The basic ideas are:
1) "Domains" are "communities" of computers. The domain has a name, and the
resident computers have names. Pre-2k Windows computers can only be a member
of one domain at a time. Look under the "Properties" in Network Neighborhood
=> "Identification". In Win98, the domain that computer belongs to is listed
in "Workgroup". The name of that computer is in the "Computer Name" field.
"Computer Description" is optional.
The name of the computer and its domain, at the most basic level, are used
to group computers together in the Network Neighborhood. In addition,
"domain-level" security will use these "groups" to set permissions, allow
access, etc. You are probably not using "domain-level" security...
2) People who use computers are identified by how they log in at startup.
THIS is the critical step that comes into play with regards to Windows
"user-level" security. Once you start using a login name and password, THOSE
are what will be important in identifying you to the other machines.
You are probably using "user-level" security.
More than likely (unless you have changed it from the default), each machine
is also using "Share-level" access control. If you switch to "User-level"
access control, you may specify which domain (workgroup) has access to that
computer.
Here's a scenario that illustrates a generic Win98/WinNT situation:
Computer 1 (Win98, general user workstation):
Name: Comp1
Wkgp: Common1
Computer 2 (WinNT4, file server):
Name: Srvr1
Wkgp: Common1
User 1 (uses Comp1...but can use this login on any other machine on the
network):
Login: Joe
Pass: stuff88
User 1 wants to start up Comp1 (his station), and work on his files, which
are stored on Srvr1. In order for him to access Srvr1, he needs to be a
registered "User" of Srvr1. So the Admin launches "User Administrator" from
the Start menu on Srvr1, and creates a "New User" named "Joe" with the
password "stuff88". Note that these are the same as Joe will use to log into
his workstation. The "New User", "Joe", is a member of the default "Users"
group, on the NT box. The Admin makes sure that the "Users" group has
permission to "Read" content on Srvr1. This means that "Joe", as a member of
"Users", can only read material from the NT box. If "Joe" needs to modify
documents, he's in the wrong group! He complains to the Admin, who launches
"User Administration" again, and adds "Joe" to the "Power Users" group,
which has its permissions set to "Full Control". Now "Joe" can really do
some damage! Note that the Admin could have set permissions for the user
"Joe" instead of adding him to a group with the correct permissions. It's
usually a bad idea to set permissions for individual users, though, as
things become complicated very quickly, and you may need to change a bunch
of users' permissions at some point. Assigning users to groups, and setting
permissions for those groups is usually better.
On Windows2000 (and I know this is a security risk...anyone want to
elaborate?), you can achieve the same goal by using the "Active
Directory..." instead of "User Manager". I'm not much of a Win2k person, and
I know there are safer options than using Active Directory.
We have found, in many multi-OS environments, that NetBEUI needs to be
installed on the Win98 machines if they are expecting to "see" a Win2k
machine. Dunno why, just is. That's another gaping security hole, but
whaddya gonna do? (anyone?)
So: Groups have permissions, Users belong to Groups, Users are identified by
their login, Computers are identified on the network by Name within Domains
(Workgroups).
Helpful? Hope so!
James Butler
----- Original Message -----
From: "Tangorre, Michael T." <[EMAIL PROTECTED]>
To: "CF-Server" <[EMAIL PROTECTED]>
Sent: Thursday, August 30, 2001 4:27 PM
Subject: Off Topic
> I am in need of a little clarification.
> I attend Alfred University in upstate westenr NY and have a few questions
> regarding mapping drives and what not.
>
> On campus users computers connect to the "Alfred" domain. Now how does
> mapping drives work in terms of setting permissions on a win98 box, win2k
> box and win2k server box? Does the machine that is sharing the resources
out
> need to have a list of users or can anyone on the domain access these
> resources?
> Also, when trying to map drives I will log onto the network with my
username
> and password and try to connect to a machine in which my username is in
the
> admin list, but I wont be able to connect or map it. Can anyone offer some
> genenral information on how sharing, mapping and access works on an NT
> domain.
>
> Thanks,
> Mike
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
