CSS - Info Sheet 3.1-2 - Configure User Access Level

Download as pdf or txt
Download as pdf or txt
You are on page 1of 18

INFORMATION SHEET 3.

1-2

Configure User Access Level

LEARNING OBJECTIVE/S:

After reading this information sheet, you must be able to:

1. Identify what is user access level.


2. Identify how to setup and configure user access level in a windows folder.

User access level

 Part of an access control procedure for computer systems, which allows a


system administrator to set up a hierarchy of users.
 Thus, the low level users can access only a limited set of information,
whereas the highest level users can access the most sensitive data on the
system.
 Also called access rights.
Hierarchy of users
 Pyramid-like ranking of ideas, individuals, items, etc., where every level
(except the top and the bottom ones) has one higher and one lower neighbour.
 Higher level means greater authority, importance, and influence.

Access rights
 Level of authorization to read and/or modify a record or data file.
The permissions that are granted to a user, or to an application, to read, write and
erase files in the computer.

Setting up Permissions for the Windows Home Folder

Step 1: Create a home folder in one of your NTFS drive and right click it. Scroll the
menu and click Properties.

Step 2: Open Sharing tab and click Advanced Sharing.


Step 3: Check Share this folder box and click Permissions.

Step 4: Remove everyone and click Add.


Step 5: Enter the object name Domain Users and click Check Names and then
select Domain Users. Click OK.

Step 6: Allow full control and click OK.

Step 7: Click Apply and then click OK.


Step 8: Open Security tab and click Advanced.

Step 9: Click Disable inheritance.

Step 10: Click Remove all inherited permissions from this object and then
click Add.
Step 11: Click Select a principal.

Step 12: Enter the object name Domain Users by using check names and select it.
Click OK.
Step 13: Choose This folder only from Applies to drop down. Keep default
permissions and click OK.

Step 14: Click Add.

Step 15: Search creator owner and select it. Click OK.
Step 16: Choose This folder, subfolders, and files from Applies to drop down. Allow
full control and click OK.

Step 17: Click Add and enter the object name Domain Admins. Click OK.

Step 18: Choose This folder, subfolders, and files from Applies to drop down.
Allow full control and click OK.
Step 19: Click Add and enter the object name system. Click OK.

Step 20: Allow full control and click OK.

Step 21: Click Apply and then click OK.


Step 22: Click Close and you are done!!

Create User Account in Windows Server 2008 R2

Creating user accounts is one of the most common tasks of a Server


Administrator. After installing Domain Controller in Server 2008 R2, you can
create new user accounts with Active Directory Users and Computers snap-in.

Create User Account in Windows Server 2008 R2

Log on to Domain Controller. Open Active Directory Users and


Computers snap-in. Expand the domain name. Select the Organization Unit
(OU) where you want to create the new user account.
In the empty area, right-click select New and click User. You can also right-
click the OU and click New and select User to create new user account.

New Object dialog box will open as shown above. You can fill in the user
information like first name, lastname etc.
As you can see above, there are two user logon names. The first User logon
name also called User Principal Name (UPN) is [email protected] which is
email like name that can be used to login to domain joined computers.

Second user logon name (pre-Windows 2000) also called SamAccountName


can also be used by user to login to domain-joined computers in the form
mustbegeek\DWalda. After entering the user details, click Next.

Enter password for the user. You can choose various options as shown above.
Once you are done, click Next.
You can view the details of the user. Click Finish to create new user account.

You can now see the user listed in Active Directory as shown above.

Creating Active Directory Groups

Now that you understand what kinds of groups you can create and what they
can be used for, you are ready to create a group. To do so, follow these steps:

1. Launch Server Manager on a domain controller.

2. Expand the Roles folder.

3. Expand the Active Directory Domain Services folder.

4. Expand the Active Directory Users and Computers snap-in.

5. Expand the domain folder (in this example, the companyabc.com folder).

6. Select a container—for example, the Users container. Right-click it and select


New, Group.

7. Enter the group name and select the appropriate group type and scope, as
shown in Figure 1.
Figure 1. Creating a group.

