Built-in system groups exist on all computers running Windows XP Professional. System groups do not have specific memberships that you can modify, but they can represent different users at different times, depending on how a user gains access to a computer or resource. You do not see system groups when you administer groups, but they are available when you assign rights and permissions to resources. Windows XP Professional bases system group membership on how the computer is accessed, not on who uses the computer. Table 3.6 lists the most commonly used built-in system groups and describes their capabilities.
Table 3.6 Built-In System Group Capabilities
System group Description
Everyone
All users who access the computer. By default, when you format a volume with NTFS, the Full Control permission is assigned to the Everyone group. This presented a problem in earlier versions of Windows, including Microsoft Windows 2000. In Windows XP Professional, the Anonymous Logon is no longer included in the Everyone group. When a Windows 2000 Professional system is upgraded to a Windows XP Professional system, resources with permission entries for the Everyone group and not explicitly for the Anonymous Logon group are no longer available to the Anonymous Logon group.
Authenticated Users All users with valid user accounts on the computer. (If your computer is part of a domain, it includes all users in Active Directory.) Use the Authenticated Users group instead of the Everyone group to prevent anonymous access to a resource.
Creator Owner The user account for the user who created or took ownership of a resource. If a member of the Administrators group creates a resource, the Administrators group owns the resource.
Network Any user with a current connection from another computer on the network to a shared resource on the computer.
Interactive The user account for the user who is logged on at the computer. Members of the Interactive group can access resources on the computer at which they are physically located. They log on and access resources by "interacting" with the computer.
Anonymous Logon Any user account that Windows XP Professional cannot authenticate.
Lesson Review
The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next chapter. The answers are in Appendix A, "Questions and Answers."
1. What are groups, and why do you use them?
2. An administrator or owner of a resource uses __________________ to control what users can do with a resource such as a folder, file, or printer.
3. You use local groups to assign permissions to resources residing __________________. 4. Which of the following statements about local groups are correct? (Choose all that apply.)
a. If a computer running Windows XP Professional is part of a domain, the local groups for that computer are stored in the directory rather than in the local security database on that computer.
b. Local groups allow you to grant permission to the group to perform system tasks, such as changing the time on a computer and backing up or restoring files.
c. A local group is a collection of user accounts on a computer that you can use to control access to resources residing on that computer. d. You can use the Computer Management snap-in to create groups, to add members to existing groups, and to delete groups from a
computer running Windows XP Professional.
5. Which of the following statements about local groups are correct? (Choose all that apply.) a. You can use local groups only on the computer on which you create them.
b. Local groups are available on member servers and domain computers running Windows 2000 Server. c. Local groups appear in Active Directory so you can administer them centrally.
d. You must create each user profile by copying and modifying an existing user profile. 6. Which of the following statements about deleting local groups are correct? (Choose all that apply.)
a. Each group that you create has a unique identifier that cannot be reused. b. You can restore access to resources by recreating the group.
c. When you delete a group, you also remove the permissions and rights associated with it. d. Deleting a group deletes the user accounts that are members of the group.
7. What is the difference between built-in system groups and built-in local groups found on computers running Windows XP Professional? Give at least two examples of each type of group.
Lesson Summary
● Groups simplify administration by allowing you to assign permissions and rights to a group of users rather than to individual user accounts.
● Permissions control what users can do with a resource such as a folder, file, or printer.
● Rights allow users to perform system tasks, such as changing the time on a computer and backing up or restoring files.
● Windows XP Professional creates local groups in the local security database, so you can use local groups only on the computer on which you create them. You cannot use local groups on computers that are part of a domain.
● You can use the Computer Management snap-in to create, add members to, and delete local groups.
● All stand-alone servers, member servers, and computers running Windows XP Professional have built-in local groups that give rights to perform system tasks on a single computer.
[Home] [Previous][Next]