Windows server 2003 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

Windows Server 2003 使用者群組管理 PowerPoint PPT Presentation


  • 47 Views
  • Uploaded on
  • Presentation posted in: General

Windows Server 2003 使用者群組管理. 林寶森 [email protected] Instead of. Permissions Assigned Once for a Group. Permissions Assigned Once for Each User Account. Permissions. User. User. User. Permissions. Permissions. Permissions. How Groups Work.

Download Presentation

Windows Server 2003 使用者群組管理

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Windows server 2003 l.jpg

Windows Server 2003使用者群組管理

林寶森

[email protected]


How groups work l.jpg

Instead of

Permissions Assigned

Once for a Group

Permissions Assigned Once for Each User Account

Permissions

User

User

User

Permissions

Permissions

Permissions

How Groups Work

  • Group Members Have the Rights and Permissions Granted to the Group

  • Users Can Be Members of Multiple Groups

  • Groups and Computers Can Also Be Members of a Group

Group


Groups in workgroups and domains l.jpg

SAM

SAM

Member Server

Client Computer

Domain Controller

Groups in Workgroups and Domains

Workgroup

  • Created on Computers That Are Not Domain Controllers

  • Reside in SAM

  • Used to Control Access to Resources for the Computer

  • Created on Domain Controllers

  • Reside in Active Directory

  • Used to Control Resources in the Domain

Domain


Managing local groups l.jpg

Computer Management

Action

View

Name

Description

Tree

Computer Management (Local)

Administrators

Administrators have full access to th…

System Tools

Backup Operators

Backup Operators can only use a ba…

Event Viewer

Guests

Guests can operate the computer an…

System Information

Power Users

Power Users can modify the comput…

Performance Logs and Alerts

Replicator

Supports file replication in a domain

Shared Folders

Users

Users can operate the computer and…

Device Manager

Local Users and Groups

New Group

Users

Group name:

Groups

New Group…

Storage

Refresh

Description:

Services and Applications

Export List…

Members:

View

Arrange Icons

Line Up Icons

Help

Add…

Remove

Create

Close

Managing Local Groups


Group types l.jpg

Group Types

  • Purpose of Group Types

    • Security groupsUse to assign or deny rights and permissions

    • Distribution groupsUse to send e-mail messages

  • Selecting a Group Type

    • Use distribution groups unless you need security capabilities

    • Distribution groups improve logon performance


Group scopes l.jpg

Domain Local Group

  • Members from any domain in forest

  • Use for access to resources in one domain

Global Group

  • Members from own domain only

  • Use for access to resources in any domain

Universal Group

  • Members from any domain in forest

  • Use for access to resources in any domain

Group Scopes


Groups and domain functional levels l.jpg

Groups and Domain Functional Levels


What is group nesting l.jpg

What Is Group Nesting?

  • It means adding a group as a member of another group that is the same kind of group scope

Group

Group

Group

Group

Group

  • Nest groups to consolidate group management

  • Nesting options depend on whether the domain functional level of your Windows Server 2003 domain is set to Windows 2000 native or Windows 2000 mixed


What are global groups l.jpg

What Are Global Groups?

Global group rules


What are universal groups l.jpg

What Are Universal Groups?

Universal group rules


What are domain local groups l.jpg

What Are Domain Local Groups?

Domain local group rules


Creating and deleting domain groups l.jpg

New Object - Group

Create in: nwtraders.msft/Users

Group Name

Group name:

Public

Group name (pre-Windows 2000):

Group scope:

Group type:

Domain local

Global

Universal

Security

Distribution

OK

Cancel

Creating and Deleting Domain Groups

  • Use Active Directory Users and Computers to Create and Delete Groups

  • When You Delete a Group Its:

    • Rights and permissions are removed

    • Members are not deleted

    • SID is never used again


Adding members to domain groups l.jpg

Group 01 Properties

Members

General

Member Of

Managed By

Members:

Select Users, Contacts, Computers, or Groups

Name

Active Directory Folder

Look in:

nwtraders.msft

Name

In Folder

Select

Casablanca

Portland

Seattle

Denver

Administrator

Guest

TsInternet User

nwtraders.msft/Casablanca nwtraders.msft/Portland

nwtraders.msft/Seattle

nwtraders.msft/Denver OU

nwtraders.msft/Users

nwtraders.msft/Users

nwtraders.msft/Users

Add

Check Names

Add

Casablanca; Portland

Add...

