Re: global local security group question

---

• From: "Chriss3 [MVP]" <noSpamHere@xxxxxxxxxx>
• Date: Tue, 12 Apr 2005 20:21:43 +0200

---

Hello,
Sounds like you have a very good way of doing this, I suggest that going
with the global groups is fine.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Mike Brearley" <nospam@xxxxxxxx> skrev i meddelandet
news:eFCU8M4PFHA.1172@xxxxxxxxxxxxxxxxxxxxxxx
> What's the proper way to setup security for a shared data directory?
>
> Say I have the following directories:
>
> Accounting
> Engineering
> Human Resources
> Manufacturing
> Marketing
> Purchasing
> Shared
>
> In AD, there are global groups, i.e. Accounting_Read, Accounting_Full,
> All_Users, Engineering_Read, etc . . . which the appropriate user accounts
> are members of. Now, should I create local groups in AD and assign the
> global group as a member of the local group and then assign the local
> group access to the directories on the file server? Or should I leave out
> the local groups and just assign the global groups permissions to the
> directories? Or should I create groups on the file server itself and
> assign the global groups as members of the file server level groups and
> assign the file server level groups access to the directories?
>
> I know it works any way I do it, but what is the proper (Microsoft) way of
> doing it?
>
> --
> Posted 'as is'. If there are any spelling and/or grammar mistakes, they
> were a direct result of my fingers and brain not being synchronized or my
> lack of caffeine.
>
> Mike Brearley
>
>


.

---

• References:
  • global local security group question
    • From: Mike Brearley

• Prev by Date: Re: AD
• Next by Date: Add Shortcut Icon to user's Desktop
• Previous by thread: global local security group question
• Next by thread: Re: global local security group question
• Index(es):
  • Date
  • Thread

---

Relevant Pages global local security group question ... What's the proper way to setup security for a shared data directory? ... In AD, there are global groups, i.e. Accounting_Read, Accounting_Full, ... should I create local groups in AD and assign the ... Or should I create groups on the file server itself and assign ... (microsoft.public.windows.server.active_directory) Re: howto: migrate fileserver resources from NT4 BDC to W2003 member server ... Actually Microsoft suggest Add Domain Global Group to Domain ... Local Group,not the local group of member server. ... >>environments to make global groups, put people in global groups, make ... >>permissions to files and directories to this local groups. ... (microsoft.public.windows.server.migration) RE: global local security group question ... global groups will do the job, and it will also be my personell recomendation. ... Assign permissions to Domain Local Groups. ... Or should I create groups on the file server itself and assign ... (microsoft.public.windows.server.active_directory) Re: howto: migrate fileserver resources from NT4 BDC to W2003 member server ... groups into Local groups" in AD domain, not NT4 domain. ... Microsoft Online Partner Support ... >>global groups and domain local groups. ... (microsoft.public.windows.server.migration) RE: Best way to assign NTFS permission in order to migrate to AD on W2K3 ... the Win 2000 file server in NT 4 domain? ... If you will move the file server to Windows 2003 domain, ... add the certain global groups to the domain local group. ... This posting is provided "AS IS" with no warranties, ... (microsoft.public.windows.server.migration)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)