Users, Groups, and Permissions
Windows XP offers three fundamental types of resource sharing on networks: simple, standard, and advanced. These aren’t official names for the three types, except in the case of Simple File Sharing.
But we use the terms here because they work well enough for distinguishing among the possibilities for networking in the Windows XP environment. Indeed, working with Windows XP networks requires a solid understanding of all three.
While certainly not set in stone, and without denying that this categorization offers its own oversimplification, here are the distinctions among the three:
- Simple Networking
Uses the Simple File Sharing option in Windows XP, available via the View tab on the Folder Options dialog box. This option lets you share files and folders among the members of the workgroup, without specifying precisely which users can access which resources.
And it also lets each user make their user-specific folders private, and therefore inaccessible to all other users. Simple networking also includes the use of the User Accounts applet on the Control Panel for creating accounts, as opposed to the user and group dialog boxes in Administrative Tools.
- Standard Networking
Turns off Simple File Sharing, permitting a more precise determination of who gets to access specific resources. To make this distinction possible, it also includes (usually) the users and groups in the networking decisions.
Simple networking also includes users and groups, but the network administrator doesn’t really need to do anything special to incorporate their use. With standard networking, resource sharing becomes much more specific, and therefore the tools with which to accomplish that sharing also need more specificity.
In addition, in standard networking, users and groups are typically created via the Administrative Tools group instead of the User Accounts applet in Control Panel.
- Advanced Networking
Includes the use of domains. Domains offer network administrators extensive control over resources and their users and groups, and allow for networking activities well beyond the ability of workgroup networking.
In this tutorial, we introduce the elements of Windows XP standard networking that you can use to your benefit in setting up an infrastructure network. Once again, the focus lies with the sharing of resources, specifically files and folders.
Printers share in much the same way as with simple networking, so there’s no new ground to cover in that regard. Primarily, this section covers how to specify user-level and group-level access to network resources, and for that reason it begins with a look at users and groups themselves.
Setting up Users and Groups
You can create users through the User Accounts applet in Control Panel, but for full control over users, and to create groups of users, you must use the Computer Management console in Administrative Tools.
Open Control Panel, double-click the Administrative Tools icon, and launch the Computer Management console. Expand the Local Users and Groups item in the left pane on of the console and click users to reveal the list of users already on your PC. Figure 1 shows the result of right-clicking a user account and choosing Properties.
The Properties dialog contains three tabs, each of which performs a specific and important function:
- General. On the General tab you can provide the full name of the user if you have an abbreviated or nickname-like username.
You can also provide a description of the user, to help other users identify that person. Most importantly, you can specify how you want Windows to handle the password.
You can configure it so that it never expires or for mandatory change at next logon. You can also disable or lock out the user from here.
- Member Of. At first glance, this tab offers very little information. In fact, only the user groups to which this user account belongs show on the screen.
Clicking the Add button demonstrates its usefulness, however, revealing (once you’ve clicked the Advanced button) the Select Groups dialog box. Click the Find Now button to reveal the list of groups to which you can assign this user.
- Profile. For the most part, you won’t need to use the Profile screen, but it can be useful for a variety of purposes.
The User Profile fields let you specify a script to activate when the user logs on to the network, with scripts launching programs, setting defaults, and in any other way you wish configuring the PC to that user.
The Home Folder fields let you define the folder that the user automatically enters when joining the network, as well as a network drive location if applicable.
This tutorial deals with none of these possibilities, and in fact these options tend to be reserved for more advanced networking management.
Some also apply more readily to older versions of Windows, in which workgroup networking required different kinds of network configurations.
For the purposes of this tutorial, the most significant tab is the middle one, Member Of. Here you can distinguish among your users by placing them in groups, for the purpose of then assigning groups, instead of individual users, to network resources.
On a small network, for example a network of fewer than ten users, this process is unnecessary because you can almost as quickly assign individual users to network resources, but even here you might find the Groups feature useful.
One of the benefits is that if you decide to change the location of a resource (for example), and you have, say, eight users working from that resource, you need only change the assignment of the group and all users will automatically change as well.