Saturday, July 11, 2009

understanding local groups

a local group is a collection of user accounts on a computer. use local groups to assign permissions to resources residing on the computer on which the local group is created. windows xp professional creates local groups in the local security database.

preparing to use local groups

guidelines for using local groups include the following
  • use local groups on computers that do not belong to a domain
you can use local groups only on the computer on which you create them. although local groups are available on member servers and domain computers running windows 2000 server, do not use local groups on computers that are part of a domain. using local groups on domain computers prevents you from centralizing group administration. local groups do not appear in the active directory service, and you must administer them separately for each computers.
  • you can assign permissions to local groups to access only the resources on the computer on which you create the local groups.
note - you cannot create local groups on domain controllers because domain controllers cannot have a security database that is independent of the database in active directory.

membership rules for local groups include following
  • local groups can contain local user accounts from the computer on which you create the local groups.
  • local groups cannot belong to any other group.

No comments:

Post a Comment