Win 2003 - DAC or RBAC?

jdredd

I am not an MCSE and know only a little (really a little) about setting up AD. I find the Security groups kind of confusing as in universal, global, and domain local groups with the default groups like Account Operators, Administrators, etc, and the special groups of Everyone, Network, Interactive AND nesting and all of the combinations therein.

Anyway, I am pretty sure this isn't MAC, but it seems like it is kind of a combination of RBAC and DAC. Is there any magic clarity for this?

I don't think this is rule based access control, but maybe you could use it for that?

Webmaster

I'm just going to quote myself here:

Security+ TechNotes wrote:

Modern operating systems use a combination of the described access control models. Although Windows NT doesn't actually use the RBAC model, it simulates it by using built-in groups, such as Power Users, Server Operators and Backup Operators. An administrator can add additional roles typically based job functions and departments. Users with the appropriate permissions can share resources such as files and printers, and give access to other users and/or groups at their own "discretion".

Remember from our previous discussion that they are 'models'. Modern OSs can be built (partly) according to these models, but there's not a one-on-one relationship between a particular model and Windows.