Re: Global Scope
- From: Eric Eastridge <not4you@xxxxxxxxx>
- Date: Sat, 11 Jun 2005 01:29:05 -0400
luke.us@xxxxxxxxx wrote:
Hello there. I need someone to explain the differences between Domain Local, Global and Universal Groups. I pick up concepts very quickly, but this one just has me at a loss. I have read three separate study guides and still cannot understand global scope.
The article I am in front of right now reads;
" ... The easier, more accurate and secure way to assign the permissions needed would be to create a Domain Local group and assign it the required permissions on the file shares. "
Which I completely understand. Very straight forward, if it ended there...
" After doing this, the administrator could create a Global group and place the 20 user accounts into that Global group. Adding the Global group to the Domain Local group results in all 20 users inheriting the Domain Local group's assigned permissions ... "
What? Why would you do that? Surely you would simply assign the users to the Domain Local group, as outlined in the first paragraph. Why does the Global group even come into play?
I really need some help on this one.
Thanks,
Luke O'Connell luke.us@xxxxxxxxx
this all depends on the size of your environment. as an administrator you always want to assign permissions to groups rather than users. It is easier to add one global group to a domain local group than adding 5000 users to a domain local group. Now it is true that you have to add the users to the global groups, but say you have 1000 domain local groups that need the users assigned to them, it is much easier to use global groups rather than adding each user to each group. It is all about organization and ease of administration.
again this all depends on the environment. if you have 10 - 20 users you can just add then to the domain local, but remember Microsoft is targeting large networks on exam 70-290, a user range of 250 - 5000.
an easy way to help with this is to remember domain local groups are for assign rights to resources, and global groups are for assigning rights to users. you should always whenever possible assign rights to groups rather then users. this makes administration much easier.
hope this helps .
- References:
- Global Scope
- From: luke . us
- Global Scope
- Prev by Date: Re: Allow log on locally in Default Domain Controller Policy.
- Next by Date: Re: MCSE to be scrapped
- Previous by thread: Global Scope
- Next by thread: Re: Global Scope
- Index(es):