Remove

OK

Cancel

Apply

OK

Cancel

Adding Members to Domain Groups


Why assign a manager to a group l.jpg

Why Assign a Manager to a Group?

  • To enable you to:

    • Track who is responsible for groups

    • Delegate to the manager of the group the authority to add users to and remove users from the group

  • To distribute the administrative responsibility of adding users to groups to the people who request the group

Manager

Group


Modifying groups l.jpg

Changing Group Scope

Global to universal

Domain local to universal

Universal to global

Universal to domain local

Available in native mode

Changing Group Type

Security to distribution

Distribution to security

Available in native mode

Modifying Groups

  • Deleting a Group

    • Deletes the group but not the objects that are members

    • Cannot restore a group and its permissions


The strategy for using local groups in a workgroup l.jpg

L

L

L

Add

Add

Add

P

P

P

A

A

A

The Strategy for Using Local Groups in a Workgroup

L

Add

Assign

P

A

Assign

Assign

Windows Server 2003

Workgroup

Windows XP Professional

Assign

Windows 2000 Server

Windows 2000 Professional

=

=

=

A

L

P

User Accounts

Local Group

Permissions


Group strategies 1 l.jpg

User Accounts

Global Groups

Permissions

A

G

P

Group Strategies (1)


Group strategies 2 l.jpg

User Accounts

Domain Local Groups

Permissions

A

DL

P

Group Strategies (2)


Group strategies 3 l.jpg

User Accounts

Global Groups

Domain Local Groups

Permissions

A

G

DL

P

Group Strategies (3)


Group strategies 4 l.jpg

User Accounts

Global Groups

Local Groups

Permissions

A

G

L

P

Group Strategies (4)


Group strategies 5 l.jpg

User Accounts

Global Groups

Universal Groups

Domain Local Groups

Permissions

A

G

U

DL

P

User Accounts

Global Groups

A

G

Group Strategies (5)


The strategy for using groups in a single domain l.jpg

User Accounts

Global Groups

Global Group

Domain Local Group

Permissions

A

G

G

DL

P

DLG

Add Domain User Accounts into Global Groups

(Optional) Add Global Groups into Another Global Group

Add Global Group into Domain Local Group

Assign Resource Permissions to the Domain Local Group

The Strategy for Using Groups in a Single Domain


Why use group strategies l.jpg

Why Use Group Strategies


Guidelines for planning a group strategy l.jpg

Guidelines for Planning a Group Strategy

  • Assign users with common job responsibilities to global groups

  • Create a domain local group for sharing resources

  • Add global groups that require access to resources to domain local groups

  • Use universal groups to grant access to resources in multiple domains

  • Use universal groups when membership is static


Default groups on member servers l.jpg

Default Groups on Member Servers


Default groups in active directory l.jpg

Default Groups in Active Directory


When to use default groups l.jpg

When to Use Default Groups

  • Default groups are:

    • Created during the installation of the operating system or when services are added such as Active Directory or DHCP

    • Automatically assigned a set of user rights

  • Use Default groups to:

    • Control access to shared resources

    • Delegate specific domain-wide administration


What are user rights l.jpg

Examples of User Rights

What Are User Rights?


User rights vs permissions l.jpg

User Rights vs. Permissions

User Rights:

Actions on System

Permissions: Actions on Object


System groups l.jpg

System Groups

  • System groups represent different users at different times

  • You can grant user rights and permissions to system groups, but you cannot modify or view the memberships

  • Group scopes do not apply to system groups

  • Users are automatically assigned to system groups whenever they log on or access a particular resource


  • Login