A group is a collection of users that you can use to simplify the administration of user permissions and rights. In addition, you can use a group to delegate administrative tasks, filter Group Policy settings, and create e-mail distribution lists. Users belonging to a particular group receive all the permissions and rights assigned to that group. By changing group memberships for a user, you can quickly change the resources to which that user has access, as well as the tasks delegated to the user and the Group Policy settings that apply to the user. You can change the membership of Active Directory groups to change users’ permissions and rights within a domain or forest. You can also change the membership of local groups to change users’ permissions and rights on a specific computer.
Some of the most common tasks are adding or removing members from Active Directory groups and adding or removing members from groups on a local computer. You can also use the command line to change group memberships, either in a domain or on a local computer. For more information about other tasks for managing group memberships in a domain, see Manage groups. For more information about other tasks for managing group memberships on a local computer, see Manage local groups.
To add or remove a member from an Active Directory group
1. Open 'Active Directory Users and Computers'.
2. In the console tree, double-click the domain node.
3. Click the folder that contains the group to which you want to add or remove a member.
4. In the details pane, right-click the group, and then click Properties.
5. Click the Members tab, and then do one of the following:
- To add a member to a group, click Add. In Enter the object names to select, type the name of the user, group, or computer that you want to add to the group, and then click OK.
- To remove a member from a group, click the member you want to remove, and then click Remove.
Notes
- To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.
- To open Active Directory Users and Computers, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
- In addition to users and computers, groups can include contacts and other groups.
- To add members to a group, you can click the members you want to add, click on the toolbar, and then type the name of the group to which they will be added. You can also drag a member object to a group, or right-click the object, and then click Add to a group from the shortcut menu.
- When you administer a domain, security principals in the parent domain or other trusted domains are not visible on the Member Of tab of a domain users properties. The only domain accounts that you can add or view are the present domain groups. Only domain groups in the present domain are shown, even if the member belongs to other trusted domain groups.
To add or remove a member from a group on a local computer
1. Open 'Computer Management'
2. In the console tree, click System Tools>Local Users and Groups>Groups.
3. Right-click the group to which you want to add or remove a member and click Properties.
4. Do one of the following:
- To add a member to a group, click Add. In Enter the object names to select, type the name of the user, group, or computer that you want to add to the group, and then click OK.
- To remove a member from a group, click the member you want to remove, and then click Remove.
Notes
- To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.
- To open Computer Management, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Computer Management.
- A user who belongs to a group has all the rights and permissions granted to that group. If a user is a member of more than one group, then the user has all the rights and permissions granted to every group he or she belongs to. For more information, see Understanding local groups.
- You should not add a new user to the Administrators group unless the user will perform only administrative tasks. For more information, see Why you should not run your computer as an administrator.
- If the computer participates in a domain, you can add user accounts and global groups from that domain and from trusted domains to a local group.
From: Help and Support Center - Windows Server 2003, Standard Edition
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar