Microsoft

Learn the benefits of Windows NT's user groups

Windows NT supports user groups, which involves placing users together and applying the necessary permissions to the entire group—rather than each individual user. Learn about some of the advantages of user groups, and find out why you should remove the Everyone group from all resources.

Windows NT supports user groups, which involves placing users together and applying the necessary permissions to the entire group—rather than each individual user. You can easily create a user group in NT: Just select the users you want to include, and assign permissions to the group as a whole. Even if the group only contains new users, it's still important to create a new group first and then assign the necessary group permissions, rather than assigning them individually.

Using group permissions instead of individual settings allows greater control of administrative tasks and provides for easier troubleshooting. For example, let's say you decide to eschew user groups and assign permissions directly to a user. If he or she transfers to another department, you'll have to look through all relevant files and folders to change every one of his or her permissions.

However, with user groups, you can easily move users around if they move to a new position. Simply open the User Manager, identify the user, and select the Groups tab. You can easily remove the user from the previous group and assign him or her to a new group that corresponds to the new position.

The same holds true if you have a new user. Instead of working your way through each folder to grant permissions, just look for a group of users that require the same permissions, and place the user in that group. This makes it easier to revoke or assign user permissions by simply adding or removing users from the group.

While Microsoft included default groups in Windows NT, the exact number of groups that exist depends on which version of NT your network is running. However, all versions of NT include the Everyone group. It's important that administrators understand what this group represents and how it can affect network security.

The Everyone group represents all people who can connect to your computer. This includes all users—even those who don't have an account in your domain or on your computer. So whatever permissions you assign to the Everyone group will apply to all users; all of them will have access to the defined resources.

For security purposes, it's a good idea to remove the Everyone group from all resources and replace it with the Authenticated Users group. This group only recognizes users who have successfully logged on to your computer with a valid username and password.

Editor's Picks

Free Newsletters, In your Inbox