Creating users in Habibi’s restaurant will depend largely on the job description of the users. In the restaurant in question the chef’s staff’s function is different from the table server and the owner/management should have supervisory functions.
Management will want to give instructions on creating users in the chef’s staff category such that the chef will be able to have access to viewing orders, query orders and enter available menu, they are not to be concerned about payments and so are not supposed to have access to payment account neither can they edit orders. The table severs will be allowed to enter customers orders and edit customer’s order, they should be able to enter payments into account, edit payment and view menu but they cannot enter menu. The owner/management will be allowed to view menu, edit payments, enter menu and edit menu. They can have access to all that the other users have access to and more since they are supposed to be in charge.
Management instructions on creating groups should consider creating three groups; these are table server group, chef’s staff group, management /owner group. Users are created within the network and assigned to groups that are related to their job functions, for instance, any user assigned to the chef‘s staff group will automatically inherit the role and privileges of that group.
Essay told about the global group will be created to contain user accounts, such that the users can be sorted into easily identifiable groupings enhancing smooth application to permissions to use shared resources on the network. A single domain local is to be created since all the workstations are domicile within the same network in the same location.
In comparing and contrasting global groups to domain local groups we find that global groups are primarily useful in sorting users into easily identifiable groupings and using them to apply permissions to resources in the entire forest. A global group can only contain user accounts and global groups from the same domain the global group is in. A global group can be changed to a universal group if it is not a member of another global group.
Domain local on the other hand can contain user accounts, global and universal groups from any domain, and other domain local groups from the same domain; furthermore a domain local group can be changed to a universal group only if it does not have other domain local groups as its members. Unlike global groups, domain local groups can be used for assigning permissions within the local domain only.
Overall strategy that I will use to assign permissions to users using groups is to convert the global group to a universal group since universal group is used for assigning permissions throughout the entire forest. Because a universal group can contain user accounts, computer accounts; the strategy that will be used is that when an employee is employed, the job description will be used as a basis of assigning user to a group.
The organizational unit to be created will have the owner/management group at the top of the hierarchy since this group is responsible for policy settings/delegation of administrative authority. The other groups can follow in order of the owner’s preference. I also can create organizational units that contain workstation computers to which policies can be applied.
Management can create an organizational unit by logging on as an administrator, and selecting administrative tools from the program menu, then select active directory users and computers. Right-click the domain object or another organizational unit in which you want to create the organizational units, select add, and then click organizational unit. In the name box, type the name for the new object, and then click ok. An icon with the appropriate name is created and inserted in the list. You can now add other objects to the organizational unit such as users, computers, groups, and other organizational units.
As a guideline, an organizational unit can only be created, if the various departments will be administered separately and/or policies will be applied differently to the various departments, also ensure that it does not contain objects from other domains. Keep in mind, however, that the more complex the OU structure, the more difficult it becomes to administer and consequently the more time-consuming directory queries become.
On this network resources will be shared to enable other user access to shareable resources like printers, file folders, scanners etc. It is however noteworthy to set security on a folder before it is shared.
To share a folder management should lunch a windows explorer and right-click the folder that is to be shared, and then click sharing and security, click share this folder. In the permissions for folder name dialog box, click add, and in the select users or groups dialog box, type the names of the users or groups that you want to add to the shared folder, and then click ok.
Management can connect to the shared folder by using a mapped drive. This can be achieved by first lunching a windows explorer, and selecting map network drive from the tools menu. In the drive box, click the drive letter that you want to use for this mapped drive. In the folder box, type the name of the share to which you want to connect by using Universal Naming Convention (UNC) format (\ComputerNameShareName).
Setting New Technology File Systems (NTFS) permissions can be done by using a Windows Explorer and right-clicking a file, folder, or volume, select properties and then click on the security tab. Under group or user names on the security tab, select a group or user. Then at the bottom allow or deny one of the available permissions.
One of the best practices of doing the above is for management to assign special permissions by clicking the advanced button on the security tab to open the advanced security settings dialog with the permissions tab opened. Here you can add, remove, and edit the permissions for users on a more granular level.
Reference
Article ID: 323420 Last Review: October 30, 2006 Revision: 6.2 http://support.microsoft.com/kb/323420