On Wed, Aug 18, 2010 at 5:54 PM, David Lum <[email protected]> wrote: >> Not to mention our group name itself is in the form of >> <Server>_<Share>_<RWXD>
Ben replied: > I don't like that because it means if you move servers your group > names either change or become misleading. > > But we otherwise do something similar. Things like "QMS Doc > Editors" and "QMS Doc Readers". Much later, on Mon, Aug 30, 2010 at 11:48 AM, David Lum <[email protected]> wrote: > Having said that, you do bring up a good point to consider > going forward. Is it possible to script changing AD group > names in bulk? I'm sure it can. I would probabbly use some combination of a dump of group names, a text search-and-replace, ADMOD, and/or a batch file. You can get ADMOD from <http://www.joeware.net/freetools/tools/admod/>. I'd bet good money that PowerShell could do it, too. (And that MBS knows how. ;-) ) > If not server names, what do you use for an AD group name used to > accessing file shares? Well, to continue my example, we have a share called "QMSDocs" (it's got our Quality Management System (ISO-9000/AS-9100) controlled documents in it). So we have those groups for "QMS Doc Editors" and "QMS Doc Readers". Editors can make changes, readers can, well, read, and everybody else gets nothing. Our company group that everyone is a member of is a member of "QMS Doc Readers", along with a special guess account used by auditors. Our "Senior QA Staff" group is a member of "QMS Doc Writers". -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9079469 or send a blank email to leave-9079469-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
