Shulou(Shulou.com)06/02 Report--

User account management (local users)

Open the local user: 1win+r input: compmgmt.msc (computer computer, management Management, operator) computer Manager

2 my computer (computer) right-click management-local users and groups for each account corresponding to a unique security ID: SID

The user's permissions are recorded through the user sid

Create users, enter local users and groups, and right-click in the space to create new users (user name must be)

Users must change their password the next time they log in (send computers under the administrator of a large company)

Users cannot change passwords (server host, non-administrator users cannot change passwords; shared accounts)

Password never expires (password defaults to 42 days)

Account has been disabled

The account attribute belongs to the group to which you can change the account

Each user account has a separate desktop environment

Change password: administrator change (no old password required) / user himself, change within Task Manager (old password required)

Built-in account cannot be deleted

Adminishtrator administrator account (can be renamed)

Guest guest account. Group account is disabled by default: used to grant the same permissions to a group of accounts

Join the group, join the group

Operate in the user account, belonging to

Common built-in groups:

Administrators belongs to the users in this administators local group and has the privileges of system administrators. They have the greatest control over this computer and can perform administrative tasks for the entire computer. The built-in system administrator account Administrator is a member of the local group and cannot be removed from the group.

If this computer is joined to a domain, the domain's Domain Admins is automatically joined to the computer's Administrators group. In other words, the system administrator on the domain also has the privileges of the system administrator on this computer.

Members of Backup OPerators in this group, whether or not they have access to folders or files on this computer, can back up and restore these folders and files through "start"-"all programs"-"Accessories"-"system tools".

Guests this group is for users who do not have a user account but need to access resources on the local computer, and members of this group cannot permanently change the working environment of their desktops. The most common default member of this group is the user account Guest.

Network Configuration Operators users in this group can perform general network setup tasks on the client, such as changing IP addresses, but cannot install / remove drivers and services, or perform tasks related to network server settings, such as DNS server and DHCP server settings.

Power Users users in this group have more rights than the Users group, but less rights than the Administrators group. For example, you can:

Create, delete, change local user accounts

Create, delete, and manage shared folders and shared printers on your local computer

Customize system settings, such as changing computer time, turning off computer, etc.

Members of the Power Users group cannot change Administrators and Backup Operators, cannot take ownership of files, cannot backup and restore files, cannot install, delete and delete device drivers, and cannot manage security and audit logs.

Remote Desktop Users members of this group can log in from a remote computer, for example, from a remote computer using a terminal server.

Users the team members only have some basic rights, such as running applications, but they cannot modify operating system settings, change other users' data, or shut down server-level computers.

All added local user accounts automatically belong to this group.

If this computer is already joined to a domain, the Domain Users of the domain is automatically joined to the computer's Users group

Special local built-in group

Everyone: every user belongs to this group

Authenticated users: any user who uses a valid user to log in to this computer belongs to this group

Interactive: anyone who logs in locally (press ctrl+alt+ del) belongs to this group

Network: anyone who logs in to this computer through the network belongs to this group

6.Authenticated users group will affect file permission assignment. Delete this group when configuring user / group file permissions.

To change the properties of the permissions file-Security-Advanced-disable inheritance in the lower left-hand corner-convert the display permissions of this object with inherited permissions-apply OK-Edit-delete

After that, users who do not have permissions can save as after modification based on this file, but cannot modify this document

4. Alp rules: the process of adding local users to local groups and finally assigning permissions to local groups (simplifying the setting of permissions)

There is a basic requirement for setting permissions: the file system of the disk belongs to NTFS format.

An overview of the file system: the arrangement of data storage (how files are organized on external storage devices)

Common file systems:

FAT32, file allocation table

Ntfs, the file system of new technology (AD needs ntfs support)

EXT:Linux system is commonly used

Ntfs technical features:

Reliability: access permissions can be set for different users and groups

Users must have the appropriate access rights to access resources

Can prevent resources from being illegally tampered with and deleted

High read and write, high disk utilization

Ntfs file

Security permissions:

Complete control

Modify: you can execute the permission to delete the file, otherwise you can only modify its contents.

Read and execute

Read

Write

File content permissions

Special permissions: the right to view user / group permissions; the right to modify permissions; the right to take ownership (refers to what the visitor can do with the permission setting of the target document)

Accumulation of permissions: the permissions of the user and the group can be accumulated; the user belongs to two groups, and the permissions of the two groups can be accumulated.

Priority of denial of permission: whether it is a group or a user, as long as there is a refusal in the permission, it is denied.

The default child file inherits the permissions of the parent file (to change the permissions of the child file, it is forbidden to inherit the permission; the parent file has the forced inheritance right)

Take ownership: the administrator can obtain the permission of any file (the user sets the owner of the file as himself, normally the administrator cannot open it, but the administrator can get ownership)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.