A local user or group account is an account that exists on the server itself and grants users or groups access to its resources. The server can also be configured to grant access to domain users and groups. Domain users and groups are those that exist in a Microsoft® Windows NT® 4 or Microsoft® Active Directory™ domain. You can add local users, domain users, and domain groups to local groups.
Users and groups are important in Microsoft Windows security because you can assign permissions to limit the ability of users and groups to perform certain actions. A permission is a rule associated with an object, usually a file, folder, or share, that regulates which users can access the object and how they can access it. In most cases, if your server belongs to a domain, you should assign permissions to domain users and groups, or local groups containing domain users or groups, rather than to local users.
Any local or domain user who is a member of the local administrator group on the server has administrative privileges on the server. Likewise, any user who is a member of a group that has been assigned to the administrator group on the local computer has administrative privileges for that computer. For example, you could assign the TeamLeads groups, consisting of Tom, Mary, Hazel, and Jim to the administrative group on the server. Each of the TeamLeads group members would then have administrative privileges on the server.
Related Topics