当我向 Windows(7 或 Server 2k8)添加新用户并将其设为管理员组成员时,保留或删除用户成员身份是否重要?大多数情况下,我会删除用户成员身份,因为它看起来是多余的,但这重要吗?
答案1
这很重要,因为拒绝权限优先于允许。如果您的用户对任何内容具有拒绝权限,则他们的管理员身份将不允许他们访问该资源。您可以通过创建拒绝权限来列出文件夹的内容,从而对用户进行测试,您将收到以下警告对话框:
---------------------------
Security
---------------------------
You are setting a deny permissions entry. Deny entries take precedence over allow entries. This means that if a user is a member of two groups, one that is allowed a permission and another that is denied the same permission, the user is denied that permission.
Do you want to continue?
---------------------------
Yes No
---------------------------
因此,除非您计划永远不向用户分配拒绝,否则请从用户组中删除管理员。