Employees in an organization often require different levels of access to data. For example, a manager and an accountant might be the only employees in an organization with access to the payroll files.
Employees can be grouped by job requirements and given access to files according to group permissions. This process helps manage employee access to the network. Temporary accounts can be set up for employees that need short-term access. Close management of network access can help to limit areas of vulnerability that might allow a virus or malicious software to enter the network.
Terminating Employee Access
When an employee leaves an organization, access to data and hardware on the network should be terminated immediately. If the former employee has stored files in a personal space on a server, eliminate access by disabling the account. If the employee’s replacement requires access to the applications and personal storage space, you can re-enable the account and change the name to the name of the new employee.
Temporary employees and guests may need access to the network. For example, visitors might require access to email, the Internet, and a printer on the network. These resources can be made available to a special account called Guest. When guests are present, they can be assigned to the Guest account. When no guests are present, the account can be disabled until the next guest arrives.
Some guest accounts require extensive access to resources, as in the case of a consultant or a financial auditor. This type of access should be granted only for the period of time required to complete the work.
To configure all of the users and groups on a computer, type lusrmgr.msc in the Search box, or Run Line utility.