"Even with smaller organizations, are the IT people the ones who should
be saying who needs to have access to the CFOs information or should it
be the CFO? Just to be honest, there are a lot of areas within a
company that the IT people aren't qualified enough to even hazard a
guess as to who shoul
I can understand your arguments, but the larger the organization, the more likelihood that the groups are controlled by users (in one way or another) anyway. When you've got 100k groups, you have someone listed as a group owner or someone authorized to approve new members of the group and the only
You do make a strong argument, but I'm not sold. The part I can't get past is that the users have the control over adding a sec-prin to be able to "pull" the data. Vs. pushing the protected data via email. The subtlety is important in my opinion.
The only issue I have with the convenience of addi
I don't usually think of these as security-enabled distribution lists, but as mail-enabled security groups that users can manage in the same manner as they do distribution lists. When you think of them that way, it's not quite so painfully stupid.
Don't get me wrong, turning all your DLs into secu
Assume. Hmm.. That's been over done so I'll pass this time :)Harvey, I just replied to a similar thread on this with my thoughts. I won't bore you with repetition. But I'm curious what makes you want to assume anything when it comes to security issues like this? I think it's way to unpredict
Thanks for the doc, Jorge; I'd missed that in my searches. And my initial reaction was "not only no, but hell no!" to the request. But when I examine it logically it's harder to reject out of hand. A little while ago, we did change the default for new DL group requests to be security enabled.
A
My first reaction is, "NOOO" don't do that. That's silly. I absolutely abhor the concept of convenience to this level when it comes to access to secured resources. Saying that, DG's are often created by default as a security group. I'd actually be surprised, and I would applaud the person
have a look at:
Addressing Problems Due to Access Token Limitation
http://www.microsoft.com/downloads/details.aspx?FamilyID=22dd9251-0781-42e6-9346-89d577a3e74a&DisplayLang=en#filelist
http://www.microsoft.com/downloads/details.aspx?FamilyID=4a303fa5-cf20-43fb-9483-0f0b0dae265c&DisplayLang=en