Encore Two User Manual - AMS Neve

Encore Two User Manual Issue 1Appendix A: Default Security SettingsBefore modifying any security settings, it is important to take intoconsideration the default settings.There are three fundamental levels of security granted to users. These aregranted to end users through membership in the Users, Power Users, orAdministrators groups.AdministratorsAdding users to the Users group is the most secure option, because thedefault permissions allotted to this group do not allow members to modifyoperating system settings or other user's data.However, level permissions often do not allow the user to successfully runlegacy applications. The members of the Users group are only guaranteedto be able to run programs that have been certified for Windows.For more information on the Certified for Windows Program, see theMicrosoft Web site. (http://msdn.microsoft.com).As a result, only trusted personnel should be members of this group.Ideally, administrative access should only be used to:• Install the operating system and components (such as hardwaredrivers, system services, and so on).• Install Service Packs and Windows Packs.• Upgrade the operating system.• Repair the operating system.• Configure critical operating system parameters (such as passwordpolicy, access control, audit policy, kernel mode driver configuration,and so on).• Take ownership of files that have become inaccessible.• Manage the security and auditing logs.• Back up and restore the system.In practice, Administrator accounts often must be used to install and runprograms written for versions of Windows prior to Windows 2000.Power UsersThe Power Users group primarily provides backward compatibility forrunning non-certified applications.The default permissions that are allotted to this group allow this group'smembers to modify computer wide settings.If non-certified applications must be supported, then end users will needto be part of the Power Users group.Members of the Power Users group have more permissions than membersof the Users group and fewer than members of the Administrators group.Power Users can perform any operating system task except tasks reservedfor the Administrators group.The default Windows 2000 and Windows XP Professional security settingsfor Power Users are very similar to the default security settings for Usersin Windows NT 4.0. Any program that a user can run in Windows NT 4.0, aPower user can run in Windows 2000 or Windows XP Professional.- 225 -