Even with smaller organizations, are the IT people the ones who should
be saying who needs to have access to the CFOs information or should it
be the CFO? Just to be honest, there are a lot of areas within a
company that the IT people aren't qualified enough to even hazard a
guess as to who should
I don't usually think of these as security-enabled distribution lists, but as mail-enabled security groups that users can manage in the same manner as they do distribution lists. When you think of them that way, it's not quite so painfully stupid.
Don't get me wrong, turning all your DLs into
You do make a strong argument, but I'm not sold. The part I can't get past is that the users have the control over adding a sec-prin to be able to pull the data. Vs. pushing the protected data via email. The subtlety is important in my opinion.
The only issue I have with the convenience of adding
I can understand your arguments, but the larger the organization, the more likelihood that the groups are controlled by users (in one way or another) anyway. When you've got 100k groups, you have someone listed as a group owner or someone authorized to approve new members of the group and the only
Thanks for the doc, Jorge; I'd missed that in my searches. And my initial reaction was not only no, but hell no! to the request. But when I examine it logically it's harder to reject out of hand. A little while ago, we did change the default for new DL group requests to be security enabled.
And
Assume. Hmm.. That's been over done so I'll pass this time :)Harvey, I just replied to a similar thread on this with my thoughts. I won't bore you with repetition. But I'm curious what makes you want to assume anything when it comes to security issues like this? I think it's way to
From: [EMAIL PROTECTED] on behalf of Harvey Kamangwitz
Sent: Sat 2006-10-21 01:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security-enable all your distribution lists?
Hi all,
I'm interested in your opinion here, and perhaps a heads-up on requirements
My first reaction is, NOOO don't do that. That's silly. I absolutely abhor the concept of convenience to this level when it comes to access to secured resources. Saying that, DG's are often created by default as a security group. I'd actually be surprised, and I would applaud the person
Hi all,
I'm interested in your opinion here, and perhaps a heads-up on requirements that may be coming your way.
We have a request from the sharepoint team to security-enable all of our 18,000 distribution lists. Our concern, naturally, is token size. What will this do to Joe User's access
