agreed with most replies ... as long as you don't create too many individual groups ( so many as to be insane to manage ) I think you're always better off with discreet, granular groups ( ideally with self documenting names too ) so as not to over-permit beyond what is needed ... back to the principle of 'least privledged'
On Tue, Oct 13, 2009 at 8:48 AM, David Lum <[email protected]> wrote: > I am going through file/folder permissions and our security groups in AD > – I imagine some of you guys have hundreds of security groups? For a given > share I have a security group associated (with RWXD perms) with it, and if > some folks need read-only I create another group. I also have groups for > each department and they become members of whatever security group is > associated with access to whatever shares they need. I do the same for > non-shared folders that also need specific permissions. > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
