RE: global local security group question

It depends on the size of your enviroment, but as ptwillams says, using only
global groups will do the job, and it will also be my personell recomendation.

Since you are asking for "the Microsoft way" of doing it:
Acoounts into Global Groups
Global Groups into Domain Local Groups
Assign permissions to Domain Local Groups.

In a multi domain enviroment, were the domains are in native mode or higher,
"the Microsoft way" wil be:
Acoounts into Global Groups
Global Groups into Universal Groups
Universal Groups into Domain Local Groups
Assign permissions to Domain Local Groups.

This will also be the "Exam way" of doing it ;-)

Tor H.




"Mike Brearley" wrote:

> What's the proper way to setup security for a shared data directory?
>
> Say I have the following directories:
>
> Accounting
> Engineering
> Human Resources
> Manufacturing
> Marketing
> Purchasing
> Shared
>
> In AD, there are global groups, i.e. Accounting_Read, Accounting_Full,
> All_Users, Engineering_Read, etc . . . which the appropriate user accounts
> are members of. Now, should I create local groups in AD and assign the
> global group as a member of the local group and then assign the local group
> access to the directories on the file server? Or should I leave out the
> local groups and just assign the global groups permissions to the
> directories? Or should I create groups on the file server itself and assign
> the global groups as members of the file server level groups and assign the
> file server level groups access to the directories?
>
> I know it works any way I do it, but what is the proper (Microsoft) way of
> doing it?
>
> --
> Posted 'as is'. If there are any spelling and/or grammar mistakes, they
> were a direct result of my fingers and brain not being synchronized or my
> lack of caffeine.
>
> Mike Brearley
>
>
>
.

Relevant Pages

  • Re: Everyone, Users, and Guests
    ... Domain Guests = anonymous logons (the Guest account is ... Domain Users = domain's authenticated users (a member of ... Global Groups go into Local Groups, ... Local Groups are given permissions to resources. ...
    (microsoft.public.win2000.security)
  • Re: I cant put a Group in a Group ??
    ... Global Groups Cannot be added to Local Groups ... Have users accounts and global groups as members. ... Have users, global groups, and universal groups from any domain as ...
    (microsoft.public.windows.server.active_directory)
  • Re: global local security group question
    ... Microsoft MVP - Directory Services ... > In AD, there are global groups, i.e. Accounting_Read, Accounting_Full, ... should I create local groups in AD and assign the ... > group access to the directories on the file server? ...
    (microsoft.public.windows.server.active_directory)
  • RE: Query re NT4 Domain Local Groups
    ... The Recommended Migration Order is listed below for your reference: ... | I have a query regarding NT4 Domain Local Groups. ... NT4 domain server which has local and global groups. ...
    (microsoft.public.windows.server.migration)
  • global local security group question
    ... What's the proper way to setup security for a shared data directory? ... In AD, there are global groups, i.e. Accounting_Read, Accounting_Full, ... should I create local groups in AD and assign the ... Or should I create groups on the file server itself and assign ...
    (microsoft.public.windows.server.active_directory)
Loading