![[Contents]](a5f4558b.gif)
![[Back]](8016546c.gif)
![[<< Prev]](8f6f5240.gif)
![[Next >>]](e7ced9d2.gif)
Groups
Now that a user has been established, the next step in granting that individual access to resources is to assign proper permissions. This is done by creating a group or a set of groups, assigning permissions to the groups, and then placing the user inside the appropriate groups. By default, Windows NT creates a number of built-in groups that are defined with the rights necessary to perform particular tasks. These groups are task-specific and are inherently different from the type of groups you normally create, which are resource-specific. For instance, the Backup group and the Server Administrators group have capabilities granted to them that are needed to perform backups and server maintenance tasks, respectively. Usually, the default rights will be fine. You create the group and add users to it, at which time the group is ready to be given permissions in the file system, such as Read permissions to a directory or Print permissions to a printer.
![[tip.gif]](tip.gif)
Remember that in the creation of user accounts and policies, you must strike a balance between security and user- friendliness. Setting a password expiration date that is too frequent or one that requires too many long, unique passwords is almost certain to result in a less, rather than more, secure environment. If users are unable to remember such a password, they often simply will stick a note to their monitor with their password on it or come up with some other highly insecure way of jogging their memory. If this starts happening, you know that your policies are probably too stringent.
Further Information