Information Technology Reference
In-Depth Information
Configuring User Account Control
One issue that many users have run into is as follows: When they log into their standard
Windows user account and they need to make a change on their local machines or run a
program that requires a higher level of security, they can't complete the task. This is where
User Account Controls can help.
User Account Control (UAC)
allows your domain users to log into their machines
using their standard Windows user account and then execute processes that may require
additional user group access.
Some applications may require additional security permissions to run successfully. These
types of programs are normally referred to as
legacy applications
. Some applications,
however, such as installing new software or making configuration changes, require more
permissions than what is available to a standard user account. This is where UAC can help.
When an executable or program needs to function properly with more than just
standard user rights, UAC can give that user's token additional user groups. This token
allows the executable or program to function properly by giving the standard user account
the rights to complete the task.
To configure the UAC, an administrator can go into the system's Control Panel and then
User Accounts. Inside the User Accounts snap-in, choose Change User Account Control
Settings.
Delegating Control of Users and Groups
A common administrative function related to the use of Active Directory involves manag-
ing users and groups. You can use OUs to group objects logically so that you can easily
manage them. Once you have placed the appropriate Active Directory objects within OUs,
you are ready to delegate control of these objects.
Delegation
is the process by which a higher-level security administrator assigns
permissions to other users. For example, if Admin A is a member of the Domain Admins
group, they are able to delegate control of any OU within the domain to Admin B. You
can access the Delegation Of Control Wizard through the Active Directory Users and
Computers tool. You can use it to perform common delegation tasks quickly and easily.
The wizard walks you through the steps of selecting the objects for which you want to
perform delegation, what permission you want to allow, and which users will have those
permissions.
Exercise 7.1 walks through the steps required to delegate control of OUs.
e xerciSe 7.1
delegating control of active directory objects
1.
Open the Active Directory Users and Computers tool.
2.
Create a new user within the Engineering OU using the following information (use the
default settings for any fields not specified):
Search WWH ::
Custom Search