RE: Security groups redux

Mon, 21 Dec 2009 14:21:46 -0800 

Thanks, my thinking (almost) exactly.

Dave


From: Ken Schaefer [mailto:[email protected]]
Sent: Thursday, December 17, 2009 6:52 PM
To: NT System Admin Issues
Subject: RE: Security groups redux

Hi,

IMHO

The easiest way to maintain something that has to scale is to have users 
organised into their functional groups (e.g. a project team or department), and 
these groups are nested into resource control groups.  (User -> AG -> RG -> 
Resource): http://technet.microsoft.com/en-us/library/cc740013(WS.10).aspx

That way, when someone joins/moves/leaves, you just remove them from the team 
group, and put them into their new team group, and they get all the access they 
are supposed to.

Cheers
Ken

From: James Rankin [mailto:[email protected]]
Sent: Thursday, 17 December 2009 3:47 AM
To: NT System Admin Issues
Subject: Re: Security groups redux

I always go for the old style method - one group per function (and a good 
description!). When someone has to follow your work, it's a lot easier 
following this method than groups that are "nested" into loads of different 
functions. There's a little more overhead in setup, but it more than makes up 
for it for ease of use. I have groups for drive mappings, printer mappings, 
websense access, file share access, distribution group membership, application 
deployment, etc. etc. YMMV
2009/12/16 David Lum <[email protected]<mailto:[email protected]>>
Creating AD security groups...do you guys generally have a group for each 
department, a group for each file share, and various distribution groups?

It seems it would make sense to have a group for say, the Marketing department 
and this group is a member of various file share and distribution lists. That 
way as long as Bob is a member of Marketing department he will  then have all 
the file access and get the proper e-mails. Since we SharePoint I also figure I 
can use AD groups instead of SharePoint group sand basically treat SharePoint 
the same as file shares when it comes to group creation.

Am I overlooking anything?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764








--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to