Managing permissions in Distributed Computing Environments (e.g., Windows
Server 2003 domains) that consist of many users and resources can be tedious
and time-consuming. To ease administrators' lives, Windows provides groups.
You can use groups to combine users or computers with similar capabilities,
which can significantly alleviate the burden of setting permissions for Windows
resources, such as files and printers.
Before I tell you about the golden rules for using groups to set up permissions
for resources, you need to know about the possible group types and groups scopes.
Note that I cover only those groups you can define in and manage from Active
Directory (AD) in a Windows 2003 or Windows 2000 domain environment. (For information
about how groups have evolved, see the sidebar "The Evolution of Groups in Windows.") I won't discuss local groups that are defined in the security databases
of standalone machines and domain-member workstations and servers. These local
groups are only meaningful on the local computer for setting permissions on
local resources. The groups I discuss can be used to set permissions on resources
domain-wide and in some cases even forestwide. . . .
Register
