ServersLearn Windows XP Professional in 15 Minutes a Week: Managing Groups in...

Learn Windows XP Professional in 15 Minutes a Week: Managing Groups in Windows XP Professional




by Jason Zandri

www.2000trainers.com


Jason Zandri’s latest article in the Learning Windows XP Professional in 15 Minutes a Week series covers managing Groups in Windows XP Professional

Welcome to
this week’s installment of Learn Windows XP Professional in
15 minutes a week, the 11th in this series. This article
will cover Managing Groups in Windows XP
Professional in additional detail to what was discussed in
the last article.

Managing
Groups in Windows XP Professional

In
Microsoft Windows XP Professional you will find a number of
default local groups on your system which can perform the
following default functions as outlined:

Administrators                        Members of the
Administrators group have complete and unrestricted
access to the computer and can perform all
administrative tasks. The built-in
Administrator account is a member of this group by
default and should the Windows XP Professional system be
joined to a domain (or domains), the Domain Admins group
of the domain(s) joined will be added to the local
Administrators group as well.

Backup Operators

Members of the Backup
Operators group can use Windows Backup (NTBACKUP) to
back up and restore data to the local computer. Being in this group
allows them to override security restrictions for the
sole purpose of backing up or restoring files.

Guests Members of the built in
Guests group are limited to only having access to
specific resources for which they have been assigned
explicit permissions for and can only perform specific
tasks for which they have been assigned explicit rights.

This is nearly the same
access level as members of the Users group except for
some additional restrictions.

By default, the built-in
Guest account is a member of the Guests group. When the
Windows XP Professional system is joined to a domain
(or domains), the Domain Guests group of the domain(s)
joined will be added to the local Guests group as well.

Power Users

Members of the Power
Users group can create and modify local user accounts on
the computer and share resources. Effectively, they are
one group lower in authority on a local system from the
Administrators group in that they possess most
administrative powers with certain restrictions.

Users Members of the Users
Group are prevented from making accidental or
intentional system-wide changes and they are only
slightly higher in the permission scheme than the Guests
Group.

Members of the Users
group are limited to only having access to specific
resources for which they have been assigned explicit
permissions and can only perform specific tasks for
which they have been assigned explicit rights.

When a new user is
created on a Windows XP Professional system, it is added
to the Users group by default.

When the Windows XP
Professional system is joined to a domain (or domains),
the Domain Users group of the domain(s) joined will be
added to the local Users group as well.

[NOTES FROM THE FIELD] –

The built-in Administrator
account is enabled by default and cannot be deleted from the
system. The name of the account as well as the password can
be changed, however, and this is a recommended best
practice. It is also recommended that the default
Administrator account never be used or used as infrequently
as possible and only when tasks need to be performed at an
Administrative level. If there is ever more than one
Administrator on a workstation, each one should have an
account created for their use. In the event that you need to
log administrative events, this would be easier if there
were a number of different administrator accounts created
rather than a single one.

The Guest account also cannot
be deleted from the system; however, it is DISABLED by
default and unless there is some required operational need,
it should stay disabled. The only “need” for the Guest
account would be a kiosk type terminal in a lobby of an
office building or hotel, and in that event it could be used.
If there is ever a short time need to grant access to a
temporary user to a system, it is always worth the
“aggravation” to create an account.

Also, it is not recommended
to change any of the default permissions and other settings
to the built-in groups. If you need to elevate or lower
permissions for all users in a built-in group, it is almost
always better to create a new group, place all of the
intended users into that group and then make adjustments there
accordingly.

Latest Posts

Related Stories