If you follow MS's AGLP (AGDLP for AD) rules you can limit this somewhat. Assign users to Global Groups, add Global Groups to Local (DOMAIN Local in AD) and only assign permissions to the local groups. You create the appropriate local groups (eg read access, write etc) and only assign permissions once to these groups. Any user changes are done through removal of uses from the Global groups or GG from local groups which doesn't trigger any ACL changes on the files so no extra backups are done. As far as initial security lockdown, this should be done at server setup.
Tim Rushforth City of Winnipeg -----Original Message----- From: Jim Kirkman [mailto:[EMAIL PROTECTED] Sent: March 7, 2003 8:31 AM To: [EMAIL PROTECTED] Subject: Windows ACL changes So, In these security conscious times, some Windows admins are embarking on a mission to 'tighten up' things by removing the Everyone group and doing various other rights changes on a number of servers. I guess the backed up files need to reflect the proper rights, but I'm not really thrilled with the additional backup load. Any ways around that? thanks, -- Jim Kirkman AIS - Systems UNC-Chapel Hill 966-5884
