No need for domain local if only users from the domain will be accessing
the share.  Global Security group, add members to the group, assign
appropriate NTFS permissions to the group on the network share.  The old
NT4 strategy was

 

AGDLP (Accounts --> Global groups, Global groups --> Domain Local
groups, permissions --> Domain Local groups).  You don't need the Domain
Local part any more, especially since both the server and the accounts
are in the same domain.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 

________________________________

From: David Lum [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, April 29, 2008 1:01 PM
Posted To: NTSysadmin
Conversation: AD groups Domain local, global, universal
Subject: AD groups Domain local, global, universal
  

Scenario: Two domains, domain.local and a child domain called subdomain.


 

All users in the company are in subdomain.domain.local, Exchange servers
are in subdomain as well. Effectively *everything* is in subdomain

 

I have a share \\ServerA.subdomain.domain.local\share
<file:///\\ServerA.subdomain.domain.local\share>  and I want to create a
security group to access this share. I'll name it _Servername\Share. A
quick Goggle-fu refresher makes me think in my case the security groups
should be domain local and distribution lists should be global.

 

I have a separate forest (otherdomain.local) that sometimes
subdomain.domain accounts hit, but I don't think it has any bearing on
this decision.

 

Comments?

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"When you step on the brakes your life is in your foot's hands" 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to