Implementing Groups in Windows XP Professional

   Understanding Groups

  A group is a collection of user accounts. Groups simplify administration by allowing you to assign permissions and rights to a group of users rather than to each user account individually It also removes the complexity of giving the same set of privileges again and again to new users when they are inducted into a specific set of rules.

  Permissions control what users can do with a resource such as a folder, file, or printer. When you assign permissions, you allow users to gain access to a resource and you define the type of access that they have. For example, if several users need to read the same file, you can add their user accounts to a group and then give the group permission to read the file. Rights allow users to perform system tasks, such as changing the time on a computer and backing up or restoring files.

   Understanding Local Groups

  A local group is a collection of user accounts on a computer. Use local groups to assign permissions to resources residing on the computer on which the local group is created. Windows XP Professional creates local groups in the local security database.

   Guidelines for creating local groups

  The following points are the guidelines for creating local user groups and the limitations of them compared to global user groups.

  • Use local groups on computers that do not belong to a domain. Local groups can be used only on the computer on which they are created. Although local groups are available on member servers and domain computers.do not use local groups on computers that are part of a domain. Using local groups on domain computers prevents you from centralizing group administration. Local groups do not appear in the Active Directory service, and you must administer them separately for each computer.
  • You can assign permissions to local groups to access only the resources on the computer on which you create the local groups.
  • Local groups cannot be created on domain controllers because domain controllers cannot have a security database that is independent of the database in Active Directory.
  • Local groups can contain local user accounts from the computer on which you create the local groups and Local groups cannot belong to any other group.

    •    Creating Local Groups

      To create the local user group, use the Computer Management snap-in to create local groups in the Groups folder. To create a local group, complete the following steps:

  • In Computer Management, expand Local Users And Groups.
  • Right-click Groups and then click New Group. MMC displays the New Group dialog box.
  • Enter the appropriate information, and then click Create.

    •   The following table shows the options available when creating a new group and the data that should be used.

        
    Option Description
    Group Name Requires a unique name for the local group. This is the only required entry. Use any character except for the backslash (\ ). The name can contain up to 256 characters, but very long names might not display in some windows.
    Description Describes the group.
    Members Lists the user accounts belonging to the group.
    Add Adds a user to the list of members.
    Remove Removes a user from the list of members.
    Create Creates the group.
    Close Closes the New Group dialog box.

       Adding Members to a Group

      You can add members to a local group when you create the group by clicking Add. In addition, Windows XP Professional provides two methods for adding members to a group that has already been created: the Computer Management snap-in and the Member Of tab in the group-name Properties dialog box. To use the Computer Management snap-in to add members to a group that has already been created, complete the following steps:

  • Start the Computer Management snap-in.
  • Expand Local Users And Groups and then click Groups.
  • In the details pane, right-click the appropriate group, and then click Properties. Computer Management displays the group-name Properties dialog box.
  • Click Add. Computer Management displays the Select Users dialog box
  • In the From This Location text box, ensure that the computer on which you created the group is selected.
  • In the Select Users dialog box, in the Enter The Object Names To Select text box, type the user account names that you want to add to the group, separated by semicolons, and then click OK.

    •    Adding a single user to mulitple local groups

      There is another way to add a single user to multiple groups at a time. The following process explains how to do this. Right click on the user's name in Computer Management. Then choose properties from the drop down menu and then choose the "Member of" tab. Then click the add button and choose the groups which you would like to make the user part of.

       Deleting Local Groups

      The Computer Management snap-in is used to delete local groups. Each group that is created has a unique identifier that cannot be used again. Windows XP Professional uses this value to identify the group and its assigned permissions. When you delete a group, Windows XP Professional does not use the identifier again, even if you create a new group with the same name as the group that you deleted. Therefore, you cannot restore access to resources by recreating the group. Hence exercise caution when deleting groups. When you delete a group, you remove only the group and its associated permissions and rights. Deleting a group does not delete the user accounts that are members of the group. To delete a group, right-click the group name in the Computer Management snap-in and then click Delete.

     
     
    Best viewed with 1024 x 768 px Resolution
    Developed in association with K K Webtech P Ltd.