Authentication - verify ID - "Can I
see your ID please"
Authorization - giving permission -
cashier enters code in register granting permission for purchase
User rights - this is not a part of
permissions - specific OS tasks that can be performed by designated users or
system admin:
·
Backups
·
System shut down
·
Allow log on
through terminal services
Groups - giving permissions by using
groups instead of individual users is less work for administrators; easier to
give and take away permissions.
Two way of assigning permissions in
Windows depending on experience/expertise
·
User accounts -
for inexperienced users
·
Local users and
groups - full access to local users and groups for the more experienced user
Three main user profiles:
·
Local -
automatically created
·
Roaming - stored
on shared server - accessible from anywhere on network
·
Mandatory -
roaming profile that is a read-only profile - users can change how it looks
while they are logged on - once they log off, the profile reverts back to
original setup
Domain vs. workgroup
·
Main difference -
users log on to domain once rather than each computer individually
·
Access network
resources, the individual computer hosting the resource send authorization
requests to the domain controller rather than handing all requests
Properties sheet for local users has 3
tabs where the domain user properties sheet has 15 allowing significantly more
information about user and network resources.
Local groups that are built-in can have
their properties modified, change names and new permissions, but it's a better to
leave the built-ins with the default. Create your own and assign permissions
needed. See table on page 332 for built-in local groups and their capabilities.
Local groups are defined by what they cannot do:
·
Can only be used
on computer where they were created
·
Local users from
same computer can be members of local groups
·
When computer is
part of AD DS domain - local groups can have domain users and domain global
groups as members
·
Local groups
can't have other local groups as members - domain groups can be members
·
Assign permissions
to local groups only when controlling access to resources on local computer
·
If windows server
is functioning as a domain controller - can't create local groups here
Special identity - placeholder for users
with similar characteristics - see page 333 for table of Special Identities and
their constituents
No comments:
Post a Comment