1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Managing groups with a power user account.

Discussion in 'MCDST' started by derkit, Jul 8, 2007.

  1. derkit

    derkit Gigabyte Poster

    1,479
    54
    112
    Just reading through the MS book for 70-271 and I've already got a question: :rolleyes:

    1) It says that members of the Power Users group can manage only the groups they create [I'm with this so far].
    2) They cannot manage groups that are created by the Admin group. [also understand this]
    3) They cannot manipulate the membership of the default group accounts.... hmmmm.

    - if I'm reading this right, in 3) if the group they're looking at is a default XP group then they cannot add/remove any users to that group???
    - also, can a member of a Power User group manage groups that other Power Users' create?? ie, is it user account specific or Group specifc editorial rights? :blink

    thanks guys :)
     
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  2. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    If I read this well, what are the default groups?
    Well, there are the special groups (everyone, authenticated users, users) No one can manipulate these memberships as far as I know.
    Then the other def. groups Administrators: It would lead to a security gap if a poweruser could make some of his 'users' a member to the administrators group.
    Powerusers: same story.
    Backup-ops:The special right for backup-ops is that they have rights to virtually all files in the system. Makes sense to me.
    So I think the statement is correct.
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  3. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Link. I had a little problem with this section due to the fact i was using a 1st edition book, in the section that listed what a power user could and couldn't do someone forgot to type Power Users Cannot Do This and listed all the administrator permissions, so if you didn't pickup on it the Admin and PU groups had the same permissions
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  4. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    This is not true. What is the point in having two groups with the same permissions?
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  5. derkit

    derkit Gigabyte Poster

    1,479
    54
    112
    so what you're saying is:
    The part that confuses me is that it states "default XP group" - well there are lots of them. I understand about everyone, authenticated etc. as membership is automatic but what about the other grops?? If what Tinus is saying is that a power user cannot add/remove users to just backup/power user/administrators group?

    I'm still not clear on this one.
     
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  6. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111

    yes i know, they made a BIG typo in the 1st edition book maybe i didn't explain it right
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  7. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Still searching, but I found this in the resource kit, which is online at Microsoft on http://www.microsoft.com/technet/solutionaccelerators/reskits/rktmain.mspx

     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  8. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    i found this

    Power Users Can:
    Create local user accounts
    Modify user accounts which they have created
    Change user permissions on users, power users, and guests
    Install and run applications that do not affect the operating system
    Customize settings and resources on the Control Panel, such as Printers, Date/Time, and Power Options
    Do anything a User can


    Power Users Cannot:
    Access other users' data without permission
    Delete or modify user accounts they did not create
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  9. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    In both my find and your find there is no clue on giving membership to groups. We'll just have to try this in real life.
    I have no access to a windows XP machine till thursday. (taking a Train The Trainer course on server 2008 at the moment).
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  10. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Created 3 users (2 under admin and 1 under the PU)

    The power users can only add people to the power users group(and groups he has created)

    here's the groups i tryed this with

    Back-Up ops - NO
    HelpService - NO
    Net Config Ops - NO
    Power Users - YES
    Remote Desktop Users - NO
    Replicators - NO

    i also created the 3rd user as the PU, got the same results.

    And he can only delete users that he has created(although i didn't test if he could delete users that other power users created)
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  11. derkit

    derkit Gigabyte Poster

    1,479
    54
    112
    wow - full on guys :D

    So it looks like Power Users can amend their own groups/users as well as any others that have been created by Power Users - so its Group specific (they can only edit along their level only).
     
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293

Share This Page

Loading...