Link to discussion of AG/RG method: http://technet.microsoft.com/en-us/library/cc740013(WS.10).aspx
It may be helpful to preface your security group names with AG_ RG_ ACL_ to differentiate between the group types. <http://technet.microsoft.com/en-us/library/cc740013(WS.10).aspx>-Jeff Steward On Mon, Aug 30, 2010 at 12:06 PM, Andrew S. Baker <[email protected]> wrote: > +1 > > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > * * > On Mon, Aug 30, 2010 at 11:56 AM, Ken Schaefer <[email protected]>wrote: > >> For scalability you should use an Authorisation Group -> Resource Group >> strategy. >> >> Your AGs are based on teams or departments. Your RGs are assigned to the >> ACLs for each resource. You put your AGs into your RGs. This makes >> provisioning/deprovisioning simple. >> >> Your RGs probably shouldn't have the server name embedded. You use DFS-N >> right? So, the RG can be based on the share name and the type of access. >> >> For really small environments your strategy can work, but it won't scale. >> >> Cheers >> Ken >> >> -----Original Message----- >> From: David Lum [mailto:[email protected]] >> Sent: Monday, 30 August 2010 11:48 PM >> To: NT System Admin Issues >> Subject: RE: Finding unused/dead groups? >> >> In no environment (of six that I manage) have I moved servers outright >> where this would be an issue, replacement file servers (quite rare in fact) >> inherit the same name and new servers get new groups. >> >> Having said that, you do bring up a good point to consider going forward. >> Is it possible to script changing AD group names in bulk? If I had 20 group >> names that started SERVER1_ change them to SERVER2_ ? >> >> If not server names, what do you use for an AD group name used to >> accessing file shares? >> >> Dave >> >> -----Original Message----- >> From: Ben Scott [mailto:[email protected]] >> Sent: Wednesday, August 18, 2010 3:08 PM >> To: NT System Admin Issues >> Subject: Re: Finding unused/dead groups? >> >> On Wed, Aug 18, 2010 at 5:54 PM, David Lum <[email protected]> wrote: >> > Not to mention our group name itself is in the form of >> > <Server>_<Share>_<RWXD> >> >> I don't like that because it means if you move servers your group names >> either change or become misleading. >> >> But we otherwise do something similar. Things like "QMS Doc Editors" and >> "QMS Doc Readers". >> >> -- Ben >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9079487 or send a blank email to leave-9079487-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
