You might notice that we have used the AGDLP strategy many times during this training and you should know this like the back of your hand; both for real life as well as for the test. For the test you can almost count on having a couple of questions on 72-290 test in regards to accounts to global groups, global groups to domain local groups and then give the domain local groups the permission. They try to confuse and try to make you to think that may be you put the permissions on to the global group or you put the permissions on to the account. So just remember AGDLP. If we add an universal groups but do not nest then it is accounts to global groups, global group to universal groups, universal groups to the domain local group and then give the domain local group permissions. If we nest then it accounts to global groups , global groups to additional global groups then the resulting global group goes into a universal group, universal group goes into a domain local group and we still give the domain local group the permissions. So always remember that main local group gets the permissions and then you can kind of work it backwards from there. Just remember AGDLP.So, the reason that we need to remember this, number 1, for the test but number 2, it is the right way to do it. And if you take a look at the system Microsoft is actually following their own rules. In fact let us go into active directory users and computers for just a minute and let us take a look as the users container. And in the users container we will find the domain admins global group. Since it is security group it is ***. Let us right click on it, click on properties and see about its memberships. Click on members and look administrator or the administrator account is a member of the domain admins global groups. So that accounts to global groups. Now that global groups should go into a domain local group, right? Well, where is domain local group? Let us click on a built in container and we have a domain local group we slide over here we can see that the administrator's security domain local group. It is in the built in container, and if they are following there own rules then the domain admin's group the global group ought to be in it. So let us right click come to properties and darned if it is not. So Microsoft is actually following there own rules so we need to note for the test, but we also need to note because that is the best way to do it. That is the way that the system is designed to work. So the additional things that we need to know for best practices are, number 1 Name global groups based on their membership, when we say based on the member ship we are talking about what the membership does. Means if they all do the same thing they all are in sales, they all are in accounts or payables for example then they have the same needs, And then if they have the same needs then they need the same resources so that is why we are going to group them in the first place to be able to assign them the permissions for resources. So name the global groups based on the membership and based on what they do. On the other hand name the domain local group based on the resources. So, for example a domain local group of color printers might have global groups in it that are from account payable, account receivable, sales, whoever needs to use color printers goes into the domain local group. When the domain local group itself is named based on the resource. We also need to use built in groups whenever possible. How many built in groups do we have, well we have got lots of them. We have got just in member servers; we have got all kinds of default groups. Administrators, backup operators, guests, network configuration operators, performer loggers, power users. Some of these are new to Server 2003 more operators, more desktop users, replicators, user, help services group, telnet clients. I will be familiar with these just in case a test question says should you use this group and this is in default built in group, or should you create a group. And chances are that the right answer is that you use the default group. For domain controllers we have even more groups. For domain controllers we have even more groups, things that we have in domain controllers groups, or groups we have in domain controllers that we don't have in member servers, include domain users, domain admins, possibly enterprise admins, schema admins depending on which machine it is in. So we have lot of different default groups. Those we could be possibly use for ** but there is the general rule is to use the default group before you create a group. So we use groups to manage permissions and there is a lot to managing permissions. We are going to have whole chapter on it. So the next chapter is all about managing permissions. That is next.
TERMS & CONDITIONS OF USE
BY SUBSCRIBING TO THIS SERVICE, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT, THE TERMS AND CONDITIONS OF WHICH SHALL PREVAIL IN GOVERNING YOUR RIGHTS OF USE. BY CLICKING THE "BECOME A MEMBER" BUTTON, THE INDIVIDUAL OR ENTITY LICENSING THE PRODUCT ("YOU") IS CONSENTING TO BE BOUND BY AND IS BECOMING A PARTY TO THIS AGREEMENT. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THE BUTTON INDICATING "BECOME A MEMBER" MUST NOT BE SELECTED, AND LICENSEE MUST NOT INSTALL OR USE THE SOFTWARE.
"VTC" refers to Virtual Training Company,
"You" refers to the user or subscriber.
"Software" refers to the VTC training content and software.
2. LICENSE: VTC hereby grants to You a worldwide, non-royalty bearing, non-exclusive license to use the Software according to the provisions contained herein and subject to payment of the applicable subscription fees.
3. RESTRICTIONS: You may not do any of the following:
Save the Software to Your hard disk or other storage
medium; permit others to use the Software except as specified by addendum;
modify, reverse engineer, decompile, or disassemble the Software; make
derivative works based on the Software; publish or otherwise disseminate
the Software. VTC, Inc., VTC Online University, and the Virtual Training
Company site is owned and operated by VTC, Inc. as a corporation of
All materials on this site are the property of VTC unless otherwise specified. No material from these pages may be copied, reproduced, republished, downloaded, uploaded, posted, transmitted, or distributed in any way. Modification of the materials or use of the materials for any other purpose is a violation of U.S. copyright law and other proprietary rights. For purposes of this Agreement, the use of any such material on any other web site or networked computer environment is prohibited.
4. FEES: The rights granted under this Agreement
are effective only upon payment of the subscription fees, which are
strictly non-refundable other than as expressly provided herein. The
term "monthly subscription" is defined as any 30 day period.
The term "yearly subscription" is defined as one 365 day
period. A yearly subscription ends on the same numerical date as it
began (example July 28, 2004 to July 28, 2005).
