Under the Local Policies node, there are three nodes: Audit Policy, User Rights Assignment, and Security Options. Audit Policy was explained in Chapter 12, "Auditing Resources and Events." In this lesson you learn how use the Group Policy snap-in to assign user rights. Security options are covered in Lesson 3.
You can assign specific rights to groups or individual user accounts. To simplify administration of user rights, Microsoft recommends that you assign user rights only to groups and not individual user accounts. Each user right allows the members of the group or the individual users assigned the right to perform a specific action, such as backing up files or changing the system time. If a user is a member of more than one group, the user rights applied to that user are cumulative, so the user has all the user rights assigned to all the groups of which he or she is a member.
You can configure user rights on a computer running Windows XP Professional by using the Group Policy snap-in as follows:
The Select Group Policy Object dialog box appears, allowing you to point the MMC console containing Group Policy at the local computer or at a remote computer. The Allow The Focus Of The Group Policy Snap-In To Be Changed When Launching From The Command Line check box allows you to configure the MMC so that you can decide which computer to use Group Policy on when you start the MMC.
The console displays the current groups and user accounts that have this user right assigned, as shown in Figure 13.4. To add groups or user accounts, click Add. To remove a group or user, select the group or user and click Remove.
There are two types of user rights: privileges and logon rights.
A privilege is a user right that allows the members of the group to which it is assigned to perform a specific task, usually one that affects an entire computer system rather than one object. Table 13.3 explains the privileges you can assign in Windows XP Professional.
Table 13.3??Privileges Available in Windows XP Professional
A logon right is a user right assigned to a group or an individual user account. Logon rights control the way users can log on to a system. Table 13.4 explains the logon rights you can assign in Windows XP Professional.
Table 13.4??Logon Rights Available in Windows XP Professional
The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."