Account permissions can be defined in groups (or individual
Local Groups are created on workstations and only apply to the workstation.
Global Groups are created on Domain Controllers and apply to
all computers in the domain.
Changing permissions of a group changes the permissions of
everybody in the group.
Share permissions apply to who can access a shared directory and how.
File permissions determine who and how files are shared. NTFS
Administrators always have full access to all resources.
User has combined permissions of all groups.
No Access Permission overrides all others.
NT chooses the most restrictive permission in a conflict.
controls universal security settings for the account (password
controls activities users can engage in. (Shutdown system,
logon, change time, etc.)
set through the System Policy Editor. Controls various
Accounts can be disabled, which denies access to this user. Can be reinstated.
Deleting accounts removes all permissions.
Home Directories can be created.
Profiles control desktop, menus, network connects.
Auditing controls what events are recorded. Alerts notify
someone when an event occurs.
Distributed File System (Dfs)
Allows directories on multiple server to appear as sub-directories of a single directory.
Advantageous for growing systems to avoid changing the share names.
Dfs is an addition to Windows NT, available as download or