Windows 7 / Networking

Organizing Users with Groups

It's also possible to create additional groups to meet specific needs. This is rarely done on local Windows 7 systems alone, but it's often done in a domain to organize users and easily grant specific rights and permissions.

As an example, consider Figure below. Jasmin, Martin, and Sarah are all in the Sales department. A group named G_Sales is created to organize the users, and each user account is then placed in the G_Sales group. Now imagine that the users in the group need access to the SalesData Share hosted on FS1.

Organizing users with a group

Instead of granting the same permissions to the individual accounts, the permissions to the SalesData Share are granted to the group. Because the users are members of the group, they have the same permissions as the group.

While it takes a little planning initially to design and create the groups, it eases the administration burden in the long run. For example, imagine that you originally granted Read permission to a share, but later wanted to change this to Modify for all the users in the Sales department. If a group is created and permissions are assigned to the group, you make the change once and you're done. However, if you originally assigned the permissions to each user, you'd have to modify the permissions for each user.

Groups are also useful even if only one user is a member. For example, imagine that an HR department has only one employee, Maria. On the surface, it may seem easier to assign all the permissions to Maria's account. However, what do you do if Maria is transferred or promoted within the company and someone else needs to take over?

If the permissions are assigned to the individual user, then they all have to be modified to remove Maria's access and grant the new employee's access. However, if a group was created and all the permissions were assigned to the group, you'd simply need to add the new employee's account to the group and remove Maria's account.

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Windows 7 in a Domain
  2. The Domain
  3. What is Wrong with Workgroups
  4. The Domain Concept
  5. Active Directory
  6. Domain Security
  7. Joining a Domain
  8. Windows 7 Offline Domain Join
  9. Browsing the Domain
  10. Searching the Domain
  11. Custom Searches
  12. Assigning Permissions to Domain Members
  13. The Double-Thick Security Trick
  14. Creating a Test Bed
  15. Creating a Domain
  16. Installing Windows Server 2008 on vPC
  17. Configuring a Windows Server 2008 Server
  18. Promoting a Server to a Domain Controller
  19. Joining Windows 7 to a Domain
  20. Authentication vs Authorization
  21. Authentication
  22. Authorization
  23. Built-in Groups
  24. Organizing Users with Groups
  25. Group Scope and Group Type
  26. Creating Users and Groups in a Domain
  27. Using HomeGroup with a Domain-Based Computer
  28. Identifying and Resolving Logon Issues
  29. Hardware vs. Network
  30. Using Cached Credentials
  31. Password Expiration
  32. Determining Logon Context
  33. Logon Hours Compliance
  34. Restricting Computer Access
  35. Time Synchronization
  36. Understanding User Profiles
  37. Standard Profiles
  38. Roaming Profiles
  39. Implementing Roaming Profiles
  40. Mandatory Profiles
  41. Super-Mandatory User Profiles
  42. Modifying the Default User Profile
  43. Configuring Settings with Scripts
  44. Anti-Malware Software
  45. Microsoft Windows 7 Defender
  46. Third-Party Anti-malware Software