Shared Flashcard Set

Details

Server 2008
Server 2008 Chapter 4
42
Computer Networking
Undergraduate 1
04/25/2013

Additional Computer Networking Flashcards

 


 

Cards

Term
What is a group?
Definition
A group is a container object that is used to organize a collection of users, computers, contacts, or other groups into a single security principal.
Term
Why are groups created?
Definition
To simplify administration by assigning rights and permissions to a group rather than to individual user accounts.
Term
Define a security principal.
Definition
It can be assigned permissions and rights within an ACL and are assigned as SIDs.
Term
What is a SID?
Definition
Security Identifier
Term
Can a user be a member of more than one group?
Definition
YES
Term
What is a permission?
Definition
Gives users the abiltiy to gain access to resources and define what type of access they have; Read,Write, and Full Control
Term
What is a right?
Definition
They are system wide and allow users to perform administrative tasks. Change time, backup and restore files and folders, and log on locally.
Term
What are the 2 group types that can be created in Server 2008?
Definition
Security & Distribution
Term
What are the differences between security and distribution groups?
Definition
-Security groups are defined by a SID.
-Distribution groups are not assigned SID
Term
What are the 3 security group scopes available in Server 2008?
Definition
-Domain Local
-Global
-Universal
Term
Describe the purpose of global groups.
Definition
They are used to organize similar doamin users and are created where the users are located.
Term
Describe the purpose of DOMAIN LOCAL groups.
Definition
Domain Local groups are use to assign permissions to folders /resources and are created in the domain where the folder is located.
Term
How should Domain Local groups be named?
Definition
DATA-FC
Term
Describe the purpose of universal groups.
Definition
They are groups used to combine similar global groups from multiple domains into one group.
Term
The scope label "global" and "DOMAIN LOCAL" have been named after "where they can be________";either globally or locally. The opposite is then true of who can be a _________of that scope.
Definition
-Used
-Memeber
Term
Can groups contain other groups?
Definition
YES
Term
Using the strategy that uses global and domain local groups(UGL/A-G-DL-P)

_______>________groups>_________groups, which are directly permissions.
Definition
-Users
-Global
-Domain Local
Term
Using the strategy that uses global, domain local and universal groups(UGUL/A-GU-DL-P)
________>__________>groups>________>_____groups, which are directly assigne permissions.
Definition
-Users
-Global
-Universal
-Doamin Local
Term
Is it suggested to assign permissions directly to global groups?Why/why not?
Definition
NO
It will complicate your permission management in multi-domains networks.
Term
What should be true about the memebership of universal groups?
Definition
Universal groups can be used in any domain.(Usually to become a member of a domain local group that has been granted the desired permission.)(STATIC)
Term
Where are universal groups stored?
Definition
Global Catalog
Term
By default, what 2 bulit-in Doamin Local groups have the permission to create users and groups anywhere in a domain?
Definition
Admins&Account operators
Term
When you delete a group, does Server 2008 also delete the accounts that are members of the deleted group?
Definition
NO
Term
What command line utility can help determine an accounts group membership?
Definition
DSGET
Term
Domain User(Global)
Definition
All users created in a domain are automatically added to this group and it is a member of the users domain local group.
Term
Domain Admins(Global)
Definition
By default the administrator user account is a member, additional users can be added to give them administrative rights in the domain, it is a member of the administrative domain local group.
Term
Enterprise Admins(universal)
Definition
Has administrative rights in every doamin in the forest.
Term
Which domain is the Enterprise admins group created in?
Definition
Domain administrators group
Term
In general are the built-in global groups directly assigned permissions and rights?Domain Local groups?
Definition
-NO
-YES
Term
Describe the Administrators built-in domain local group. Who is a member by default?
Definition
Memebers can perform all administrative tasks in the domain. By default, the administrator user account and the domain admins global groups are members.
Term
Describe the Users built-in domain local group.Who is a member by default?
Definition
Memebers can perform only tasks for which you have specifically granted rights and permissions. By default, the domain users ,global group, and authenticated users and interactive special identies are members. use this group to assign permissions that every valid domain should have.
Term
Describe the account operators built-in domain local group.
Definition
Memebers can create, delete and modify user accounts and groups, but cannot alter the administrators or any other operators group.
Term
Describe the server operators built-in domain local group.
Definition
Memebers can share disk resources and back up and restore all files on a domain controller.
Term
In general, does an administrator manage membership of the built-in special identity groups?Why/why not?
Definition
-NO
-Windows OS automatically does.
Term
Describe the everyone built-in special indentity. Who is a member by default?
Definition
All users that access the computer, except anonymous users.
Term
Authenticated users:
Definition
User with a valid user account.Using the authenticated users group instead of the everyone group will prevent anonymous access to a resource.
Term
Network user:
Definition
Any user with a currrent connection from another computer on the network.
Term
Interactive user:
Definition
The user account who is currently logged on at the computer.
Term
Anonymous logon group:
Definition
Any user account that S2008 did not authenticate.
Term
Creatorowner:
Definition
The user account that created or took ownership of a resource. If a member of the administrators group creates or takes ownership of a resource, the administrators group will be the creator owner of the resource.
Term
What OSs do not require computer accounts to become a member of an AD domain?
Definition
Windows 95/98
Term
When might it be necessary to reset a computer account.
Definition
If th computer has not been connected to the network in 30 days, or the channel is some how disrupted, a user logging in from that workstation may not be able to authenticate.
Supporting users have an ad free experience!