Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
32 Cards in this Set
- Front
- Back
|
Differentiate between permissions and rights.
|
Rights apply to user accounts.
Permissions apply to object properties. |
|
|
What are Domain Local Groups most often used for?
|
To assign permissions to network resources.
|
|
|
What are Global Groups most often used for?
|
To group users who share the same network access requirements.
|
|
|
What are Universal Groups most often used for?
|
To assign permissions that span more than one domain.
|
|
|
Be careful not to confuse Domain Local Groups with what?
|
Local Groups that reside only on individual computers, most often used in workgroups, but can be used with domain computers.
|
|
|
What are the four steps in the recommended strategy for using Domain Local Groups and Global Groups?
|
1. Assign users with common access requirments to a global group.
2. Create a Domain Local Group that will be added to a resource for permissions. 3. Add the global group to the designated Domain Local Group. 4. Assign resouce permissions of the group to the Domain Local Group. |
|
|
What are two non-recommended strategies often used and their limitations?
|
1. Placing users, rather than groups, into the Domain Local Group. Limitation: Does not allow permissions for resources outside the domain.
2. Placing user accounts in global groups and assigning permission to the global groups, rather than to Local Domain Groups. Limitations: Becomes complicated to administer when network grows beyond one domain. |
|
|
Two guidelines for using Universal Groups.
|
1. Use like Domain Local Groups, but for permissions to groups/users from more than one domain.
2. Only use when membership is relatively static, due to excessive network traffic replicating information. |
|
|
What are the four categories of default groups in W2K?
|
1. Pre-defined.
2. Built-in. 3. Built-in local. 4. Special identity. |
|
|
Pre-defined groups are found where?
|
In the Users folder. (Note: this is not an Organizational Unit and cannot be assigned Group Policies.
|
|
|
How can you use pre-defined groups?
|
1. Pre-defined groups do not have any inherited rights or permissions.
2. You can assign rights or permissions to them by either assigning rights directly to them or by placing them as members of a Local Domain Group. |
|
|
List the four pre-defined groups and what built-in groups they are automatically added to.
|
1. Domain Admins. Domain admins are automatically added to the Administrators built-in domain local group.
2.Domain Guest. Automatically added to the Guests bilt-in domain local group. 3. Domain Users. Automatically added to the Users built-in domain local group. 4. Enterprise Admins. May be added to the Administrators domain local group of each domain. |
|
|
What kind of groups are "built-in" groups? Global Groups, Domain Local Groups, or Universal Groups?
|
They are pre-defined Domain Local Groups. Placing a user or group into these gives them the permissions and rights on the Domain Controllers and Active Directory.
|
|
|
Describe the rights and permissions of the built-in group Account Operators.
|
They can create, delte and modify user and group objects, but not modify the Administrator's group or any operators groups.
|
|
|
Describe the rights and permissions of the built-in group Administrators.
|
Can perform all admin tasks on DCs and the domain. Domain Admins and Enterprise Admins groups are members.
|
|
|
Describe the rights and permissions of the built-in group Backup Operators
|
Self-explanatory.
|
|
|
Describe the rights and permissions of the built-in group Guests and it's members.
|
Only permissions you give it. Cannot make permanent changes to the desktop environment. Members include IUSR_computername, IWAM_computername, and TsInternetUser user accounts and Domain Guests.
|
|
|
Define the IUSR_computername user account.
|
The IUSR_computername account is used by IIS to grant anonymous access to Web resources.
|
|
|
Define the IWAM_computername user account.
|
IWAM_computername is the account used by Microsoft Transaction Server (MTS) and various IIS entities to provide programmatic and transactional functions.
|
|
|
Describe the Replicator built-in group.
|
For replication services (of course!). The only member should be a domain user account used to log on to the Replicator services. Do not add account of actual users.
|
|
|
What are the rights of the Server Operators built-in group?
|
Share disk resources and back up and restore files on the DC.
|
|
|
What are two unique characteristics of "Special Identity Groups"?
|
1. You cannot modify their permissions.
2. You cannot see them when you administer groups. |
|
|
List 7 Special Identity Groups and describe their purpose.
|
1. Anonymous Logon. Any user that Windows does not authenticate.
2. Authenticated Users. Contains all valid user accounts. Use in place of the Everyone group to prevent anonymous access to resources. 3. Dialup. Anyone who currently has a dialup connection. 4. Everyone. Anyone who accesses a computer. 5. Interactive. Includes any user who is currently logged on to the physical computer (not remote). 6. Creator Owner. Includes the creator or owner of the resource in question. If an administrator creates a resource, the administrator's group becomes the owner. 7. Network. Any user with a remote connection to the resource in question. |
|
|
A Power User is a predefined, built-in, built-in local, or special identity?
|
Built-in local.
|
|
|
Domain Admins are a predefined, built-in, built-in local, or special identity?
|
Predefined.
|
|
|
Account Operators are a predefined, built-in, built-in local, or special identity?
|
Built-in.
|
|
|
You can change the type of a grou only when?
|
When Windows 2000 is operating in Native mode.
|
|
|
A global group can be changed into a __________ group only if?
|
universal group
Only if the global group is not nested in another global group. |
|
|
A domain local group can be change into a __________ group only if?
|
universal group
Only if the dlg is not nested in another dlg. |
|
|
What security level should an administrator normally run in and what privilidges does it give him/her?
|
Users group or Power Users group. Users group allows for normal routine tasks. Power Users group can also install programs, add printers and use most Control Panel tools.
|
|
|
If the "Run as" program doesn't work, what is the likely cause?
|
The RunAs service isn't running.
|
|
|
Give the "RunAs" command line syntax.
|
Runas /user:<adminname>@<computername> <programname> or
Runas /user:<computername>\<adminname> <program> |
