Re: Applied security groups

I expect they are, but the core design is such that everything is a collection of loosely connection parts to help allow for decent scaling. You don't have to tell AD that you are adding a group or other security principal to a resource ACL. To do so, IMO, would be bad as it would introduce a bottleneck and would seriously impact scaling capability. I have yet to have seen any other OS environment scaled to what I have seen Windows Domain environments scaled to so features that are common in some of the other OS environments work fine where they may not actually work in a large Windows environment, especially the ones where I tend to work on.

This really isn't a huge issue unless process hasn't been followed (or in fact defined) or people give out entirely too many rights to too many people who just do things in an AD HOC manner.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Andy Wolsten wrote:
what a nightmare.

microsoft should think about this

"Joe Richards [MVP]" wrote:

There is no centralized repository, you will need to check all securable objects.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Andy Wolsten wrote:
Hi,

I am looking for a way of finding out where certain security groups have been applied. E.g. lists of shares, or other areas that a security group has been applied without having to check permissions of every file share.

is this possible
.

Relevant Pages