RE: A-G-DL-P strategy

yeah...I know.

But in my case, I can't grant permissions to a DLG group, because on the
preferences of the network share on a member server this DLG group did not
appear.

The only groups I can grant permissions are DG groups.
And I don't kow why.

Any idea???


"Neil Ruston" wrote:

> Sorry - acronym error!
>
> I assumed DL = dist list. You mean DL = domain local group. Let me use "DLG".
>
> DLGs can contain members from any domain but can only be used to permission
> resources in the local domain.
>
> GGs can contain members only from the local domain but can be used to
> permission resources in any domain.
>
> (Any domain means any trusting/ed domain)
>
> Does that help?
> neil
>
>
>
>
>
>
> "kr244" wrote:
>
> > Hi,
> >
> > thank you!
> > But if I can't grant rights to DL groups how should the A-G-DL-P strategy
> > work? I'm a little bit confused about that.
> > As far as I understood, permissions should be linked to a DL-group and the
> > accounts should be linked to G-group?!
> >
> > Michael
> >
> > "Neil Ruston" wrote:
> >
> > > DLs are not security groups and as such cannot be used to grant rights to
> > > resources (they have a GUID but no SID).
> > >
> > > Either:
> > > 1. Convert the DL to a security group
> > > or
> > > 2. Create a security group (such as a GG)
> > >
> > > then grant rights to that group created/converted above.
> > >
> > > neil
> > >
> > >
> > >
> > >
> > > "kr244" wrote:
> > >
> > > > Hi,
> > > > I've got a Active Directory domain that contains 2 child domains.
> > > >
> > > > I'd like to publish the A-G-DL-P strategy for network permissions.
> > > > But if I create a DL-group on one of the domain controllers and then try to
> > > > grant permission to this group on a member server network share, this
> > > > DL-group doesn't appear in the list of available groups and users.
> > > > If I create a G-group on a DC and try to grant this group on the share, it
> > > > works perfect.
> > > >
> > > > Any idea why DL-groups didn't appear on the network share?
> > > >
> > > > Thank U!
.

Relevant Pages

  • [UNIX] Privilege Escalation Vulnerability on phpBB
    ... permissions), so although admin rights are needed to view the page, anyone ... Goto the board you wish to change the permissions for in the normal way ... Find the base directory location of the board for the script, ... This bulletin is sent to members of the SecuriTeam mailing list. ...
    (Securiteam)
  • RE: Send As permissions getting overwritten
    ... The issue should be caused that the users are members of the 'Domain ... Apply the 'Users' template to the existing power users using the Change ... User Permissions Wizard. ... >I've set up the security auditing as you've specified, ...
    (microsoft.public.windows.server.sbs)
  • Re: Securing IIS IUSER
    ... so that these account are not effectively Users members, ... > I then explicitly granted it read permissions to the wwwroot, ... Before granting IUSER permission to read the files/folder, ... > are any of these permitting IUSER access to files and folders with "Users" ...
    (microsoft.public.windows.server.security)
  • Re: Whatever happened to Site Groups in WSS 3.0?
    ... enormous number of groups at the site collection level. ... certain lists that are read only to team members) while the same individual ... Team Members) then break the inheritance of permissions on certain lists and ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Problem managing accounts in protected groups
    ... we have two domain admins: ... that someone will give more security permissions to users then to the admins. ... I think you have realized that the account management group is able to reset ... Most members of OU A are either members of Domain ...
    (microsoft.public.windows.server.active_directory)