Term
|
Definition
| A group is a container object that is used to organize a collection of users, computers, contacts, or other groups into a single security principal. |
|
|
Term
|
Definition
| To simplify administration by assigning rights and permissions to a group rather than to individual user accounts. |
|
|
Term
| Define a security principal. |
|
Definition
| It can be assigned permissions and rights within an ACL and are assigned as SIDs. |
|
|
Term
|
Definition
|
|
Term
| Can a user be a member of more than one group? |
|
Definition
|
|
Term
|
Definition
| Gives users the abiltiy to gain access to resources and define what type of access they have; Read,Write, and Full Control |
|
|
Term
|
Definition
| They are system wide and allow users to perform administrative tasks. Change time, backup and restore files and folders, and log on locally. |
|
|
Term
| What are the 2 group types that can be created in Server 2008? |
|
Definition
|
|
Term
| What are the differences between security and distribution groups? |
|
Definition
-Security groups are defined by a SID.
-Distribution groups are not assigned SID |
|
|
Term
| What are the 3 security group scopes available in Server 2008? |
|
Definition
-Domain Local
-Global
-Universal |
|
|
Term
| Describe the purpose of global groups. |
|
Definition
| They are used to organize similar doamin users and are created where the users are located. |
|
|
Term
| Describe the purpose of DOMAIN LOCAL groups. |
|
Definition
| Domain Local groups are use to assign permissions to folders /resources and are created in the domain where the folder is located. |
|
|
Term
| How should Domain Local groups be named? |
|
Definition
|
|
Term
| Describe the purpose of universal groups. |
|
Definition
| They are groups used to combine similar global groups from multiple domains into one group. |
|
|
Term
| The scope label "global" and "DOMAIN LOCAL" have been named after "where they can be________";either globally or locally. The opposite is then true of who can be a _________of that scope. |
|
Definition
|
|
Term
| Can groups contain other groups? |
|
Definition
|
|
Term
Using the strategy that uses global and domain local groups(UGL/A-G-DL-P)
_______>________groups>_________groups, which are directly permissions. |
|
Definition
-Users
-Global
-Domain Local |
|
|
Term
Using the strategy that uses global, domain local and universal groups(UGUL/A-GU-DL-P)
________>__________>groups>________>_____groups, which are directly assigne permissions. |
|
Definition
-Users
-Global
-Universal
-Doamin Local |
|
|
Term
| Is it suggested to assign permissions directly to global groups?Why/why not? |
|
Definition
NO
It will complicate your permission management in multi-domains networks. |
|
|
Term
| What should be true about the memebership of universal groups? |
|
Definition
| Universal groups can be used in any domain.(Usually to become a member of a domain local group that has been granted the desired permission.)(STATIC) |
|
|
Term
| Where are universal groups stored? |
|
Definition
|
|
Term
| By default, what 2 bulit-in Doamin Local groups have the permission to create users and groups anywhere in a domain? |
|
Definition
|
|
Term
| When you delete a group, does Server 2008 also delete the accounts that are members of the deleted group? |
|
Definition
|
|
Term
| What command line utility can help determine an accounts group membership? |
|
Definition
|
|
Term
|
Definition
| All users created in a domain are automatically added to this group and it is a member of the users domain local group. |
|
|
Term
|
Definition
| By default the administrator user account is a member, additional users can be added to give them administrative rights in the domain, it is a member of the administrative domain local group. |
|
|
Term
| Enterprise Admins(universal) |
|
Definition
| Has administrative rights in every doamin in the forest. |
|
|
Term
| Which domain is the Enterprise admins group created in? |
|
Definition
| Domain administrators group |
|
|
Term
| In general are the built-in global groups directly assigned permissions and rights?Domain Local groups? |
|
Definition
|
|
Term
| Describe the Administrators built-in domain local group. Who is a member by default? |
|
Definition
| Memebers can perform all administrative tasks in the domain. By default, the administrator user account and the domain admins global groups are members. |
|
|
Term
| Describe the Users built-in domain local group.Who is a member by default? |
|
Definition
| Memebers can perform only tasks for which you have specifically granted rights and permissions. By default, the domain users ,global group, and authenticated users and interactive special identies are members. use this group to assign permissions that every valid domain should have. |
|
|
Term
| Describe the account operators built-in domain local group. |
|
Definition
| Memebers can create, delete and modify user accounts and groups, but cannot alter the administrators or any other operators group. |
|
|
Term
| Describe the server operators built-in domain local group. |
|
Definition
| Memebers can share disk resources and back up and restore all files on a domain controller. |
|
|
Term
| In general, does an administrator manage membership of the built-in special identity groups?Why/why not? |
|
Definition
-NO
-Windows OS automatically does. |
|
|
Term
| Describe the everyone built-in special indentity. Who is a member by default? |
|
Definition
| All users that access the computer, except anonymous users. |
|
|
Term
|
Definition
| User with a valid user account.Using the authenticated users group instead of the everyone group will prevent anonymous access to a resource. |
|
|
Term
|
Definition
| Any user with a currrent connection from another computer on the network. |
|
|
Term
|
Definition
| The user account who is currently logged on at the computer. |
|
|
Term
|
Definition
| Any user account that S2008 did not authenticate. |
|
|
Term
|
Definition
| The user account that created or took ownership of a resource. If a member of the administrators group creates or takes ownership of a resource, the administrators group will be the creator owner of the resource. |
|
|
Term
| What OSs do not require computer accounts to become a member of an AD domain? |
|
Definition
|
|
Term
| When might it be necessary to reset a computer account. |
|
Definition
| If th computer has not been connected to the network in 30 days, or the channel is some how disrupted, a user logging in from that workstation may not be able to authenticate. |
|
|
