Access control is the process of authorizing users, groups, and computers to access objects on the network. Key concepts that make up access control are:
Permissions define the type of access granted to a user or group for an object or object property. For example, the Finance group can be granted Read and Write permissions for the file payroll.dat.
Permissions are applied to any secured objects such as files, Active directory objects, or registry objects. Permissions can be granted to any user, group, or computer. It is a good practice to assign to groups.
You can assign permissions for objects to:
Groups, users, and special identities in the domain.
Groups and users in that domain and any trusted domains.
Local groups and users on the computer where the object resides.
The permissions attached to an object depend on the type of object. For example, the permissions that can be attached to a file are different from those that can be attached to a registry key. Some permissions, however, are common to most types of objects. These common permissions are:
When you set up permissions, you specify the level of access for groups and users. For example, you can let one user read the contents of a file, let another user make changes to the file, and prevent all other users from accessing the file. You can set similar permissions on printers so that certain users can configure the printer and other users can only print from it.
If you need to change the permissions on an individual object, you can simply start the appropriate tool and change the properties for that object. For example, to change the permissions on a file, you can run Windows Explorer, right-click the file name, and click Properties. In the Security tab, you can change permissions on the file. For more information, see Permissions.
Ownership of objects
An owner is assigned to an object when that object is created. By default, the owner is the creator of the object. No matter what permissions are set on an object, the owner of the object can always change the permissions on an object. For more information, see Ownership.
Inheritance of permissions
Inheritance allows administrators to easily assign and manage permissions. This feature automatically causes objects within a container to inherit all the inheritable permissions of that container. For example, the files within a folder, when created, inherit the permissions of the folder.
You can audit users' access to objects. You can then view these security-related events in the security log with the Event Viewer. For more information, see Auditing.
Can do it easily by clicking start->help & support
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.