- About Us
- IT Services
- IT Security
- Cloud Services
- Who We Help
- Contact Us
You don’t want just anyone snooping around your network, do you? Nor do you want all your employees to have access to financial records and other confidential information.
Administrators can make changes to your network’s configuration, add and remove programs, access all files, and manage other users. They have the ability to set permissions for users on your system.
Administrators manage all the permissions granted to your employees. They have the ability to make operating system changes, install new software, use devices and create and modify user accounts. Make sure only certain trusted users have administrative privileges. This is necessary from a security standpoint.
Administrative privileges are associated with your or a particular user’s account. Administrator users are allowed these privileges while Standard users aren’t.
You shouldn’t use your administrative privileges all the time because you might accidentally change something you didn’t intend to (like delete a system file). If you had administrative privileges all of the time, you might accidentally change an important file or application by mistake. Only using your administrative privileges temporarily, and when you need them, reduces the risk of making mistakes
Each user should be granted different permissions for what they need to do on your network, computers, and applications.
Permissions and Privileges
Permissions are access details given by administrators that define access rights to files on a network. Administrators give users permissions to access specific resources on the network, such as data files, applications, printers, and scanners.
A permission is the property of an object like a file, where users are permitted to read, modify, etc. Folder permissions include things like Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write.
A privilege is a property of a user where they are allowed to do things like performing maintenance functions. For example, an employee who works for your customer service department may be assigned privileges to view a customer’s information that is blocked from other employees.
Permissions and privileges can be granted by owners, administrators, and users with the authorization to grant permissions (typical administrators on a system).
You don’t want to give every user free range where they can access all the same files. You want to manage whether they can add or remove programs, or surf the web freely. Because if someone goes to a site that’s corrupt or includes a virus, your network could be compromised.
Permissions are also applied to secured objects, such as files and folders, Active Directory objects, services, or registry objects. Permissions can be granted to a user, group, or computer. You can assign permissions to objects to the following:
The permissions that are attached to an object depend on the type of object. For example, the permissions that can be attached to a file are different from the permissions that can be attached to a registry key.
When there’s no requirement to have permission to perform an action this termed an automatic privilege. For example, after logging in to a system, logging out won’t require a privilege.
A granted privilege is usually accomplished by logging onto a system with a username and password, then the user can be granted additional privileges.
When assigning file and folder permissions, administrators should keep the following in mind:
Users who have been delegated extra levels of control are called “privileged” users. Users who lack most privileges are defined as “unprivileged,” “regular,” or “normal” users.
Permissions can also be explicitly denied. For example, you might want to allow your administrators to perform an action, but deny this to other users. This gets complicated though—If you explicitly deny domain users, you also deny any domain administrators who are also domain users. (Because many get confused here, you should probably avoid the use of explicit denies unless absolutely necessary.)
If you aren’t sure if you’ve set up the proper administrative permissions and privileges for your business users, contact Colorado Computer Support. We’re always happy to help. Call (719) 355-2440. Or email us at: firstname.lastname@example.org