Information Technology Reference
In-Depth Information
In general, you should restrict the number of users who are included in this group because
most common administration functions do not require this level of access.
Backup Operators
One of the problems associated with backing up data in a secure
network environment is that you need to provide a way to bypass standard file system
security so that you can copy files. Although you could place users in the Administrators
group, doing so usually provides more permissions than necessary. Members of the
Backup Operators group can bypass standard file system security for the purpose of
backup and recovery only. They cannot, however, directly access or open files within the
file system.
Generally, backup software applications and data use the permissions assigned to the
Backup Operators group.
Certificate Service DCOM Access
Members of the Certificate Service DCOM Access
group can connect to certificate authority servers in the enterprise.
Cryptographic Operators
Members of the Cryptographic Operators group are authorized
to perform cryptographic operations.
Cryptography
allows the use of codes to convert
data, which then allows a specific recipient to read it using a key.
Guests
Typically, you use the Guests group to provide access to resources that generally
do not require security. For example, if you have a network share that provides files
that should be made available to all network users, you can assign permissions to allow
members of the Guests group to access those files.
Print Operators
By default, members of the Print Operators group are given permissions
to administer all of the printers within a domain. This includes common functions such as
changing the priority of print jobs and deleting items from the print queue.
Replicator
The Replicator group allows files to be replicated among the computers in a
domain. You can add accounts used for replication-related tasks to this group to provide
those accounts with the permissions they need to keep files synchronized across multiple
computers.
Server Operators
A common administrative task is managing server configuration.
Members of the Server Operators group are granted the permissions they need to manage
services, shares, and other system settings.
Users
The Users built-in domain local group is used to administer security for most
network accounts. Usually, you don't give this group many permissions, and you use it to
apply security settings for most employees within an organization.
Windows Server 2012 R2 also includes many different default groups, which you
can find in the
Users
folder. As shown in Figure 7.4, these groups are of varying scopes,
including domain local, global, and universal groups. You'll see the details of these groups
in the next section.
Search WWH ::
Custom Search