MCSA/MCSE Self-Paced Training Kit (Exam 70-214): Implementing and Administering Security in a Microsoft Windows 2000 Network (Pro-Certification)

Chapter 3

Restricting Accounts, Users, and Groups

About This Chapter

This chapter builds on the security features introduced in Chapter 2, "User Accounts and Security Groups." It covers account policy, user rights, restricted groups, and security templates.

Account policies are restrictions that are applied to all users logging on because they must take effect before the user who is logging on is identified. For example, a restriction on the number of times that any user can mistype a password is applied to all users, because the user has not yet logged on and the account settings are not yet known. Account policies are managed by using Group Policy settings.

User rights and restricted groups are also managed on a per-machine rather than a per-user basis. User rights control a user's ability to perform operations that affect the system as a whole, such as shutting down the computer. User rights are required to perform these actions because they affect every program running on the computer. Restricted groups are security groups that have controlled memberships. Periodically (during the Group Policy refresh period described in Chapter 1, "Group Policy"), users that may have been improperly added to security groups can be removed automatically by the system.

This chapter covers the following major Windows account-based security features:

This chapter also discusses using security templates to establish a level of security across the network. It discusses what you need to know to manage and deploy security templates and provides information about troubleshooting common problems.

Before You Begin

To complete this chapter, you must have a pair of networked test computers

Related

Категории