CSS - Info Sheet 3.1-2 - Configure User Access Level
CSS - Info Sheet 3.1-2 - Configure User Access Level
CSS - Info Sheet 3.1-2 - Configure User Access Level
1-2
LEARNING OBJECTIVE/S:
Access rights
Level of authorization to read and/or modify a record or data file.
The permissions that are granted to a user, or to an application, to read, write and
erase files in the computer.
Step 1: Create a home folder in one of your NTFS drive and right click it. Scroll the
menu and click Properties.
Step 10: Click Remove all inherited permissions from this object and then
click Add.
Step 11: Click Select a principal.
Step 12: Enter the object name Domain Users by using check names and select it.
Click OK.
Step 13: Choose This folder only from Applies to drop down. Keep default
permissions and click OK.
Step 15: Search creator owner and select it. Click OK.
Step 16: Choose This folder, subfolders, and files from Applies to drop down. Allow
full control and click OK.
Step 17: Click Add and enter the object name Domain Admins. Click OK.
Step 18: Choose This folder, subfolders, and files from Applies to drop down.
Allow full control and click OK.
Step 19: Click Add and enter the object name system. Click OK.
New Object dialog box will open as shown above. You can fill in the user
information like first name, lastname etc.
As you can see above, there are two user logon names. The first User logon
name also called User Principal Name (UPN) is [email protected] which is
email like name that can be used to login to domain joined computers.
Enter password for the user. You can choose various options as shown above.
Once you are done, click Next.
You can view the details of the user. Click Finish to create new user account.
You can now see the user listed in Active Directory as shown above.
Now that you understand what kinds of groups you can create and what they
can be used for, you are ready to create a group. To do so, follow these steps:
5. Expand the domain folder (in this example, the companyabc.com folder).
7. Enter the group name and select the appropriate group type and scope, as
shown in Figure 1.
Figure 1. Creating a group.
Populating Groups
After you create a group, you can add members to it. The domain level that
the domain is running in determines whether this group can have other groups as
members.
5. Expand the domain folder (in this example, the companyabc.com folder).
6. Select the Users container that was used in the previous section. In the right
pane, right-click the group that was created earlier, and select Properties.
7. Enter a description for the group on the General tab and then click the
Members tab.
9. In the Select Users, Contacts, Computers, or Groups window, type in the name
of each group member separated by a semicolon and click OK to add these
users to the group. If you don’t know the names, clicking the Advanced button
opens a window where you can perform a search to locate the desired members.
10. When all the members are listed on the Members tab of the group’s property
page, click OK to complete the operation.
Group Management
4. Select Active Directory Users and Computers and select Advanced Features from
the View menu.
6. Expand the domain folder (in this example, the companyabc.com folder).
7. Select the Users container that was used in the previous section. In the right
pane, right-click the group that was created earlier, and select Properties.
10. In the Advanced Security Settings for Group dialog box, select the Permissions
tab.
11. Click Add. In the Select User, Computer, or Group window, type in the name of
the account for which you want to grant permissions, and click OK.
12. When the Permissions Entry for Group window appears, select the Properties
tab.
13. Click the Apply To drop-down list arrow, and then select This Object Only.
14. In the Permissions section, check the Allow boxes for Read Members and Write
Members, as shown in Figure 2. Then click OK.
15. Click OK to close the Advanced Security Settings for Group dialog box.
1. Well, first of all we make sure that we are logged in as an administrator, if not,
we log out and log in as such.
2. Open the "Active Directory Users and Computers" add-on. As we have created our
MMC with this add-on, (we have already seen how to create our custom MMCs),
we open it and position ourselves in that add-on.
3. We expanded the domain node. Press right button and select "NEW" -
> "Organizational Unit".
4. Next we establish the name of the new OU. In this case, we will be creating an
OU with the following name I have called "USERS", but the container could have
the name we need, for example we can perform OU for different types of
objectives, it can be cited for a deployment of Some GPO to a certain group of
users or teams.
With this we can start managing our domain, with the creation of OU
Containers to launch policies.
References:
1. http://tutorial.programming4.us/windows_server/Windows-Server-2008-R2-
Administration---Creating-Groups.aspx.
2. https://www.faqforge.com/windows-server-2012-r2/set-correct-permissions-
home-folder-active-directory-domain-services-windows-server-2012-r2/