IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

Local groups are represented in the User Manager by a group symbol with a<br />

computer.<br />

Global groups<br />

If a computer on which Windows NT is being run belongs to a domain, there<br />

is a further type of group for which access to the workstation can be made<br />

possible. This is the "global group", which can be used in several places: in its<br />

own domain, on servers, on workstations of the domain and in trusted<br />

domains. If a workstation belongs to a domain, it means that permissions and<br />

rights to the local workstation and membership of local groups of the<br />

workstation, can be granted to the global groups of the domain and the trusted<br />

domains. A global group can only contain user accounts from its own domain.<br />

Global groups can only be defined on the primary domain controller. It is not<br />

possible for other groups to become members of a global group. Global<br />

groups are represented in the User Manager by a group symbol with a globe.<br />

To sum it up, it is recommended to structure the system administration as<br />

follows:<br />

Rights and permissions are assigned to local groups. Users become members<br />

of global groups and the global groups become members of local groups.<br />

In addition to the distinction between local and global groups, there is also a<br />

distinction between pre-defined user groups, special groups and freely-defined<br />

user groups.<br />

Pre-defined user groups<br />

<strong>The</strong> actions a user can perform depend on the group memberships of his user<br />

account. Several groups are pre-defined in Windows NT and each group is<br />

granted a particular set of user rights as standard. Where required, additional<br />

groups can be created and defined via the User Manager. With these groups,<br />

access to individually-compiled resources is made possible for the users<br />

assigned to them.<br />

In addition to the rights, pre-defined functions are allocated to some of the<br />

pre-defined local groups. Rights and access permissions can be granted<br />

directly to the groups and user accounts and withdrawn from them. On the<br />

other hand, the pre-defined functions cannot be administrated directly. Predefined<br />

functions can only be provided for a user if the user is made member<br />

of a suitable local group.<br />

On computers which are configured with the operating system Windows NT<br />

as member server (a server which does not have the function of a domain<br />

controller) or as a workstation, the following local groups are set up during<br />

installation by default.<br />

- Administrators<br />

- Back-up operators<br />

- Power users<br />

- Replication operators<br />

- Users<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!