Advanced Server provides you with many ways to control the actions of users while letting them use the resources they need. The basis of Advanced Server security is that all resources and actions are protected by discretionary access control. You can allow some users to connect to a resource or perform an action while preventing others from doing so. For example, you can set different permissions on different files in the same directory.
Together, the user account, user rights, and resource permissions provide resource access and restrictions appropriate for each user.
An individual who participates in a domain must have a user account to log on to the network and to use domain resources such as files, directories, and printers.
An administrator creates a user account by assigning a user name to an account, specifying the user’s identification data, and defining the user’s rights on the system. Advanced Server then assigns a unique security identifier (SID) to the new account.
For information about user accounts and user rights, see Chapter 3, "Working With User and Group Accounts."
For procedural information on how to create user accounts, see "Creating a New User Account" in User Manager for Domains Help.
User rights are rules that determine the actions a user can perform on domain controllers, workstations, or member servers. In addition, they control whether a user can add users to a workstation or domain group, delete users, and so on. Assigned user rights can apply to all of the domain controllers in a domain, or to a computer running Windows NT Workstation or Windows NT Server as a member server.
Predefined, or built-in, groups have sets of user rights already assigned to them. Administrators usually assign user rights by adding a user account to one of the predefined groups or by creating a new group and assigning specific user rights to that group. Users who subsequently are added to a group automatically gain all of the user rights assigned to the group account. Individual users can be given specific user rights; however, most administrators prefer to control the actions of groups rather than those of individual users.
For information on how to assign rights to groups, see Chapter 3, "Working With User and Group Accounts."
Permissions are rules that regulate which users can use objects such as directories, files, and printers, and in what manner. The owner of an object sets the permissions on the object. Similar to user rights, permissions on an object apply to each member of a group to which the permissions are granted.
For information on how to set permissions on objects, see Chapter 5, "Managing Shared Resources and Resource Security."