Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info

 

  

Users and Groups

Related Entries    Web Links    New/Updated Information

  
Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Network operating systems provide security by requiring that all users log on by typing their user account name and a password. Once a user is verified or authenticated, the user can access the network based on the rights they have been granted throughout the network. Some network operating systems require users to log on every time they access a resource at a different location on the network. The usual technique is to incorporate user authentication features that verify the authenticity of a user one time for all resources on a network. Trust relationships are established so that one server "trusts" that another server has properly authenticated a user.

User accounts hold information about the user, including any restrictions they have on a network. For example, a user might be restricted to logging on at a specific workstation or during a specific time. Groups are collections of users that network administrators create to simplify user management. It is far easier to include users in a group, and then assign network access rights to the group, than it is to assign those rights individually to each user. Groups also simplify messaging. For example, it's easier to send an electronic mail message to a group called "Managers" than to each person in that group individually. Managers should create groups for users, projects, and management purposes when planning and setting up the network, and then add user accounts to groups as users are added to the network.

A user account is granted certain rights and permissions to network resources. These accounts may have the following restrictions (from NetWare):

  • Account balance restrictions    You can restrict a user's access to the system and its resources by specifying a credit limit. A credit limit is a balance in an account that depletes as time and resources are used. Once depleted, the user can't log on to the system until given more credit.

  • Expiration restrictions    You can set an expiration date and time for a user account. The account is closed at the time specified. You might use this restriction for temporary employees.

  • Password restrictions    The administrator or a supervisor can specify the length and uniqueness of logon passwords. You can force users to change their passwords at regular intervals and to use passwords that they haven't used recently.

  • Disk space restrictions    Disk space restrictions help administrators control how much disk space users can use.

  • Connection restrictions    Connection restrictions can limit the number of stations a user can log on to simultaneously.

  • Time restrictions    Time restrictions specify the times, in half-hour blocks, when users can log on to the system.

  • Station restrictions    Station restrictions prevent a user from logging on at any station other than the specified workstation. This prevents users from logging on at unsupervised workstations where their activities cannot be monitored. In NetWare, these restrictions can be assigned individually to each account or assigned as default settings that are applied when new accounts are created.

Groups

Groups are collections of users or user accounts. You create groups to simplify the task of managing and defining rights for large numbers of users. It's also easier to send messages to groups than it is to send messages to each individual user within a group. Groups have names and can include users who work on similar projects, belong to the same department, or even belong to a club within the company. A user can belong to more than one group. For example, a user might belong to the manager or administrator's group, the advisory group, and the golf group.

You assign directory and file access rights (permissions in Windows NT) to groups in the same way you can assign those rights to users. However, it is much easier to assign the rights to groups, and then add users to the group. The user then gets all the rights and privileges of that group. Groups should be defined when planning a network and created before adding any users. Then, as you create new user accounts, you can add a user to a group. A user can be a member of more than one group.

Here are some examples of ways you could use groups:

  • A word processing group with rights to run a word processing program and store files in its data directories.

  • Electronic mail groups to simplify message addressing. For example, create a group called Managers, Employees, or Temporaries.

  • A management group that has rights to create new user accounts.

  • A backup group that has special access rights to back up directories.

Another interesting aspect of groups is that they provide a convenient way to change or remove the rights of a large number of users at the same time. You can delete an entire group, or you can remove users from a group. When users are removed from a group, they still retain an account on the system, but any rights they had with the group are no longer valid.




Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.