70-292_01.QXD 8/21/03 12

Question

271_70-292_01.qxd 8/21/03 12:40 PM Page 44 Chapter 1 • Managing Users, Computers, and Groupsthe distribution group that are mailbox-enabled receive the e-mail message.Distribution groups are not security-enabled, and therefore cannot be listed onthe Discretionary Access Control Lists (DACLs) that are used by Windows to con-trol access to resources.■ Security Groups Security groups can be used for the distribution of e-mail asdescribed for distribution groups, but can also be listed on DACLs, thus allowingthem to control access to resources. Security groups can be used to assign userrights to group members. User rights include actions such as Backup files and direc-tories or Restore files and directories, both of which are assigned to the BackupOperators group by default. As mentioned previously, the network administratorcan delegate rights to groups to allow the members of the group to perform aspecific administrative function that is not normally allowed by their standard userrights. Network administrators can also assign permissions to security groups toallow them to access network resources such as printers and file shares.Permissions, which should not be confused with user rights, determine whichusers can access specified resources and what they can do (read, write, execute,and so on) to that resource. By assigning these permissions to a group instead ofindividual users, the network administrator can ensure that all members of thegroup have the required permissions.TEST DAY TIPWorkgroup environments are those that do not use a directory service such asActive Directory. Computers that are part of a workgroup cannot share account orgroup information between them, thus the settings would need to be configuredon each computer individually. Workgroups are also commonly referred to as peer-to-peer networks. This type of network is usually best suited for very small groupsof computers, including those that are geographically remote from the core net-work or otherwise isolated from it.In contrast to workgroups, a domain environment typically relies heavily ona directory service such as Active Directory for user and computer managementand security enforcement. In a Windows Server 2003 Active Directory domainenvironment, accounts and groups need only be created once in ActiveDirectory and are then available for use throughout the entire network.Computers in a domain environment still have local accounts and groups, withthe exception of domain controllers, thus allowing users to log into the localcomputer should they need to. This also allows domain administrators toinstall applications and perform other management tasks on computers in thedomain.https://traloihay.net

70-292_01.QXD 8/21/03 12

the distribution group that are mailbox-enabled receive the e-mail message.

Distribution groups are not security-enabled, and therefore cannot be listed on

the Discretionary Access Control Lists (DACLs) that are used by Windows to con-

trol access to resources.

Security Groups Security groups can be used for the distribution of e-mail as

described for distribution groups, but can also be listed on DACLs, thus allowing

them to control access to resources. Security groups can be used to assign user

rights to group members. User rights include actions such as Backup files and direc-

tories or Restore files and directories, both of which are assigned to the Backup

Operators group by default. As mentioned previously, the network administrator

can delegate rights to groups to allow the members of the group to perform a

specific administrative function that is not normally allowed by their standard user

rights. Network administrators can also assign permissions to security groups to

allow them to access network resources such as printers and file shares.

Permissions, which should not be confused with user rights, determine which

users can access specified resources and what they can do (read, write, execute,

and so on) to that resource. By assigning these permissions to a group instead of

individual users, the network administrator can ensure that all members of the

group have the required permissions.

T

D

T

Workgroup environments are those that do not use a directory service such as

Active Directory. Computers that are part of a workgroup cannot share account or

group information between them, thus the settings would need to be configured

on each computer individually. Workgroups are also commonly referred to as peer-

of computers, including those that are geographically remote from the core net-

work or otherwise isolated from it.

In contrast to workgroups, a domain environment typically relies heavily on

a directory service such as Active Directory for user and computer management

and security enforcement. In a Windows Server 2003 Active Directory domain

environment, accounts and groups need only be created once in Active

Directory and are then available for use throughout the entire network.

Computers in a domain environment still have local accounts and groups, with

the exception of domain controllers, thus allowing users to log into the local

computer should they need to. This also allows domain administrators to

install applications and perform other management tasks on computers in the

domain.

https://traloihay.net

Bạn đang xem 271_ - MCSA MCSE EXAM 70 292 STUDY GUIDE PHẦN 1 PPTX