8. Click OK to finish creating the group.

Populating Groups

After you create a group, you can add members to it. The domain level that
the domain is running in determines whether this group can have other groups as
members.

To add members to an existing group, follow these steps:

1. Launch Server Manager on a domain controller.

2. Expand the Roles folder.

3. Expand the Active Directory Domain Services folder.

4. Expand the Active Directory Users and Computers snap-in.

5. Expand the domain folder (in this example, the companyabc.com folder).

6. Select the Users container that was used in the previous section. In the right
pane, right-click the group that was created earlier, and select Properties.

7. Enter a description for the group on the General tab and then click the
Members tab.

8. Click Add to add members to the group.

9. In the Select Users, Contacts, Computers, or Groups window, type in the name
of each group member separated by a semicolon and click OK to add these
users to the group. If you don’t know the names, clicking the Advanced button
opens a window where you can perform a search to locate the desired members.

10. When all the members are listed on the Members tab of the group’s property
page, click OK to complete the operation.

Group Management

After a group is created, it needs to be managed by an administrator, users,


or a combination of both, depending on the dynamics of the group.

To delegate control of a group to a particular user, follow these steps:

1. Launch Server Manager on a domain controller.

2. Expand the Roles folder.

3. Expand the Active Directory Domain Services folder.

4. Select Active Directory Users and Computers and select Advanced Features from
the View menu.

5. Expand the Active Directory Users and Computers snap-in.

6. Expand the domain folder (in this example, the companyabc.com folder).

7. Select the Users container that was used in the previous section. In the right
pane, right-click the group that was created earlier, and select Properties.

8. Select the Security tab.


9. At the bottom of the page, click the Advanced button.

10. In the Advanced Security Settings for Group dialog box, select the Permissions
tab.

11. Click Add. In the Select User, Computer, or Group window, type in the name of
the account for which you want to grant permissions, and click OK.

12. When the Permissions Entry for Group window appears, select the Properties
tab.

13. Click the Apply To drop-down list arrow, and then select This Object Only.

14. In the Permissions section, check the Allow boxes for Read Members and Write
Members, as shown in Figure 2. Then click OK.

15. Click OK to close the Advanced Security Settings for Group dialog box.

16. Click OK to close the group’s property pages.

Creating Organizational Units in Windows Server 2008 R2

Organizational Units are administrative containers within the Active Directory


that are used to collect or group objects that share common requirements for
administration, configuration or visibility.

Creating an OU (Organizational Unit)

1. Well, first of all we make sure that we are logged in as an administrator, if not,
we log out and log in as such.
2. Open the "Active Directory Users and Computers" add-on. As we have created our
MMC with this add-on, (we have already seen how to create our custom MMCs),
we open it and position ourselves in that add-on.

3. We expanded the domain node. Press right button and select "NEW" -
> "Organizational Unit".

4. Next we establish the name of the new OU. In this case, we will be creating an
OU with the following name I have called "USERS", but the container could have
the name we need, for example we can perform OU for different types of
objectives, it can be cited for a deployment of Some GPO to a certain group of
users or teams.

5. We continue on the next screen by pressing "OK" , we position ourselves in the


OU that we have just created. We will give you Right button -> properties .
6. In "Description" we write a description as: administrative users. Here we can in
a few words describe our OU, for a better understanding of its objective. This is
a step that sometimes we do not take into account, but it will help us a lot
when our Domain contains an unmanageable amount of OU. Then we
give "OK".

7. Now we repeat the process to create the OUs: “clients", "groups",


"administrators" and "servers". As to start to build or better to organize our fleet
of users and teams. With this we can throw very detailed directives to a limited
group of either users or teams.

With this we can start managing our domain, with the creation of OU
Containers to launch policies.

References:

1. http://tutorial.programming4.us/windows_server/Windows-Server-2008-R2-
Administration---Creating-Groups.aspx.
2. https://www.faqforge.com/windows-server-2012-r2/set-correct-permissions-
home-folder-active-directory-domain-services-windows-server-2012-r2/

You might also like