Wednesday, April 16, 2008

Assigning User Rights for Windows 2000, Server 2003, and XP continue...

If you are familiar with the complete list of rights used by Windows NT, you'll see that the privileges that Windows Server 2003 uses are similar to those, with a few additions. These are the privileges you can use with Windows Server 2003:

  • Debug programs—Thisright allows a programmer to do low-level debugging. It is helpful for applications developers and administrators. However, as in most networks, this right should be granted only on laboratory or development systems, and not on a production server. It is not a good idea to allow application development to be performed on the same computer that is a production server that network users make use of. The reason for this is obvious. The application being tested or created on a development system can potentially cause the server to crash, or corrupt data.
  • Manage auditing and security log—This right lets the user determine those objects and resources that will be recorded in the security log file, and view the events produced by the auditing.

Each of the previous privileges can be enabled for specific user accounts or groups. Some of these rights, however, are granted to groups by default. For example, the Backup Operators group can use the backup utility to back up files to offline storage, despite the protections that are in place for these files. This does not, however, give the Backup Operators group the capability of viewing or modifying files. Members of this group can just use the backup utility to save files to another media, such as a tape.

Internet 2010

No comments:

Internet Blogosphere