![[Contents]](a5f4558b.gif)
![[Back]](8016546c.gif)
![[<< Prev]](8f6f5240.gif)
![[Next >>]](e7ced9d2.gif)
Rights
The difference between having rights and receiving permissions might seem like nothing more than a matter of semantics, but this is not the case. In Microsoft terminology, rights are general attributes that particular users or groups have. These rights include the capability to log on locally or to load and unload device drivers. These particular user rights make administrators more powerful than users. Permissions refer to the level of control a particular user or group has over a specific resource.
![[note.gif]](note.html)
If a user and an administrator have full-control access to a directory, either of them can read, modify, or even delete that resource. If the directory must be restored from tape, however, only a member of the Administrators, Server Operators, or Backup Operators groups can accomplish this task. By default, only these groups have the right to restore files and directories. To see the different rights available to Windows NT users, select the Policies menu in User Manager for Domains and then select User Rights. Choose the check box in the lower left to view additional Advanced Rights.
All these terms might make network security seem a bit daunting, but this is not necessarily so. Perhaps it is easiest to think of server or workstation resources just as you would think of anything else that you must care for and protect.
For instance, imagine that you have a house. If you want, you can just keep the house to yourself and not admit entrance to anyone else, thus preventing damage to your possessions. Of course, you also can allow others to enter, but then you take the chance that someone might damage your possessions, either maliciously or inadvertently. Because of this, it’s a good idea to take some precautions about who you invite to your house. Moreover, you almost certainly will be more watchful of some guests than others, and you will seek to protect certain rooms or possessions more than others. Lastly, because you can’t watch everyone all the time, you probably will want to have some good locks on the doors and sufficient insurance against theft or disaster.
Resources on a network deserve the same care. This book has already discussed the insurance (fault tolerance), but has yet to examine how you can grant some network users access to your resources while refusing access to others. The first part of this chapter deals with understanding the underlying security options and examines how different Microsoft operating systems and network configurations operate from a security standpoint.