Organizing group accounts
A network administrator has to deal with the following scenario:
The company has just reorganized its department staff into various other departments. These staff members in the new departments are now performing different job functions. For example, an employee who belonged to the human resources department is now relocated to the accounts department. The network administrator must now reorganize the network group accounts to reflect the new changes.
The above scenario takes place continuously in the corporate world and the network administrator must always have the network group accounts current in order to eliminate any duplicate user accounts as well as duplicate group accounts because after the restructuring process some users will still have access to their previous shares. This can result in malicious attacks depending on the employee's state of mind.
The following steps can be taken to keep someone who no longer belongs to a group account from accessing protected information:
- Most importantly, when new users are added to group accounts auditing must occur initially on a regular basis (refer to Auditing using Win2K).
- The use of group policies should be used to assign permissions as needed. Creating a user group is much easier to manage than individual user accounts.
- Do not have any group accounts representing departments that no longer exist.
- This allows for greater manageability of the group accounts.
- The network administrator should ensure that all user access for previous shares be removed. As in the scenario above, if the user who belongs to the human resource department was handling confidential information and gets relocated to another department, then the network administrator should make sure that all shares that pertain to this user are removed.
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
Whether you loved it or hated it, why not let us know? E-mail us to sound off.
Admin911™ : Windows® 2000 Group Policy
Author : Roger Jennings
Publisher : Osborne
Published : Nov 2000
Plan, design, test, roll out, and troubleshoot the policies available for managing your enterprise network with help from Admin911: Windows 2000 Group Policy. This practical and concise handbook contains all the critical information you need to solve problems quickly and keep your network running smoothly and efficiently.
This was first published in July 2001