Whenever a user does a domain logon, with Active Directory or GroupWise or Samba or just an NT domain, system administration and maintenance may be simplified by creating a custom "group" for security. This security group, with a name like “Syscob Users”, can be given the necessary privileges and permissions to run the Export-It application. Then simply making a user a “Member of” that group will assure that the user possesses the proper security access levels.
Alternately, an Active Directory “security template” could be defined and deployed to the platforms as a Group Policy Object [GPO]. Of course, some requirements (see Basic User Settings) will still require individual configuration for each user due to Windows® design.
Whether such a custom "group" (or GPO) is an advantage, or not, depends on the "logon environment" for the user. Different versions of Windows® have increased restrictions on their pre-defined security groups over time:
Specific requirements are detailed in the preceeding topics and correspond to those of the workstation (i.e. local, not domain or enterprise or network) “Administrators” group for recent Windows® versions. They can be summarized as:
Finally, note that complete access to an entire drive or Registry key is only needed when Installing and Updating (to allow the application disk folders or Registry subkeys to be created). In "strict" security environments these rights could be restricted to specific folders and keys (see the topics below for details) after the initial installation is completed and all Export-It users are registered.
