Information Technology Reference
In-Depth Information
DHCP Users and DHCP Administrators groups. The purpose of these groups depends on
the functionality of the applications being installed.
Foreign Security Principals
In environments that have more than one domain, you may need to grant permissions to
users who reside in multiple domains. Generally, you manage this using Active Directory
trees and forests. However, in some cases, you may want to provide resources to users who
belong to domains that are not part of the forest.
Active Directory uses the concept of
foreign security principals
to allow permissions
to be assigned to users who are not part of an Active Directory forest. This process is
automatic and does not require the intervention of system administrators. You can then
add the foreign security principals to domain local groups for which, in turn, you can
grant permissions for resources within the domain. You can view a list of foreign security
principals by using the Active Directory Users and Computers tool. Figure 7.5 shows the
contents of the
ForeignSecurityPrincipals
folder.
figure 7.5
The
ForeignSecurityPrincipals
folder
Managing Security and Permissions
Now that you understand the basic issues, terms, and Active Directory objects that pertain
to security, it's time to look at how you can apply this information to secure your network
resources. The general practice for managing security is to assign users to groups and
then grant permissions and logon parameters to the groups so that they can access certain
resources.
Search WWH ::
Custom Search