One, user account management
1. User account
Different user identities have different permissions
Each user contains a name and a password
User account has a unique security identifier (SID)
2. User Management
Create users, reset passwords for users, rename users, enable, disable user accounts
Delete a user account (delete the user and then create the same name with the same secret user without the permissions of the previous user, because the SID security identifier is different)
Second, built-in user accounts
Used for special purposes and generally do not need to change their permissions
1) Administrator (Admin user) The default administrator user. This account cannot be deleted and renamed for security advice.
2) Guest (guest user) is disabled by default, provided to users without an account for temporary use, it only has limited permissions. cannot be deleted.
Iii. Administrative Group Accounts
1. Group accounts
A group is a collection of some users
Users within the group automatically have the permissions set for the group
2. Group account Management
Create a new group, add members to a group (you can double-click a group to add a member or right-click a user-Properties-member of), rename a group, delete a group
3, the role of common built-in groups:
1) Administrators: Users in this group have system administrator privileges.
2) Backup Operators: Permission to back up and restore
3) Guests: If you unregister a member that is located in this group, its user profile is deleted and the default guest belongs to this group.
4) network configuration Operators: configurations with management network functions, such as changing the IP address
5) Power Users: Legacy Windows systems already exist in groups that are about to be phased out for simplified groups.
6) Remote Desktop Users: A user in this group can log on using Remote Desktop services from a remote computer
7) Users: Default group for new users
8) Print Operators: has permission to manage printers
4. Special local built-in group
Everyone: Any user belongs to this group
Authenticated Users: Any user who uses a valid user to log on to this computer belongs to this group
Interactive: Any user who logs on locally (by Ctrl+alt+del key) belongs to this group
Network: Any user who logs on to this computer over the internet belongs to this group.
Note: Local groups cannot contain local groups and can contain some built-in groups.
Iv. rules of the ALP
Local users are joined to local groups, and only local groups are assigned permissions (meaning of the ALP rule)
V. Overview of the file system
1, File system: That is, the method of organizing files on the external storage device
2. Common File System
FAT, NTFS, EXT
3. Advantages of the NTFS file system
1) Improve disk read and write performance
2) Reliability: Encryption, Access control list
3) Disk Utilization: compression, disk quotas
4) AD requires NTFS support
Vi. Common NTFS Permissions
1. NTFS Permissions for folders
Read, write, List folder directories, read and execute, modify, Full Control,
Special permissions: Independent of file and folder data, read from the Security tab, change related
2. NTFS Permissions for files
Note: The folder directory is listed with fewer permissions than the folder
3. Special privileges
Read permissions, change permissions, get ownership
Vi. NTFS Permission rules
1, the accumulation of rights:
The user's effective NTFS permissions accumulate on a rights-not-conflicting basis
2, refusal of priority (refusal is greater than all)
3. Inherit permissions
The default subfolder or sub-file inherits the permissions of the parent folder, and subfolders can be removed from the parent folder (right-click on the subfolders-security-advanced-permissions-Change permissions-Disable inheritance)-OK-click Edit to modify the permissions of the inherited user.
Enable inheritance.
Small white Learning windows fourth
