Network Operating Systems and Security

Network Operating Systems and Security



Network Operating Systems and Security

Task 1: Managing Local Access And Network Access to files and folder objects in Active Directory

The Local Access And Network Access system for Windows XP Professional offers several accessibility features that help administrators maintain and safeguard applications and data. Although you can somewhat control access to shared network folders by managing share permissions, Windows XP Local Access And Network Access provides a very robust access control solution. In addition to offering administrators more granularity of security access control over files and folders than network share permissions, Local Access And Network Access permissions reside at the file system level, which allows administrators to manage only one set of access control settings for both network users and local users. For troubleshooting resource access, you can enable auditing for folders and files residing on Local Access And Network Access volumes.

You can apply Local Access And Network Access security permissions to resources like files, folders, and printers for specific users or groups of users. Windows XP Professional installs four local users by default: Administrator, HelpAssistant, SUPPORT_xxxxxxxx (the x's represent a unique number for your Windows XP system), and Guest. The Guest user account and the SUPPORT_xxxxxxxx account are disabled by default. The Administrator user account is all powerful on the local machine and cannot be deleted, although it can be renamed.

Nine local groups are installed automatically: Administrators, Backup Operators, Guests, HelpServicesGroup, Network Configuration Operators, Power Users, Remote Desktop Users, Replicator, and Users. The Power Users group is not present in any edition of Windows 2000 Server or Windows .NET Server; it exists only as a Local group in Windows XP Professional. The Administrators account is all powerful because it is a member of the Administrators group, and you cannot remove the Administrator user account from membership in the Administrators group. Table 3.1 outlines the Local groups that are installed by default when you first install Windows XP Professional. (Pountain, 2001, 52-59)

Table 3.1 Local groups installed by default in Windows XP Professional.

Local Group

Role

Administrators

Group members possess full administrative control for managing the local system, local users, and Local groups.

Backup Operators

Group members have the rights to back up and restore files and folders on the local system.

Guests

Group members can't make permanent alterations to their desktop settings. The default Guest account is automatically a member of this group. By default, group members possess no specific rights or permissions on objects. If the local computer joins a Windows domain, the Global Domain Guests group automatically becomes a member of the Local Guests group.

HelpServicesGroup

Members of this group can log on to the system and use helper applications to diagnose system problems. This group is used in conjunction with the HelpAssistant and SUPPORT_xxxxxxxx user accounts.

Network Configuration

Members in this group can have some administrative privileges Operators to manage configuration of networking features.

Power Users

Group members can add new local user accounts and change existing local user accounts. Members can also create shared folders and shared printers on the ...