Show  But what about Domain Administrator Accounts, Domain User Accounts, or Local Groups? There are many other different types of profiles that offer varying levels of access to computers, servers and network settings. Understanding the precise capabilities of each is important to maintaining network security and ensuring that everyone can access the areas they need to in order to do their job. Here we take a look at some of the most common, and most misunderstood, user profile settings. Who should be an Administrator on your network? No normal user accounts should have Administrator access to your network. Users that have Administrator access as part of their normal user account could inadvertently cause a lot of damage if (for example) they are infected by a virus that deletes data. A Windows network normally has a “Windows Active Directory Domain” which contains user accounts, and manages the permissions for each user as they log onto the network. If a user requires special permissions, they should be given details of an Administrator account that has the required level of access. Domain Administrator Accounts To allow users to carry out administrative tasks, special Administrator accounts should be created with a suitable level of network access, and the credentials should be given to the users that require occasional Administrator access. A typical user name for an Administrator account is... Administrator! Go figure. Note that it is considered to be a good idea to disable the default built-in Administrator account and create another Administrator account with a different name. For example, NetworkAdmin. Administrator accounts are used by users to carry out tasks that require special permissions, such as installing software or renaming a computer. These Administrator accounts should be regularly audited – this should include a password change, and confirmation of who has access to these accounts. Windows Domain Administrator Groups On a Windows network, there are several Security Groups that have high levels of access to various parts of the network. These groups should be audited regularly to ensure that there are no normal users as members, only Administrators. The default groups are:
There may be other groups with high levels of access that have been manually created. These should be documented and added to the auditing process. Domain Service Accounts There is another type of user account that has special access to parts of your network – the Service Account. Service Accounts are user accounts that are used by software (normally on a server) to carry out automated tasks such as running backups, or managing your anti-virus administration. These services should never be set up to use Administrator account credentials – there should be at least one dedicated Service Account on your network. Domain Guest Accounts Windows has a default guest account called Guest. These guest accounts are the first port of call for criminal hackers and should be immediately and permanently disabled. If a guest account is required, it should not have an obvious name such as Guest. Domain User Accounts These are the normal user accounts that are used by staff in their day-to-day work to log onto a computer and do their normal work. They should not have any special permissions that could potentially lead to damage or data loss. These user accounts are normally members of a Security Group called Domain Users. In some cases, it is necessary to grant special or administrative permissions to users. This should be restricted to Local Admin access (they are Administrators only on their own computers, and not on the Domain). Local Accounts These are similar to Domain accounts, but are limited to local access only. Local access can be to a computer or a server. Local accounts can be Administrator accounts, normal user accounts, and Guest accounts. The built-in Administrator and Guest user accounts should always be disabled on workstations, and the built-in Guest user accounts should always be disabled on servers. Local Groups On computers and servers, there is a default Security Group called Administrators. Membership of this group should be limited to a domain group called Domain Admins. For help on creating user profiles or groups correctly, or on network security, give us a call and one of our trusted engineers will be happy to help. 020 8875 7676 Topics: customer-relationship-management, customer-service Written byDuane is Bertie the Robot's father. Need we say more. What is the difference between administrator and standard user account?An administrator account is similar to a standard account but with some additional privileges. These privileges allow you to manage system files or do anything without requiring confirmation. With an administrator account, you can also access all those files that other users own on the same computer.
What is a standard user account?Standard: Standard accounts are the basic accounts you use for normal everyday tasks. As a Standard user, you can do just about anything you would need to do, such as running software or personalizing your desktop. Standard with Family Safety: These are the only accounts that can have parental controls.
Which is better standard user or administrator?A Standard User Account is more secure and recommended for everyday tasks like launching and using apps, browsing the web. An Administrator account is best as a backup account for Administrative task like installing applications, updating the system.
Why use a standard account instead of an administrator account?Standard or regular user
If they are able to access additional files and data, it will only be those that the administrator allows. Using a regular user account when you are on your computer helps keep your system more secure.
|
Identify a difference between a standard user account and an administrator account.
zusammenhängende Posts
Urheberrechte © © 2024 WIKIFI Inc.
