- Mastering Windows Group Policy
- Jordan Krause
- 475字
- 2021-06-10 18:47:54
Permissions
If you are following along with a lab of your own, you are currently having no trouble or limitations because you are probably logging in to your servers or management workstations from an account that is part of the domain administrators group. In fact, you may even be logging in as the domain administrator account.
Now, moving off my soapbox, domain administrators and enterprise administrators have access to do whatever they want inside Group Policy. Anybody else, however, is limited. This is important to understand as you move into Group Policy administration. In the wild, by far the most common way to grant an admin access to manipulate Group Policy is to add their domain user account to the Domain Admins group, which is fine but not ideal. There are more fine-grained ways of giving permissions inside GPMC that don't require quite this level of access.
Later in the book, we will explore delegation of privileges within Group Policy, essentially showing you an alternative way to give a user the rights they need in order to administer only parts and pieces of Group Policy, but for now we just need to understand that you won't get very far in GPMC without being a member of either Domain Admins or Enterprise Admins.
A quick aside regarding sites. Even though we will be able to delegate some permissions later to non-admin type users, this is not the case with site administration. To be honest, flagging GPOs to be applied at the site level is not a common practice. It's very rare that I find people doing that, because it's a rare use case that would deem it practical. However, should you discover the need to modify Active Directory sites or link GPOs at the site level, you will need to use an account that is a Domain or Enterprise Admin. Again, since most server administrators are already either Domain Admins (though this is becoming less common as security levels increase), or have access to a Domain Admin account on an as-needed basis, that is most often the level of permissions you will have when working within Group Policy, which will allow you to do whatever you need.
- 基于C語言的程序設計
- Hands-On Deep Learning with Apache Spark
- 人工智能超越人類
- 火格局的時空變異及其在電網防火中的應用
- 手把手教你學AutoCAD 2010
- 極簡AI入門:一本書讀懂人工智能思維與應用
- 來吧!帶你玩轉Excel VBA
- 物聯網與云計算
- 工業機器人入門實用教程(KUKA機器人)
- Python Algorithmic Trading Cookbook
- 讓每張照片都成為佳作的Photoshop后期技法
- Cloudera Administration Handbook
- 單片機C語言應用100例
- 從零開始學SQL Server
- R Data Analysis Projects