user account can belong to one group, more than one group, or no group at all.
Groups are a valuable tool for administering security. They simplify the job of ensuring that all user accounts with common access needs have an identical set of privileges. Although you can grant privileges to each user account individually, doing so is tedious and prone to error—and usually considered poor practice. You're better off assigning permissions and rights to groups and then adding user accounts to the group with the appropriate privileges.
Security Groups and Account Types
--------------------------------------------------------------------------------
You'll encounter the term security group in Windows NT and Windows 2000, but it's less apparent in Windows XP. Although the function and use of security groups remain largely the same, in Windows XP you're more likely to see the term account type, particularly when you run the User Accounts tool from Control Panel. Account type is a simplified way of describing membership in a security group. Although you can have any number of security groups—indeed, a default installation of Windows XP Professional has nine built-in groups and you can create more—Windows XP categorizes each user account as one of only four account types:
Computer administrator. Members of the Administrators group are classified as computer administrator accounts.
Limited. Members of the Users group are classified as limited accounts.
Guest. Members of the Guests group are shown as guest accounts.
Unknown. A user account that is not a member of the Administrators, Users, or Guests group appears (somewhat alarmingly) as an Unknown account type. Because accounts you create through User Accounts in Control Panel are assigned to the Administrators group or the Users group, you'll see the Unknown account type only if you upgraded from an earlier version of Windows (for example, new users in Windows 2000 are assigned by default to the Power Users group) or if you use the Windows 2000-style User Accounts application, the Local Users And Groups console, or the Net Localgroup command to manage group membership.
There's nothing wrong with "unknown" accounts, and if you need to use other security groups to classify the user accounts on your computer, you should do so. In User Accounts, all the usual account-management tasks are available for accounts of Unknown type, but if you want to view or change group membership, you'll need to use one of the other account-management tools: Local Users And Groups, the Windows 2000-style Users Accounts, or the Net Localgroup command. We describe all three of these tools in detail in "Managing User Accounts for Security."
Security groups, which represent collections of user accounts, are another type of security principal. (A security principal is any entity that can be authenticated. In Windows XP or Windows 2000, a user, group, computer, or service can be a security principal.) Security groups provide a way to organize user accounts into groups of users with similar security needs. For example, you might want to create a security group at home for the kids in your family; in the office, you might create a group that includes all the people in the accounting department. You can then assign security permissions to the group rather than to individual users. A user account can belong to one group, more than one group, or no group at all.
Groups are a valuable tool for administering security. They simplify the job of ensuring that all user accounts with common access needs have an identical set of privileges. Although you can grant privileges to each user account individually, doing so is tedious and prone to error—and usually considered poor practice. You're better off assigning permissions and rights to groups and then adding user accounts to the group with the appropriate privileges.
Security Groups and Account Types
--------------------------------------------------------------------------------
You'll encounter the term security group in Windows NT and Windows 2000, but it's less apparent in Windows XP. Although the function and use of security groups remain largely the same, in Windows XP you're more likely to see the term account type, particularly when you run the User Accounts tool from Control Panel. Account type is a simplified way of describing membership in a security group. Although you can have any number of security groups—indeed, a default installation of Windows XP Professional has nine built-in groups and you can create more—Windows XP categorizes each user account as one of only four account types:
Computer administrator. Members of the Administrators group are classified as computer administrator accounts.
Limited. Members of the Users group are classified as limited accounts.
Guest. Members of the Guests group are shown as guest accounts.
Unknown. A user account that is not a member of the Administrators, Users, or Guests group appears (somewhat alarmingly) as an Unknown account type. Because accounts you create through User Accounts in Control Panel are assigned to the Administrators group or the Users group, you'll see the Unknown account type only if you upgraded from an earlier version of Windows (for example, new users in Windows 2000 are assigned by default to the Power Users group) or if you use the Windows 2000-style User Accounts application, the Local Users And Groups console, or the Net Localgroup command to manage group membership.
There's nothing wrong with "unknown" accounts, and if you need to use other security groups to classify the user accounts on your computer, you should do so. In User Accounts, all the usual account-management tasks are available for accounts of Unknown type, but if you want to view or change group membership, you'll need to use one of the other account-management tools: Local Users And Groups, the Windows 2000-style Users Accounts, or the Net Localgroup command. We describe all three of these tools in detail in "Managing User Accounts for Security."
0 Comments:
Funny Blogs
Blogger Roll
Free Software
