No need for domain local if only users from the domain will be accessing the share. Global Security group, add members to the group, assign appropriate NTFS permissions to the group on the network share. The old NT4 strategy was
AGDLP (Accounts --> Global groups, Global groups --> Domain Local groups, permissions --> Domain Local groups). You don't need the Domain Local part any more, especially since both the server and the accounts are in the same domain. James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services ________________________________ From: David Lum [mailto:[EMAIL PROTECTED] Posted At: Tuesday, April 29, 2008 1:01 PM Posted To: NTSysadmin Conversation: AD groups Domain local, global, universal Subject: AD groups Domain local, global, universal Scenario: Two domains, domain.local and a child domain called subdomain. All users in the company are in subdomain.domain.local, Exchange servers are in subdomain as well. Effectively *everything* is in subdomain I have a share \\ServerA.subdomain.domain.local\share <file:///\\ServerA.subdomain.domain.local\share> and I want to create a security group to access this share. I'll name it _Servername\Share. A quick Goggle-fu refresher makes me think in my case the security groups should be domain local and distribution lists should be global. I have a separate forest (otherdomain.local) that sometimes subdomain.domain accounts hit, but I don't think it has any bearing on this decision. Comments? Dave Lum - Systems Engineer [EMAIL PROTECTED] - (971)-222-1025 "When you step on the brakes your life is in your foot's hands" CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
