6.1.6.1. Users¶
6.1.6.1.1. User Groups and Workgroups¶
6.1.6.1.1.1. Users¶
There are some users set up for specific purposes in the Windows system, namely: SYSTEM (system), Trustedinstaller (trusted program module), Everyone (all), Creator Owner (creator), etc. These special users do not belong to any user group, are completely separate accounts. Among them, SYSTEM has the account with the management authority of the entire computer, and the general operation cannot obtain the equivalent authority.
6.1.6.1.1.2. User Groups¶
There are many local user groups built into the Windows system for managing user permissions. As long as the user account is added to the corresponding user group, the user account will also have the permissions possessed by the corresponding user group.
By default, the system divides users into 7 groups, and assigns different operation permissions to each group. These groups are: Administrators, Power Users, Users, Backup Operators, Replicator, Guests, Identity Authenticated Users.
6.1.6.1.1.3. Working Groups¶
Workgroup (Workgroup) is the most common, simplest and most common resource management mode. By default, computers are in a workgroup named workgroup. The workgroup mode is relatively loose and is suitable for situations where the number of computers in the network is small and does not require strict management.
6.1.6.1.2. Domain Users¶
6.1.6.1.2.1. Domain Users¶
Users in a domain environment have different accounts than local users, and domain user accounts are kept in Active Directory. In a domain environment, a domain user can log on from any computer in the domain. Users in the domain can use SID (Security Identifier) to indicate identity, and use NTLM hash or Kerberos to verify identity.
6.1.6.1.2.2. Machine Users¶
A machine user is also called a machine account or computer account. All hosts that join a domain will have a machine user whose username $ends with $ 。
6.1.6.1.3. Group Policy¶
Group Policy is used to control the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating system, application, and user settings in Active Directory. One of the local Group Policy (LGPO or LocalGPO), you can manage Group Policy objects on a separate and non-domain computer. Group policies in a domain environment are often referred to as GPOs (Group Policy Objects).