The VTC Online University is access to every VTC training tutorial in our library. You pay a flat fee for access to these titles. You are billed according to your renewal selection below, and can renew monthly, yearly, or in any other increment offered. If you choose to be billed monthly, you will be billed every 30 days for the subscription until you request the subscription be cancelled. Our terms of service state that you must cancel a monthly subscription at least two business days before your renewal date. These two days give us enough time to ensure that you will not be charged again.
5. LIMITED WARRANTY: VTC warrants that the Software, if operated as directed, will substantially achieve the functionality described. VTC does not warrant, however, that Your use of the Software will be uninterrupted or that the operation of the Software will be error-free or secure. In addition, the security mechanisms implemented by the Software have inherent limitations, and You must determine that the Software sufficiently meets Your requirements. VTC also warrants that the media containing the Software, if provided by VTC, is free from defects in material from the date You acquired the Software. VTC's sole liability for any breach of this warranty shall be, in VTC's sole discretion: (i) to replace Your defective media or Software; or (ii) to advise You how to achieve substantially the same functionality with the Software as described; or (iii) if the above remedies are impracticable, to refund the subscription fee You paid for the Software. Only if You inform VTC of Your problem with the Software during the applicable subscription period will VTC be obligated to honor this warranty. VTC will use reasonable commercial efforts to repair, replace, advise, or refund pursuant to the foregoing warranty within thirty (30) days of being so notified. If any modifications are made to the Software by You during the warranty period; if the medium is subjected to accident, abuse, or improper use; or if You violate the terms of this Agreement, then this warranty shall immediately terminate. This warranty shall not apply if the Software is used on or in conjunction with hardware or software other than the unmodified version of hardware and software with which the Software was designed to be used as described.
THIS IS A LIMITED WARRANTY, AND IT IS THE ONLY WARRANTY MADE BY VTC OR ITS SUPPLIERS. VTC MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OF THIRD PARTIES' RIGHTS. YOU MAY HAVE OTHER STATUTORY RIGHTS. HOWEVER, TO THE FULL EXTENT PERMITTED BY LAW, THE DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, SHALL BE LIMITED TO THE ABOVE LIMITED WARRANTY PERIOD. MOREOVER, IN NO EVENT WILL WARRANTIES PROVIDED BY LAW, IF ANY, APPLY UNLESS THEY ARE REQUIRED TO APPLY BY STATUTE NOTWITHSTANDING THEIR EXCLUSION BY CONTRACT. NO DEALER, AGENT, OR EMPLOYEE OF VTC IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS TO THIS LIMITED WARRANTY.
6. PROPRIETARY RIGHTS: VTC reserves all proprietary rights in and to the Software, is protected by copyright and other intellectual property laws and by international treaties. VTC, Inc.
Trademark Notice: VTC, Virtual Training Company,
Inc., The VTC Logo, and VTC Online University, are trademarks of VTC,
Inc. All other company and product names may be trademarks of their
The information contained herein is subject to change without notice. Copyright © 1995 - 2005 VTC, Inc. All rights reserved.
7. TERMINATION: This Agreement shall automatically terminate if You fail to comply with the restrictions described herein. Your obligations to pay outstanding subscription fees shall survive any termination of this Agreement.
8. LIMITATION OF LIABILITY: UNDER NO CIRCUMSTANCES
AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL VTC
OR ITS SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON
FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF
ANY CHARACTER, INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL,
WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER
COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL VTC BE LIABLE FOR ANY
DAMAGES IN EXCESS OF THE AMOUNT VTC RECEIVED FROM YOU FOR A LICENSE
TO THE SOFTWARE, EVEN IF VTC SHALL HAVE BEEN INFORMED OF THE POSSIBILITY
DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM VTC'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
9. Links To Other Materials: Linked sites found at the VTC site are not under the control of VTC, and we are not responsible for the content of any linked site or any link contained in a linked site. VTC may change links based solely on our discretion, and we reserve the right to terminate any link or linking program at any time. VTC does not, by linking to sites, endorse companies or products to which it links and reserves the right to note as such on its web pages. If you decide to access any of the third party sites linked to this site, you do this entirely at your own risk.
Forums, and Chat are not always screened by VTC, and we are not responsible for the content of any public or open forum content at the site. VTC may change these public forums based solely on our discretion, and we reserve the right to terminate any forum at any time. VTC does not, by allowing these forums, endorse companies or products which may be mentioned in these forums, and reserves the right to note as such on its web pages. If you decide to access any of the public forums in this site, or linked to this site, you do this entirely at your own risk.
9. GOVERNING LAW & DISPUTE RESOLUTION: This Agreement is governed by Virginia law. All disputes between You and VTC shall be finally resolved through arbitration in Winchester, Virginia. This site is controlled by VTC from its offices within the United States of America. VTC makes no representation that materials in the site are appropriate or available for use in other locations, and access to them from territories where their content is illegal is prohibited. Those who choose to access this site from other locations do so on their own initiative and are responsible for compliance with applicable local laws. You may not use or export the Materials in violation of U.S. export laws and regulations. Any claim relating to the Materials shall be governed by the internal substantive laws of the Commonwealth of Virginia, USA.
VTC may revise these Terms at any time by updating this posting. You should visit this page from time to time to review the then-current Terms because they are binding on you. Certain provisions of these Terms may be superseded by expressly designated legal notices or terms located on particular pages at this Site.
If you have any questions regarding this policy,
or your information specifically,
you may email us at:email@example.com.