Skip to main content
Close

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Configuring local groups

  1. Last updated
  2. Save as PDF

In a Windows security domain, users and groups identify users (for example, vsmith) and groups of users (for example, software) on the network. Apart from the user-defined network group names (for example, software, finance, and test), Windows also supports a number of built-in or local groups with each providing various privileges and levels of access to the server on which they have been configured.

These groups exist on every Windows computer. They are not network groups, but are local to each computer. So, the user vsmith may be granted Administrator privileges on one computer and not on another.

On the server, the administrator can add users to any of the following local groups:

  • Root: If a user is a member of the local Root group, the user bypasses all security checks, and can take ownership of any file in the file system.
  • Administrators: If a user is a member of the local Administrators group, the user can take ownership of any file in the file system.
  • Audit Service Accounts: If a user is a member of the Audit Service Accounts group, the server does not add any of their events to the audit log. However, the server does add events to the audit log for any user who is not a member of this group. These events consist of the Windows file access and deletion events which are recorded by the server. As an alternative to the NAS Manager, it is possible to use the localgroup CLI commands to add, remove or display the users for this group.
  • Backup Operators: If a user is a member of the local Backup Operators group, the user bypasses all security checks, but cannot take ownership of a file in the file system. The privilege to bypass all security checks in the file system is required for accounts that run Backup Exec or perform virus scans. Virus scanner servers that are a part of the Backup Operators group can, however, take ownership of any file in the file system.
  • Forced Groups: If a user is a member of the local Forced Groups group, when the user creates a file, the user’s defined primary group is overridden and the user account will be used to indicate the file creator’s name.
Parent Topic
  • File Services Administration Guide

    This guide explains about file system formats, and provides information about creating and managing file systems, and enabling and configuring file services (file service protocols).

Child Topics

Adding a local group or local group members

You can add a local group or local group members in the NAS Manager.

  1. Navigate to Home File Services Local Groups to display the Local Groups page.

  2. If necessary, click Change to select a different EVS security context or to select the global configuration. Changes made to local groups using this page apply only to the currently selected EVS security context.

    • If an EVS uses the Global configuration, any changes made to the global configuration settings will affect the EVS.
    • If an EVS uses an Individual security context, changes made to the global configuration settings will not affect the EVS. To manage local groups for an EVS that uses an individual security context, you must select the EVS' individual security context to make changes, even if those settings are the same as the settings used by the global security context.

  3. Click add to display the Add Local Group page.

    GUID-041407E9-0CC8-45B4-824B-B68CC451F6A2-low.png

    The following table describes the fields on this page:

    Field/Item Description
    Group
    • Select Use existing local group and then select from the list to add from an existing local group.
    • Select Add new local group and then enter the name to add a new local group.
    Members Enter the member's user name and then click add. To remove a member's user name, click on the X button.

  4. To add a new member to an existing local group, complete the following.

    1. Select the Use existing local group option.

    2. Using the list of local groups, select the group to which you want to add a member.

    3. Enter the new member's user name in the Members field.

    4. Click add.

    5. Repeat steps to add more members.

    6. Click OK.

  5. To add a new local group, complete the following:

    1. Select the Add new local group option.

    2. Enter the new local group name in the Members field.

    3. If necessary, you can now enter group members for the new group. To enter members user names, enter each member's user name in the Members field.

    4. Click add.

    5. Repeat steps to add more members.

Parent Topic

Deleting a local group or local group members
Once created, group names may not be changed. To change a group name, you must delete the group, then create a new group, and add members to the new group.

Procedure

  1. Navigate to Home File Services Local Groups to display the Local Groups page.

  2. If necessary, click Change to select a different EVS security context or to select the global configuration. Changes made to local groups using this page apply only to the currently selected EVS security context.

    Deleting a local group is a two-stage process; you must delete all members of the group before you can delete the group itself.

  3. Delete all members of the group:

    1. Fill the check box next to all members of the group you want to delete.

    2. Click delete to delete the selected group members.

    3. Click OK to confirm the deletion return to the Local Groups page.

  4. Delete the local group:

    1. Fill the check box next to the group you want to delete.

    2. Click delete to delete the selected group.

    3. Click OK to confirm the deletion return to the Local Groups page.

Parent Topic

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Page Type
    Documentation Article
  2. Tags
    1. administrator
    2. HNAS 13.9