by Jason Zandri
www.2000trainers.com
Jason Zandri’s latest article in the Learning Windows XP Professional in 15 Minutes a Week series covers managing Groups in Windows XP Professional
Welcome to
this week’s installment of Learn Windows XP Professional in
15 minutes a week, the 11th in this series. This article
will cover Managing Groups in Windows XP
Professional in additional detail to what was discussed in
the last article.
Managing
Groups in Windows XP Professional
In
Microsoft Windows XP Professional you will find a number of
default local groups on your system which can perform the
following default functions as outlined:
Administrators | Members of the Administrators group have complete and unrestricted access to the computer and can perform all administrative tasks. The built-in Administrator account is a member of this group by default and should the Windows XP Professional system be joined to a domain (or domains), the Domain Admins group of the domain(s) joined will be added to the local Administrators group as well. |
Backup Operators |
Members of the Backup Operators group can use Windows Backup (NTBACKUP) to back up and restore data to the local computer. Being in this group allows them to override security restrictions for the sole purpose of backing up or restoring files. |
Guests | Members of the built in Guests group are limited to only having access to specific resources for which they have been assigned explicit permissions for and can only perform specific tasks for which they have been assigned explicit rights.
This is nearly the same
By default, the built-in |
Power Users | Members of the Power Users group can create and modify local user accounts on the computer and share resources. Effectively, they are one group lower in authority on a local system from the Administrators group in that they possess most administrative powers with certain restrictions. |
Users | Members of the Users Group are prevented from making accidental or intentional system-wide changes and they are only slightly higher in the permission scheme than the Guests Group.
Members of the Users
When a new user is
When the Windows XP |
[NOTES FROM THE FIELD] –
The built-in Administrator
account is enabled by default and cannot be deleted from the
system. The name of the account as well as the password can
be changed, however, and this is a recommended best
practice. It is also recommended that the default
Administrator account never be used or used as infrequently
as possible and only when tasks need to be performed at an
Administrative level. If there is ever more than one
Administrator on a workstation, each one should have an
account created for their use. In the event that you need to
log administrative events, this would be easier if there
were a number of different administrator accounts created
rather than a single one.
The Guest account also cannot
be deleted from the system; however, it is DISABLED by
default and unless there is some required operational need,
it should stay disabled. The only “need” for the Guest
account would be a kiosk type terminal in a lobby of an
office building or hotel, and in that event it could be used.
If there is ever a short time need to grant access to a
temporary user to a system, it is always worth the
“aggravation” to create an account.
Also, it is not recommended
to change any of the default permissions and other settings
to the built-in groups. If you need to elevate or lower
permissions for all users in a built-in group, it is almost
always better to create a new group, place all of the
intended users into that group and then make adjustments there
accordingly.