User accounts and passwords are only the front line of defense in the game of network security. After a user gains access to the network by typing a valid user ID and password, the second line of security defense - rights - comes into play.
In the harsh realities of network life, all users are created equal, but some users are more equal than others. The Preamble to the Declaration of Network Independence contains the statement, "We hold these truths to be self-evident, that some users are endowed by the network administrator with certain inalienable rights...."
The specific rights that you can assign to network users depend on which network operating system you use. Here is a partial list of the user rights that are possible with Windows servers:
Log on locally:
The user can log on to the server computer directly from the server's keyboard.
Change system time:
The user can change the time and date registered by the server.
Shut down the system:
The user can perform an orderly shutdown of the server.
Back up files and directories:
The user can perform a backup of files and directories on the server.
Restore files and directories:
The user can restore backed-up files.
Take ownership of files and other objects:
The user can take over files and other network resources that belong to other users. NetWare has a similar set of user rights.