A group is a collection of user accounts. Groups simplify administration by allowing you to assign permissions and rights to a group of users rather than to each user account individually
Permissions control what users can do with a resource such as a folder, a file, or a printer. When you assign permissions, you allow users to gain access to a resource and you define the type of access that they have. For example, if several users need to read the same file, you can add their user accounts to a group and then give the group permission to read the file. Rights allow users to perform system tasks, such as changing the time on a computer and backing up or restoring files.
Guidelines for Using Local Groups
A local group is a collection of user accounts on a computer. Use local groups to assign permissions to resources residing on the computer on which the local group is created. Windows 10 creates local groups in the local security database.
Guidelines for using local groups include the following:
- Before creating a new group, determine whether a built-in group (or other existing group) fits your needs. For example, if all users need access to a resource, use the built-in Users group.
- Use local groups on computers that do not belong to a domain. You can use local groups only on the computer on which you create them. Although local groups are available on member servers and domain computers running Windows 2000 Server or later, do not use local groups on computers that are part of a domain. Using local groups on domain computers prevents you from centralizing group administration. Local groups do not appear in the Active Directory service, and you must administer them separately for each computer.
- You can assign permissions to local groups to access only the resources on the computer on which you create the local groups.
You cannot create local groups on domain controllers because domain controllers cannot have a security database that is independent of the database in Active Directory.
Membership rules for local groups include the following:
- Local groups can contain local user accounts from the computer on which yo“ create the local groups. On a domain-joined system, local groups can also contain domain users, domain computers, and all three types of domain groups (or, in short, any domain security principal).
- Local groups cannot belong to any other groups
How to create local groups in windows 10
Press Win + R on your keyboard and type lusrmgr.msc in the run box,This will open the Local Users and Groups app.to create a local group, complete the following steps:
right click groups and then click new group
it displays the new group dialogs box where
Group Name Requires a unique name for the local group. This is the only required entry. Use any character except for the backslash (). The name can contain up to 256 characters, but very long names might not display in some windows.
Description Describes the group.
Members Lists the user accounts belonging to me group
Add Adds a user to the hst of members
Remove Removes a user from the list of members.
Create Creates the group
Close Closes the New Group diabg box.
How to Add Members to a Local Group
You can add members to a local group when you create the group by clicking Add in the New Group dialog box. In addition, Windows 10 provides two methods for adding members to a group that has already been created: by using the Properties dialog box of the group or by using the Member Of tab in the Properties dialog box for a user account.
Press Win + R on your keyboard and type lusrmgr.msc in the run box,This will open the Local Users and Groups app.
Click on Groups on the left.
Double-click the group you want to add users to in the list of groups.
Click the Add button to add one or more users.
How to Delete Local Groups
Each group that you create has a unique identifier that cannot be used again. Windows 10 uses this value to identify the group and its assigned permissions. When you delete a group‘ Windows does not use the identifier again, even if you create a new group with the same name as the group that you deleted. Therefore, you cannot restore access to resources by re-creating the group.
When you delete a group, you remove only the group and its associated permissions and rights. Deleting a group does not delete the user accounts that are members of the group. To delete a group, right-Click the group name in the Computer Management snap-in and then Click Delete.
Built-ln Local Groups
All computers running Windows have built-in local groups. These groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources. Windows 10 places the built-in local groups in the Groups folder in Computer Management.
BuiIt-ln System Groups
BuiIt-in system groups exist on all computers running Windows System groups do not have specific memberships that you can modify; instead, they rep. resent different users at different times, depending on how a user gains access to a computer or resource. You do not see system groups when you administer groups, but they are available when you assign rights and permissions to resources. Windows bases system group membership on how the computer is accessed, not on who uses the computer.
No comments:
Post a Comment