Hiya folks – I am the publisher of the above title and I like to hold virtual book readings. Here is a passage for ya! (BTW – my SBS 2008 book is now here)
Configure User Accounts and
Now that we have covered ACEs and ACLs, we can move on to configuring user accounts and permissions. Small Business Server 2003 uses the Add Security Group wizard and Default User Templates to create distribution and security groups and create user accounts. You can control what users can and cannot do on the SBS network by simply placing or removing the user accounts to and from specific security groups.
User Rights and Permissions
Managing users and groups can appear to be a daunting task, but as an administrator you have two friends called:
· User Rights.
· User Permissions.
User rights are defined by the capabilities, like performing a task. In general, user rights apply to the entire system. There are two types of user rights:
· Allow a user to perform actions like running a backup or a security audit.
· Logon Rights.
· Allow a user to access the computer in a certain way.
Permissions dictate access to a particular object (files, printers) allowing the user to interact with the object in a certain way (read, write, print). As shown in Figure 6.1, you can view NTFS permission settings. Looking at the folder name, of course, should teach you to never let new techs have default permissions. But besides that, notice that the Domain Users Group here has Read and Execute, List Folder Contents, and Read Permissions inherited by default.
Chapter 6 Securing Windows Small Business Server 2003
NTFS permission settings on the WorldofWarcraft folder.
Harry Brelsford, CEO at SMB Nation (www.smbnation.com)
MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)
PS – did you know my Windows Small Business Server 2008 (SBS 2008) book is almost here? Yes!