Sunday, October 28, 2012

Chapter 9 Working with Workgroups and Domains


 
 
Authentication - verify ID - "Can I see your ID please"
Authorization - giving permission - cashier enters code in register granting permission for purchase
User rights - this is not a part of permissions - specific OS tasks that can be performed by designated users or system admin:
·         Backups
·         System shut down
·         Allow log on through terminal services
Groups - giving permissions by using groups instead of individual users is less work for administrators; easier to give and take away permissions.
Two way of assigning permissions in Windows depending on experience/expertise
·         User accounts - for inexperienced users
·         Local users and groups - full access to local users and groups for the more experienced user

Three main user profiles:
·         Local - automatically created
·         Roaming - stored on shared server - accessible from anywhere on network
·         Mandatory - roaming profile that is a read-only profile - users can change how it looks while they are logged on - once they log off, the profile reverts back to original setup
Domain vs. workgroup
·         Main difference - users log on to domain once rather than each computer individually
·         Access network resources, the individual computer hosting the resource send authorization requests to the domain controller rather than handing all requests
Properties sheet for local users has 3 tabs where the domain user properties sheet has 15 allowing significantly more information about user and network resources.
Local groups that are built-in can have their properties modified, change names and new permissions, but it's a better to leave the built-ins with the default. Create your own and assign permissions needed. See table on page 332 for built-in local groups and their capabilities. Local groups are defined by what they cannot do:
·         Can only be used on computer where they were created
·         Local users from same computer can be members of local groups
·         When computer is part of AD DS domain - local groups can have domain users and domain global groups as members
·         Local groups can't have other local groups as members - domain groups can be members
·         Assign permissions to local groups only when controlling access to resources on local computer
·         If windows server is functioning as a domain controller - can't create local groups here
Special identity - placeholder for users with similar characteristics - see page 333 for table of Special Identities and their constituents

No comments:

Post a Comment