Group
Group is collection of users or it is logical container of users. Group is use to manage the permission of the different resources like file, folder, printer etc. There are 2 types of group :-
1.
Local group
2.
Domain group
1. Local group They can be create in computer management,
they are use in the workgroup network, they are use to manage the permission of
different resources which are available on local computer only. We can add the
domain users also in a local group.
NOTE:
Local users and local groups cannot be create on DC.
step: RUN
compmgmt.msc -> Local users and
groups -> Group(options) -> Rt. click -> New group
2. Domain group They can be create in AD, they are use to
manage the domain resources. The users of a domain group will have same
permission on a resource from all the computers. There are 2 types of domain group :-
(a)Security
group It is use to manage the
security permission and to send same email to the different users.
(b)Distribution
group It is use for email purpose only.
NOTE:
Security group can act as Distribution group but Distribution group cannot act
as Security group.
Scope
--------
It
means limit of a domain group or level of permission for a domain group. We
have to select scope with security or distribution group. There are 3 types of
scope :-
1. Domain local scope It is use to manage the resources. We can
add users of any other domain also.
2. Global scope It is use to manage the users. We can add
users of own domain only.
3. Universal scope It is use to manage the entire network. We
can add users of own domain only but users can access the resources of any
other domain also.
NOTE: Universal scope cannot be use with
Security group in the Mixed mode.
To check or to upgrade functional level or mode of a domain :-
Open AD users and computers
-> Domain name -> Rt.
click ->
Raise domain functional level
To create domain group :-
AD users and computers
-> User (option) -> Rt.
click -> New -> Group
To add users in a group :-
Group -> Properties
-> Member tab -> Add -> Select users -> OK
To apply permission on any resource :-
Folder ->
Properties -> Security tab -> Add
-> Select users or groups
-> Select permission ->
Apply -> OK
NOTE: There are various built-in groups
to provide some privileges to the normal users. Eg: Administrators, Backup
operators, Account operators, Server operators, Print operators etc.
Nesting of group
It
means a user is member of more than one group or it means a group is member of
another group.
---------------------------------------------------------------------------
NTFS Folder and File Permissions
1.
Types of permission :-
List
folder content
Read
Read and
Execute
Write
Modify
Full
control (Owner)
Deny
2. Step
to apply permission :-
step1 Remove
everyone because by default everyone(System) have full control
step2 Give
full control to Administrator
step3 Add users or groups and select
permissions
3.
Rules for Nesting of group :-
Rule1 Maximum permissions are effective
rights
Rule2 Deny
permission will override any other permission
Rule3 File(child
object) permission will override folder permission
Example
:-
1. Create 3 users - a1, a2, a3
2. Create 2 groups - Grp1 and Grp2
3. Add a1 in Grp1
4. Add a1, a2 in Grp2
5. Create folder
6. Apply Read only permission to Grp2
7. Apply Full control to Grp1
Conclusion :- a3 = Access Deny
a2 = Read
only
a1 = Full
control
No comments:
Post a Comment