User Account Policy A user account is a record that consists of all the information that defines a user to Microsoft Windows Server 2003. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the computer and network and accessing their resources.
User Account Types Windows Server 2003 provides three types of user accounts: 1 .local user accounts 2 .domain user accounts 3 .built-in user accounts.
local user account:- a user logs on to a specific computer to gain access to resources on that computer. domain user account:- a user can log on to a domain to gain access to network resources. Built−in user accounts:- are created automatically by Windows Server 2003 for the purpose of performing administrative tasks or to gain access to network resources. (e.g Administrator ,Guest
A group is a collection of user accounts. Groups simplify administration by allowing you to assign permissions and rights to a group of users rather than having to assign permissions to each individual user account.
Group Policy Group policies are collections of user and computer configuration settings that specify how programs, network resources, and the operating system work for users and computers in an organization. Local GPOs:- One local GPO is stored on each computer whether or not the computer is part of an Active Directory environment or a networked environment. A local GPO affects only the computer on which it is stored. Nonlocal GPOs:- Nonlocal GPOs are created in Active Directory, By default, when Active Directory directory service is set up, two nonlocal GPOs are created:
Default Domain Policy This GPO is linked to the domain , and it affects all users and computers in the domain (including computers that are domain controllers) Default Domain Controllers Policy This GPO is linked to the Domain Controllers OU, and it generally affects only domain controllers, because computer accounts for domain controllers are kept exclusively in the Domain Controllers OU.
How Group Policy Is Applied Local GPO. Site GPOs Domain GPOs OU GPOs
Group Policy Inheritance Group Policy is passed down from parent to child containers within a domain. Group Policy is inherited in the following ways: If a policy setting is configured (set to Enabled or Disabled) for a parent OU, and the same policy setting is not already configured for its child OUs, the child OUs inherit the parent’s policy setting. If a policy setting is configured (set to Enabled or Disabled) for a parent OU, and the same policy setting is configured for a child OU, the child OU’s Group Policy setting overrides the setting inherited from the parent OU.