Chapter 5. Managing User Rights and Permissions

Chapter 5. Managing User Rights and Permissions

In this Chapter

Leveraging Domain Local, Global, and Universal Groups

Using NTFS and AD Integrated File Shares

Using Group Policy to Administer Rights and Permissions

Maximizing Security, Functionality, and Lowering Total Cost of Ownership (TCO) with User Profiles

Managing Rights and Permissions for Specific User Types

BEST PRACTICES

Using Domain Local and Global Groups

Managing Highly Managed Users

Managing Mobile User Rights

Every user in an organization is an individual, with unique requirements necessary to perform his or her job. Many of those requirements involve IT resources. Part of a system administrator's job is making the appropriate IT resources available to each of these individual users. This is an easy task in a small company where each user's IT needs can be catered to individually. In an enterprise organization, the individual still needs IT resources, but his or her needs cannot be addressed one at a time. This is where solid directory services and efficient user management strategies play an important role. Understanding how to leverage the user management tools available in Windows Server 2003 Active Directory to manage user rights and permissions can greatly simplify the task of meeting the IT resource needs of the enterprise user community.

This chapter focuses on recommended Windows Server 2003 Active Directory administrative strategies for managing user rights and permissions. In addition to discussing such concepts as group policies, Intellimirror, and user profiles, this chapter will focus on recommendations for managing common types of users found in every organization.