Group Nesting

11.03.2011 | Autor: mary | Category: Computers | Leave comment

Adding groups to other groups, or nesting, helps reduce the number of times plus benefits permissions need to be assigned. Create a hierarchy of groups based on the needs of the members. Windows Server 2003 allows unlimited levels of nesting in domains with a domain functional level set to Windows 2000 native or Windows Server 2003 .
For example, you can create a group for each region in your organization and add managers from each region into their own group, called Regional Managers. You can then add each Regional Managers group to another group called Worldwide Managers. When all managers in the network need access to a resource, you assign permissions only to the Worldwide Managers group. Because the Worldwide Managers group contains all members of the Regional Managers groups through nesting, all managers in the network can reach the resource. This strategy allows for easy assignment of permissions and decentralized tracking of group membership.
This group supports directory replication functions and is used by the file replication service on domain controllers. By default, the group has no members. The only member should be a domain CompTIA A+ Essentials user account used to log on to the Replicator services of the domain controller. Do not add users to this group.
This group exists only on domain controllers. By default, the group has no members. Members can log on to a server interactively, create and delete network shares, start and stop services, back up and restore files, format the hard disk of the computer, and shut down the computer.
Terminal Server License Servers
Members are prevented from making accidental or intentional systemwide changes. Members can run certified applications, use printers, shut down and start the computer, and use network shares for which they are assigned permissions. Members cannot share folders or install printers on the local computer. By default, the Domain Users group is a member.
Members have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects.
User accounts, computer accounts, and global groups from the same domain
User accounts, computer accounts, global groups, and universal groups from any domain; domain local groups from the same domain User accounts, computer accounts, global groups, and other a+ exam papers universal groups from any domain in the forest.

Read more on Group Nesting…

Managing Operations Master Roles

20.02.2011 | Autor: Zhuimeng | Category: Business | Leave comment

4-31 Planning the Operations Master Roles for the Forest

Viewing Operations Master Role Assignments
Before you can revise operations master role assignments, you need to view the cur?rent operations master role assignments for CompTIA A+ Essentials your domain.
To view the RID master, the PDC emulator, or the infrastructure master role assign-ments, complete the following steps:
1. Open the Active Directory Users And Computers console.
2. In the console tree, right-click the Active Directory Users And Computers node,
point to All Tasks, and then click Operations Masters.
3. In the Operations Masters dialog box, select one of the following choices:
a Click the RID tab, and the name of the RID master appears in the Operations Master box.
a Click the PDC tab, and the name of the PDC emulator appears in the Opera-tions Master box.
a Click the Infrastructure tab, and the name of the infrastructure master appears in the Operations Master box.
4. Click Close to close the Operations Master dialog box.

Read more on Managing Operations Master Roles…