Wednesday, April 16, 2008

Assigning User Rights for Windows 2000, Server 2003, and XP

Users who are logged in to a Windows 2000, Server 2003, or XP computer can be granted rights by the administrator of the computer. If the user logs in to a domain account instead of the local computer, a domain administrator can manage these rights. Rights granted to an account that resides on an individual Windows computer protect access to resources on that computer only. The security information for the computer is stored locally, in the Security Accounts Manager (SAM) database, and applies only to resources on that local system.

Accounts that are created on a domain controller can be used when assigning user rights to resources on computers throughout the domain. And, by placing users into groups, you can easily manage a number of users who need the same access to resources or the same rights. This is done by granting the rights to the group, instead of individual users. If a user needs access to resources that are not granted by the group membership, you can place the user in more than one group. Because groups enable you to simplify granting rights to users, the following discussion will concentrate on those rights.

Internet 2010

Starting with Windows 2000, most Administrative Tools are snap-ins for the Microsoft Management Console (MMC). By using the MMC to create management tools, you'll find it easy to switch from one MMC console to the next, without having to relearn the mechanics of the particular utility. For example, when using MMC you'll find two panes on the screen. The left pane contains a tree of objects that can be managed. An Action menu presents you with functions you can perform. The right pane is used to display different kinds of information, based on the particular utility and the actions you take. The MMC allows you to create new utilities by installing a snap-in that is appropriate for the functions you need to perform. However, most of the tasks you will use to manage thecomputer or domain have already been set up as an MMC application. Other snap-ins, which are used for more sensitive operations, such as altering the Active Directory schema, must be created by installing the snap-in.

Windows NT defined certain basic rights you could grant to a user account, as well as a set of rights that were granular. The basic rights were simply combinations of these granular rights. In Windows Server 2003, rights have been divided into two categories. These are logon rights and privileges. Logon rights are few in number, and can generally be used to manage most users or groups.

These logon rights are listed here:


No comments:

Internet Blogosphere