Chapter 10

LAN Administration: Users, Groups, and Security

Home | Chapters | Homework | Grades | Final Project | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | Games | Tests | E-Mail Mr Hull | FTP

Main | Chapter 1 | Chapter 2 | Chapter 3 | Chapter 4 | Chapter 5 | Chapter 6 | Chapter 7

Chapter 8 | Chapter 9 | Chapter 10 | Chapter 11 | Chapter 12 | Chapter 13 | Chapter 14 | Chapter 15

Users and Groups

As a network administrator you don't want to give all users the same level of access on the network.  Knowing this we can see there needs to be a way to uniquely identify each user on your network.  The way to do this is through two network objects, users and groups.  A user is a network object that is associated with a person.  The user is identified with a unique userID.  To simplify administration a user is placed inside a group.  A group is a list of users that can logically be grouped, such as the accountants group would contain all the users who are accountants.  You control the level of access to a resource through group membership.  A group is used in a resource's ACL (Access Control List).  This list controls who has rights to see the resource.  It is desirable to add groups to an ACL instead of users.  The image to the right shows a sample ACL from Windows 2000.  Administratively the process of removing a user from a group is easier then from all ACL's that you may have added the user too. Also if a new accountant is hired all you need to do is place that user in the accountants group and that user would have access to all resources that the other accountants have.

A Windows 2000 ACL

Click to enlarge


  • Side Note: In the Microsoft world there are multiple types of groups and a specific way to setup security.  The general rule is A-G-DL-P.  This states that you place User Accounts into Global Groups, then place Global Groups into Domain Local Groups and assign Domain Local Groups Permissions.  This will be covered more in class.

When setting up a network you need to decide how you are going to create the userID.  The userID should follow a set standard, for example first letter of first name first, followed by the last name, or visa versa.  Matthew Hull could be, mhull or hullm.  If you have a Mike Hull and a Matthew Hull you could incorporate the users middle initial, mahull or mshull.  Whatever design you choose your your userID scheme you should be consistent.


Security on a LAN is something that can not be overlooked.  Their are vulnerabilities discovered all the time that me compromise your data.  As a network administrator you should keep up to date on all the vulnerabilities that could effect your network.  I good resource is Security Focus's web site.

Password cracking is one of the most popular ways to get into a network.  A Hacker can have a program hammer a server with a userID and passwords from a dictionary file.  These tools can crack a simple short password in a matter of minutes.  On your network you should set a couple rules on your passwords to prevent this kind of break-in.  

  1. Have the user use a charters in their password such as: !@#$%^&*()~_?<>":;{}[]|+-.

  2. The password should be longer then 6 characters. Note the use  of the term characters instead of leters, refer to rule 1.

  3. Set a lock out policy, if someone types the wrong password more then n (n= number you set, should at least be 3 and at most 5) times lock them out of the network until the call you or another administrator, or a help desk if one is available.

  4. Passwords should be changed regularly.  At lease once a month.

  5. DO NOT write down your password!!!!!

  6. Do not use something that is easy to guess, such as your birthday, your name or a family members name.

  7. Log off or lock your PC if you are going to leave your computer.

  8. Make password different when you change them, do not use password1 then password2.

passwordpolicy.jpg (60206 bytes) Windows 2000 lockout policy configuration

passwordpolicy2.jpg (58375 bytes) Windows 2000 password policy configuration

Encryption is the process of turning plain text into cipher text.  The sending side will encrypt the data and the receiving side must have the right key to decrypt the data. For more information on encryption check out this FAQ.


A virus is a malicious program whose sole purpose is to replicate itself.  The problem is this program could contain code that might cause data loss in the computers it attacks.  The best thing to do in is install ant-virus software on your servers and client computers.  Norton has a corporate version of it's anti-virus software that allows you to administer all your computers anti-virus software from one location.  This makes it a lot easier to update the virus files on the remote computers.

More Information


Click Here to download the slides for this chapter

(NOTE: You must have PowerPoint or PowerPoint Viewer if you don't have  either Click Here to download PowerPoint Viewer.)

Home | Chapters | Homework | Grades | Final Project | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | Games | Tests | E-Mail Mr Hull | FTP