Windows Server can play different roles on a network, depending on your security requirements:. These accounts determine who can use the server. Standalone servers don't share security information with each other. If a user wants to use two different standalone servers, he must have a user account and password on each. This collection of users and groups is called a domain and enables users to access multiple servers with a single user account and password.
In Windows Server , domains are handled by Active Directory, which you'll learn more about in the next session. Member servers can also use the user and group accounts in an Active Directory domain. This capability means member servers can grant access to users with a domain account or users with a local server account.
Windows Server 's flexible security architecture makes it suitable for a wide range of computing environments. For example, small companies with only one or two servers can use standalone servers, which require very little administrative effort to maintain.
There are four group scopes:. Only local groups can manage permissions for local resources local to a single machine. Permissions for only the domain in which the group is defined can be assigned to domain local groups. Permissions for any domain in the forest can be assigned to global groups. Permissions for any domain in the domain tree or forest can be assigned to universal groups. Universal groups are only available if your domain functional level is set to Windows native mode.
Domain and forest functionality is a new feature introduced in Windows Server By having differing levels of domain and forest functionality available within your Active Directory implementation , you have different features available to your network. As an example, if all of your network's domain controllers are Windows Server and the domain functional level is set to Windows Server , all domain features become available.
However, sometimes you need to create your own groups to meet your business requirements. The custom groups allow you limit the access of resources on a network to users as per your business requirements.
To create custom groups in domain, you need to:. The New Object —Group dialog box appears, as shown in Figure Provide the name of the group in the Group name field. The group name that you have provided will appear in the Group name pre-Windows field to ensure that group is functional on domain computers that are using earlier versions of Windows such as Windows NT.
Select the desired group scope of the group from the Group scope options. If the Domain Local Scope is selected the members can come from any domain but the members can access resources only from the local domain. If Global scope is selected then members can come only from local domain but can access resources in any domain. If Universal scope is selected then members can come from any domain and members can access resources from any domain. Select the group type from the Group Type options.
The group type can be Security or Distribution. The Security groups are only used to assign and gain permissions to access resources and Distribution groups are used for no-security related tasks such as sending emails to all the group members.
You can add members to group just as you add groups to members. Just right-click the group in Active Directory Users and Computers node in the Active Directory Users and Computers snap-in, select Properties , click Members tab from the Properties window of the group and then follow the steps from from Creating Local User Accounts section. This article covered basic administration of user and group accounts at both local and domain environments. If you have found the article useful, we would really appreciate you sharing it with others by using the provided services on the top left corner of this article.
Sharing our articles takes only a minute of your time and helps Firewall. Back to Windows Server Section. Deal with bandwidth spikes Free Download. Web Vulnerability Scanner Free Download. Network Security Scan Download Now. User Accounts In Windows Server computers there are two types of user accounts. To view a listing of available groups on the local system from within the Computer Management Console, follow these steps:. The best way to create a group account from the Computer Management Console is by selecting the Groups object in the left pane and right-clicking the list in the right pane to select New Group.
This will produce a dialog box asking you to enter a name and a description for the group. After you enter the name and description, click the Add button at the bottom of the dialog box in order to select members for the new group. When you have all of the members assigned, click OK in the selection box and then click Create in the New Group dialog box.
Check out the Windows Server archive , and catch up on the most useful tips from this newsletter. Stay on top of the latest Windows Server tips and tricks with our free Windows Server newsletter, delivered each Wednesday.
0コメント