Information Technology Reference
In-Depth Information
are disabled because you can't change the scope or type of groups in the Builtin folder. Notice
that the selected scope is Builtin local. These groups are considered domain local, but there are
some differences between Builtin domain local and other domain local groups, as you'll see.
3. Click the
Members
tab to see this group's members (see Figure 5-19), and then click
Cancel
.
5
Figure 5-19
Members of the Administrators group
4. Next, view the membership of the
Guests
and
Users
groups. Notice that the Users group has
two special identities as members. Close both Properties dialog boxes.
5. Click the
Users
folder. Click
Domain Admins
, and open its Properties dialog box. Click the
General
tab, if necessary. Notice that you can't change this group's scope or type. Click the
Members
tab to view the group membership, and then click
Cancel
.
6. Next, view the membership of the
Domain Users
group. Notice that all the users you have
created became members of this group automatically. Close this Properties dialog box.
7. View the membership of the
Domain Computers
group. Notice that the Vista computer is a
member of this group. Close this Properties dialog box.
8. Log on to the domain from your Vista computer as Administrator.
9. Open Windows Explorer, and click the
C:
drive. Create a new folder named
TestScope
.
10. Right-click
TestScope
and click
Properties
. Click the
Security
tab. Next to the Administrators
and Users ACEs,
computer name
\
group
in parentheses is displayed. This notation differentiates
users and groups on the local computer from users and groups of the same name on the domain.
11. Click
Edit
. Click
Add
. In the Select Users, Computers or Groups dialog box, you can click
the Locations button to select objects from the local computer or a different domain.
12. Click
Advanced
, and then click
Find Now
. Scroll down and click
Group1-DL
, and then click
OK
twice.
13. Click
Add
. Type
Users
(the name of the Builtin local group in Active Directory), and then
click
Check Names
. You get the Name Not Found message box because even though Users is
a domain local group, it can't be added to the DACL of member computers because it's a
Builtin local group. Builtin local groups can be added only to the DACLs of domain controller
resources. The right way to add all users to a member computer's DACL is to add the local
Search WWH ::
Custom Search