271_70-292_01.qxd 8/21/03 12:40 PM Page 4
4 Chapter 1 • Managing Users, Computers, and Groupsthe distribution group that are mailbox-enabled receive the e-mail message.
Distribution groups are not security-enabled, and therefore cannot be listed on
the Discretionary Access Control Lists (DACLs) that are used by Windows to con-
trol access to resources.
■
Security Groups Security groups can be used for the distribution of e-mail as
described for distribution groups, but can also be listed on DACLs, thus allowing
them to control access to resources. Security groups can be used to assign user
rights to group members. User rights include actions such as Backup files and direc-
tories or Restore files and directories, both of which are assigned to the Backup
Operators group by default. As mentioned previously, the network administrator
can delegate rights to groups to allow the members of the group to perform a
specific administrative function that is not normally allowed by their standard user
rights. Network administrators can also assign permissions to security groups to
allow them to access network resources such as printers and file shares.
Permissions, which should not be confused with user rights, determine which
users can access specified resources and what they can do (read, write, execute,
and so on) to that resource. By assigning these permissions to a group instead of
individual users, the network administrator can ensure that all members of the
group have the required permissions.
T
EST D
AY T
IPWorkgroup environments are those that do not use a directory service such as
Active Directory. Computers that are part of a workgroup cannot share account or
group information between them, thus the settings would need to be configured
on each computer individually. Workgroups are also commonly referred to as peer-
to-peer networks. This type of network is usually best suited for very small groupsof computers, including those that are geographically remote from the core net-
work or otherwise isolated from it.
In contrast to workgroups, a domain environment typically relies heavily on
a directory service such as Active Directory for user and computer management
and security enforcement. In a Windows Server 2003 Active Directory domain
environment, accounts and groups need only be created once in Active
Directory and are then available for use throughout the entire network.
Computers in a domain environment still have local accounts and groups, with
the exception of domain controllers, thus allowing users to log into the local
computer should they need to. This also allows domain administrators to
install applications and perform other management tasks on computers in the
domain.
https://traloihay.net
Bạn đang xem 271_ - MCSA MCSE EXAM 70 292 STUDY GUIDE PHẦN 1 PPTX