Windows NT supports user groups, which involves placing
users together and applying the necessary permissions to the entire group—rather
than each individual user. You can easily create a user group in NT: Just
select the users you want to include, and assign permissions to the group as a
whole. Even if the group only contains new users, it’s still important to
create a new group first and then assign the necessary group permissions,
rather than assigning them individually.

Using group permissions instead of individual settings
allows greater control of administrative tasks and provides for easier
troubleshooting. For example, let’s say you decide to eschew user groups and assign
permissions directly to a user. If he or she transfers to another department,
you’ll have to look through all relevant files and folders to change every one of
his or her permissions.

However, with user groups, you can easily move users around
if they move to a new position. Simply open the User Manager, identify the
user, and select the Groups tab. You can easily remove the user from the
previous group and assign him or her to a new group that corresponds to the new

The same holds true if you have a new user. Instead of working
your way through each folder to grant permissions, just look for a group of
users that require the same permissions, and place the user in that group. This
makes it easier to revoke or assign user permissions by simply adding or
removing users from the group.

While Microsoft included default groups in Windows NT, the
exact number of groups that exist depends on which version of NT your network
is running. However, all versions of NT include the Everyone group. It’s
important that administrators understand what this group represents and how it
can affect network security.

The Everyone group represents all people who can connect to
your computer. This includes all users—even those who don’t have an account in
your domain or on your computer. So whatever permissions you assign to the
Everyone group will apply to all users; all of them will have access to the
defined resources.

For security purposes, it’s a good idea to remove the
Everyone group from all resources and replace it with the Authenticated Users
group. This group only recognizes users who have successfully logged on to your
computer with a valid username and password.