Mary Help College

Managing Users, Computers, Hardware and Networking Service

and Groups

By Mohammed H.
Managing Users, Computers, and Groups

• Creating and Managing Groups

– what groups are and why they are used
• A group is a collection of user and/or computer accounts,
contacts, and other groups that are managed as a single
object. The users and computers that belong to the group
are known as group members
• process of assigning permissions and rights to a large
number of user and computer accounts at the same time,
resulting in these groups’ members having inherited (or
implicit) permissions from the group.

2
 Cont…

Creating and Managing Groups

• A set of default groups, known as local groups, is created
during the installation of Windows Server 2003
• Computers that are part of an Active Directory domain
environment also have a set of default groups; however,
these default groups are objects that reside within the Active
Directory database structure

3
 Cont…
When using groups in Active Directory, the following
three major benefits are provided:
• A Security groups allow network administrators to simplify and
reduce administrative requirements by assigning permissions and
rights for a shared resource (think printer or file share) to the
group rather than to each individual user that requires access. In
this way, all users (and groups) that are members of the group
receive the configured permissions and rights through inheritance

4
 Cont…
Cont…
• Security groups allow network administrators efficiently delegate
administrative responsibilities for performing specific tasks in Active
Directory
• Security and distribution groups allow network administrators to
quickly create email distribution groups by assigning an e-mail address
to the group itself.All members of that group that are mailbox-enabled
will receive e-mail that is sent to the group’s e-mail address.This is an
added ability of security groups and the only usage for distribution
groups
5
 Group Types
• There are two types of groups available for use in both workgroup
and domain environments
– Distribution Groups are used for distributing messages to
group members. Distribution groups are used with e-mail
applications, such as Microsoft Exchange, to send e-mail to all
members of a group in a quick and efficient manner by sending
an e-mail to the group e-mail address
• cannot be listed on the Discretionary Access Control Lists
(DACLs) that are used by Windows to control access to
resources.
 Cont…
• Security Groups can be used for the distribution of e-mail as
described for distribution groups, but can also be listed on
DACLs, thus allowing them to control access to resources.
Security groups can be used to assign user rights to group
members
 Group Scopes
• Unlike group types, which are fairly simple to understand,
group scopes can be frustrating to those new to working with
Windows Server 2003 and Active Directory. The scope of the
group identifies the extent to which the group is applied
throughout the domain tree or forest. There are three group
scopes:
 Group Scope Types
• There are three group scopes:
• Universal Groups can include other groups and user/computer accounts from
any domain in the domain tree or forest. Permissions for any domain in the
domain tree or forest can be assigned to universal groups.
• Global Groups can include other groups and user/computer accounts from
only the domain in which the group is defined. Permissions for any domain in
the forest can be assigned to global groups.
• Domain Local groups can include other groups and user/computer accounts
from Windows Server 2003,Windows 2000 Server,and Windows NT
domains.Permissions for only the domain in which the group is defined can be
assigned to domain local groups.