Administering Groups
**********************
A group is a collection of user accounts.
Two group types:
Security
Distribution
**********************
Windows Server 2003 uses only security groups.
A security group has all the capabilities of a distribution group.
Applications use distribution groups as lists for nonsecurity-related functions. Such as sending email messages to a group of users at the same time. Only programs that are designed to work with Active Directory can use distribution groups.
**********************
Group Scopes
When you create a group, you must select a group type and a group scope. There are four group scopes: local groups, domain local groups, global groups, and universal groups.
Universal groups are only available if your domain functional level is set to the Windows 2000 native domain functional level.
**********************
Default Groups
Windows Server 2003 has four categories of default groups:
Groups in the Buitin folder
Groups in the Users folder
Special identity groups
Default local groups
**********************
Windows Server 2003 bases special identity group membership on how the computer is accessed, not on who uses the computer.
**********************
The Everyone Group and the Anonymous User Group
In Windows Server 2003, the Anonymous Logon group is no longer a member of the Everyone group.
**********************
Implementing Groups
You can use universal groups to grant or deny access to resources that are located in more than one domain.
**********************
Group Nesting
Group nesting refers to placing one group in another, so that the group becomes a member of parent group.
**********************
Creating Groups
You can use Active Directory Users and Computers console in Administrative Tools or the dsadd commandline utility to create groups.
You can use the dsmod command-line utility to modify one or more existing groups.
No comments:
Post a Comment