Domain or server local security
groups form the backbone of
the permission assignments
in my development and production
environments. I might grant
permissions to individual users in a handful
of situations, but generally I follow the
best practice of granting permissions
to groups, then adding user IDs to
those groups. To remove a user's
access, I just remove the user's
account from the group. Scripting can
further simplify management of local
groups by letting you quickly
enumerate the membership of the groups,
add and remove members, and
modify group properties.
You can use several local
group-related utilities—Local, Findgrp,
Cusrmgr, MemberOf, and LG—with your
command-shell scripts. Table 1 summarizes what you can use these tools
for and where you can find them. The
following FAQs will help you identify
the best tool for specific situations.
These FAQs include five handy scripts
to demonstrate how to use the tools.
The sample scripts don't use every
feature of these tools, so you'll want to
check each tool's online Help to learn
more about the tool's capabilities. You
can download these scripts, including
instructions for customization, from
the Windows Scripting Solutions Web
site. . . .
)
khdba July 27, 2006 (Article Rating: