Re: Quick Question - Whats the differance. . .
- From: "Nick" <Nick@xxxxxxxxxxxxx>
- Date: Tue, 17 May 2005 14:43:25 +0100
Jody
Thank you very much for the detailed answer, this has helped very much.
Best regards
Nick
"Jody Flett, JMF Computers Ltd"
<JodyFlettJMFComputersLtd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6BAD5216-A5D1-43DF-982C-8829E212281C@xxxxxxxxxxxxxxxx
>A general rule of thumb is that
>
> Users go into Global Groups
> Global Groups go into Local groups
> Local Groups are assigned access to resources
>
> As already mentioned Server local groups can only be used to grant access
> to
> resources that are local to that Server, and can contain users or groups
> from
> their Domain and any trusted Domain. Domain Local groups can be used to
> grant
> access to resources on any server within the Domain, but can also contain
> users and groups from it's domain and any trusted Domain.
>
> An example of when to use the groups.
>
> The Server local group is used to permission the resource on the Server.
> Reason - the Server Owner/Administrator owns and administers this group,
> and
> controls what it has access to on their server. The Server owner does not
> need to have any rights over AD to do this.
>
> The Domain Local group is created and the Server Owner Adds this to the
> Server Local group. Accounts Administrators can administer this group in
> AD
> and add/remove global groups/Users to the resource as necessary, without
> needing any rights to the Server.
>
> In a large organisation where this type of segregation of duties is more
> common there is perhaps more need for this model. In a smaller
> organisation,
> where server owners/Domain Administrators are one and the same, arguably
> you
> could do without Server local groups and just use domain local groups for
> assigning access to Server Based resorces.
>
> This is just one example of how to use these groups, you will see plenty
> of
> other suggestions on the web. And how your organisation uses the groups
> depends on what you need to achieve eg. for cluster Servers you would more
> likely want to use Domain Local groups as these would span the cluster
> nodes.
>
> I have found a couple of links that discuss group usage, although I find
> alot of them leave out Server Local groups altogether.
>
> http://www.mcpmag.com/columns/article.asp?EditorialsID=181
> http://support.microsoft.com/?kbid=231273
> http://searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1025717,00.html
>
> HTH
>
> Jody
>
> "Nick" wrote:
>
>> Can you please give me an example when you would Local Domain Groups.
>>
>> Also would you add Global Groups to this.
>>
>> Any links with further information would be good
>>
>> Thanks for the responce
>>
>>
>>
>> "Nick" <Nick@xxxxxxxxxxxxx> wrote in message
>> news:3ek1peF3ic4eU1@xxxxxxxxxxxxxxxxx
>> > Whats the differance between Local Server Groups and Local Domain
>> > Groups.
>> >
>> > When would you use Local Domain Groups.
>> >
>> > Thanks
>> >
>> >
>>
>>
>>
.
- References:
- Quick Question - Whats the differance. . .
- From: Nick
- Re: Quick Question - Whats the differance. . .
- From: Nick
- Re: Quick Question - Whats the differance. . .
- From: Jody Flett, JMF Computers Ltd
- Quick Question - Whats the differance. . .
- Prev by Date: Re: local logon locally denied for a domain user from a client workstation
- Next by Date: Re: RE: Need to enable Daylight Savings Cross Domain
- Previous by thread: Re: Quick Question - Whats the differance. . .
- Next by thread: Group Policy does not make changes for Internet proxy settings
- Index(es):
Relevant Pages
|
