Its members can grant themselves any permissions they do not have by default to manage all the objects on the computer. Objects include the file system, printers, and account management. By default, the Administrator account, which is disabled by default, and the initial user account are members of the Administrators local group. Assign users to the Administrators group with caution since they will have full permissions to manage the computer.
Members of the Administrators group can perform the following tasks:. Install and configure hardware device drivers. Install service packs, hot fixes, and Windows updates.
Install applications that modify the Windows system files. Modify groups and accounts that have been created by other users. Manage disk properties, including formatting hard drives. The Backup Operators Group Members of the Backup Operators group have permissions to back up and restore the file system, even if the file system is NTFS and they have not been assigned permissions to access the file system. However, the members of Backup Operators can access the file system only through the Backup utility.
To access the file system directly, Backup Operators must have explicit permissions assigned. There are no default members of the Backup Operators local group. The Cryptographic Operators Group The Cryptographic Operators group has access to perform cryptographic operations on the computer.
There are no default members of the Cryptographic Operators local group. There are no default members of the Event Log Readers local group. The Guests Group The Guests group has limited access to the computer. This group is provided so that you can allow people who are not regular users to access specific network resources. As a general rule, most administrators do not allow Guest access because it poses a potential security risk. By default, the Guest user account is a member of the Guests local group.
The Performance Log Users Group The Performance Log Users group has the ability to access and schedule logging of performance counters and can create and manage trace counters on the computer. The Performance Monitor Users Group The Performance Monitor Users group has the ability to access and view performance counter information on the computer. Users who are members of this group can access performance counters both locally and remotely.
The Power Users group is included to ensure that computers upgraded from Windows XP function as before with regard to folders that allow access to members of the group. Otherwise, the Power Users group has limited administrative rights.
The Replicator Group The Replicator group is intended to support directory replication, which is a feature used by domain servers. Only domain users who will start the replication service should be assigned to this group. The Replicator local group has no default members. The Users Group The Users group is intended for end users who should have very limited system access.
If you have installed a fresh copy of Windows 7, the default settings for the Users group prohibit its members from compromising the operating system or program files. By default, all users who have been created on the computer, except Guest, are members of the Users local group.
Windows 7 also uses special groups. In the next section, we will look at special groups and how they work. Special groups can be used by the system or by administrators. Membership in these groups is automatic if certain criteria are met. You cannot manage special groups through the Local Users And Groups utility, but an administrator can add these special groups to resources. Table 1 describes several of the special groups that are built into Windows 7. Now that we have looked at the different types of groups, let's take a look at how to manage and work with these groups.
In the next section we will discuss how to work with groups. To work with groups, you can use the Local Users And Groups utility. Let's take a look at how to create new groups. To create a group, you must be logged on as a member of the Administrators group. The Administrators group has full permissions to manage users and groups. As you do in your choices for usernames, keep your naming conventions in mind when assigning names to groups.
When you create a local group, consider the following guidelines:. The group name should be descriptive for example, Accounting Data Users. The group name must be unique to the computer, different from all other group names and usernames that exist on that computer. Group names can be up to characters. It is best to use alphanumeric characters for ease of administration. Creating groups is similar to creating users, and it is a fairly easy process.
Right-click the Groups folder and select New Group from the context menu. This brings up the New Group dialog box, shown in Figure 1. The only required entry in the New Group dialog box is the group name.
If appropriate, you can enter a description for the group, and you can add or remove group members. When you're ready to create the new group, click the Create button. Complete Exercise 1 to create two new local groups. Right-click the Groups folder and select New Group. To create a group, you must be logged on as a member of the Administrators group.
The Administrators group has full permissions to manage users and groups. As you do in your choices for usernames, keep your naming conventions in mind when assigning names to groups. When you create a local group, consider the following guidelines:. Creating groups is similar to creating users, and it is a fairly easy process.
Right-click the Groups folder and select New Group from the context menu. Repeat the previous steps to create more groups or else click the Close button to exit the New Group creation window. The newly created group will appear under the Groups list. Click on Users. Right-click on the middle panel and click on New User… when the right-click menu appears. The New User creation window will appear. Enter the user details and click the Create button.
0コメント