Grouping Users with Similar Needs

Administrators typically group users according to the network access their jobs require. For example, most accountants working at a certain level will probably need access to the same servers, directories, and files. By using group accounts, administrators can simultaneously grant rights and permissions to multiple users. Other users can be added to an existing group account at any time, instantly gaining the rights and permissions granted to the group account.

There can be two types of group accounts:

For more information about member servers see "Windows NT Server Domains" later in this chapter.

When working with groups, use these guidelines:

Global groups are the best method for simultaneously adding many users to another domain. The necessary rights and permissions are provided by the local group to which the global groups are added.

Windows NT Server has built-in both local and global user groups. For more information about built-in groups, see "Working with User and Group Accounts" in the Microsoft Windows NT Server 4.0 Concepts and Planning Guide.