User-managed universal groups

From: Stephanie <Stephanie@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Apr 2005 10:19:03 -0700

We currently have some existing universal groups that users maintain by
adding/removing employees. As security administrators, we're pondering the
idea of creating a new policy prohibiting user-managed universal security
groups because of potential security risks. Does anyone have any pros or cons
about this subject?
.

Prev by Date: Re: trying to uninstall AD from a 2003 Machine
Next by Date: Re: trying to connect to new domain
Previous by thread: User profiles do not copy over using ADMT when migrating
Next by thread: XP pro security event log not logging
Index(es):
- Date
- Thread

Relevant Pages

Re: Security Groups issue...
... domain server, the other is a member server. ... I have 2 security groups. ... doesn't even show up in the security selection on the member server. ... Universal groups can contain members from any domain, ...
(microsoft.public.windows.server.active_directory)
Re: securityadmin
... about not having access to select data from syslogins and such. ... have DBA's and security administrators as separate entities? ... No at our shop, however, there is security admin server role. ...
(microsoft.public.sqlserver.security)