Re: Global Groups
From: Herb Martin (news_at_LearnQuick.com)
Date: 09/28/04
- Next message: Cary Shultz [A.D. MVP]: "Re: Unable to add W2K Pro station to AD"
- Previous message: Brian Desmond [MVP]: "Re: Publish Printers and Windows security?"
- In reply to: Last time a global group was used.: "Global Groups"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 18:31:34 -0500
"Last time a global group was used." <Last time a global group was
used.@discussions.microsoft.com> wrote in message
news:F7E0B73A-E6CE-41C3-A38D-E47876CAF72A@microsoft.com...
> Does anyone know how to find out the last time a global group, (security
and
> distribution) was used by one of its members?
>
> i have over 250 global groups and i am looking to get rid of some. i only
> have ten that don't have members.
In some sense the question misunderstands what happens.
What do you really wish to accomplish?
When a user logs on (actually computers too) the successful
authentication returns the user's "Security Access Token" which
is a list of the User's SID, and every SID to which the User is
a member of the Group, and the list of Rights assigned to these
SIDs.
(It also has some housekeeping stuff like Kerberos tickets,
expirations, and such.)
So in theory, anytime anyone who is in a group logs on, then the
group is "used" as much as it ever is (except administratively.)
Now, if you mean when is a User granted access to a resource
by means of that SID you could AUDIT some resources (files
on a particular server) against access by that Group.
-- Herb Martin
- Next message: Cary Shultz [A.D. MVP]: "Re: Unable to add W2K Pro station to AD"
- Previous message: Brian Desmond [MVP]: "Re: Publish Printers and Windows security?"
- In reply to: Last time a global group was used.: "Global Groups"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
