![[Contents]](a5f4558b.gif)
![[Back]](8016546c.gif)
![[<< Prev]](8f6f5240.gif)
![[Next >>]](e7ced9d2.gif)
Global and Local Groups
Windows networks can include two types of groups: Global and Local. Each of these has very specific functions.
Global groups are created only on the Primary Domain Controller of a Microsoft Domain, and these groups function as nothing more than containers for user accounts. Global groups cannot contain other groups.
Local groups, on the other hand, can be created on Windows NT Server or Workstation and can include both user accounts and Global groups. Moreover, these groups are assigned permissions in the Microsoft model.
In Exercise 8.2, you create both types of groups and explore how they interact with users and resources. Note that this exercise assumes you are using a Windows NT Domain Controller. If this is not the case, you will be unable to complete the steps as written. In that case, you can participate in the creation of the Local group and ignore instructions that deal with Global groups.
![[note.gif]](note.html)
Windows NT also creates four special groups, each of which has special uses and access privileges. You cannot delete or rename these groups, but you can give or deny them permissions to resources. The following list details these groups:
- Everyone. This umbrella group includes all users of the machine, from guests to administrators.
- Creator-owner. If a user creates or owns a directory, he gains whatever rights are given to this group.
- Interactive. This group is fluid, in that a user becomes a part of it when he accesses a local resource, and he is excluded from it when accessing a resource over a network connection.
- Network. This group is exactly the opposite of an Interactive user group. This is another fluid group that includes any user who logs on using a network or modem connection rather than being physically seated at the machine.
Creating groups and users provides the base upon which the rest of your security is built. You should now know what a user is, and how users and groups interact. The next section explores using these groups and users to give or restrict access to network resources.