Windows user group permissions

Others 2022-04-27 11:32:40 views: 0

Reprinted from: http://bbs.pcbeta.com/viewthread-564675-1-1.html


1. Ordinary permissions
 Although Win2\X\V\ win7 and other systems provide the function of "permission", this brings a new problem: how is the distribution of permissions reasonable? If everyone has the same permissions, then It means that everyone does not have permission restrictions. What is the difference between using Win9x? Fortunately, the system has set a "permission group" for us by default, just add the user to the corresponding group to have access to this The operation authority granted by the group is called the assignment of authority. By default, the system divides users into 7 groups, and assigns different operation permissions to each group : Administrators, Power Users, Users, and Backup Operation Groups. (Backup Operators), file replication group (Replicator), guest user group (Guests), authentication user group (Ahthenticated users) The backup operation group and file replication group are set up to maintain the system and are not usually used.       The default grouping of the system is to assign permissions according to certain management credentials, not randomly generated. The administrator group has most of the computer operation permissions (not all), and can modify and delete all files and modify system settings at will. Only the program trust group ( special permissions) . Further down is the high-privileged user group . This part of the user can also do most of the things, but cannot modify the system settings, and cannot run some programs that involve system management. Ordinary user groups are tied to their own territory by the system and cannot process other users' files and run programs that involve management. File operation permissions of the guest user group and common user group 
  

  
Same, but no more programs can be executed. Authentication user group (Ahthentiated users) Users who log in through the ms authenticator belong to this group. 2. Special permissions In addition to the 7 default permission groups mentioned above, there are also some special permission members in the system. These members are set for special purposes, namely: SYSTEM (system), Trustedinstaller (trusted program module), Everyone (all People), CREATOR OWNER (creator)  , etc. These special members are not absorbed by any built-in user group and belong to completely independent accounts.   When I mentioned the permissions of the administrator group, I did not use "all" to describe it. The secret is here. Don't believe the system description of "unrestricted full access", it will not be stupid enough to give itself completely Humans, the administrator group is also subject to certain restrictions, but it is not so obvious. There is only one member who really has "full access": SYSTEM . This member is generated by the system, an account that really has the management authority of the entire computer, and the general operation cannot obtain the equivalent authority. The "everyone" permission is similar to the normal user group permission. It exists to allow users to access files marked as "public" . This is also the access permission required for some programs to run normally - anyone can be granted normal access. Files with " Everyone " permissions, including members of the Guest group . Only the user who created the file can access files   marked with "Creator" permission, which achieves a certain degree of privacy protection.   However, all file access permissions can be    

  

  

Administrators group users and SYSTEM members are ignored unless the user uses NTFS encryption.
  Whether it is ordinary permissions or special permissions, they can be used "superimposed". "Superimposed" means that multiple permissions are used together. For example, an account originally belonged to the Users group, and then we added him to the Administrators group and added the Trustedinstaller. Now this account has two or more privilege identities at the same time, instead of overwriting the original identity with administrator privileges. The superposition of permissions is not meaningless. In some occasions that require specific identity access, users can only access if they have set a designated identity for themselves. At this time, the use of "superposition" can reduce part of the labor.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325569688&siteId=291194637
Recommended
Open signature electronic signature: stop new additions, optimize experience, and make progress (work before the May Day holiday)
Kaiyuan Daily | Open source front-end animation engine for middle school students; the world’s first Llama3 8B Chinese version open source model; Lenovo Computer may be out of business; Linus satirizes AI hype
Ranking
Fast data acquisition card in the acquisition and analysis of radar signals in Application Notes
Simple understanding of regular expressions
Wannafly Challenge 15 C "a team" (Josephus kind of problem)
[Self-study] Using python for data analysis LESSON6 <Introduction to pandas——Introduction to pandas data structure 2>
RAID implementations 116.211.146.88
2020 strongest dubbo face questions + Answer: architectural design services + + framework design cluster configuration
Introduction to GPS time
DOTween download address for each version
Deep learning and computer vision practical learning (0) - basic tools, NVIDIA driver and CUDA installation
[NOIP2012 Improvement Group] Borrow classroom
Daily
More
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)
2024-04-13(18)

Code World

© 2018 codetd.com