Security Groups issue...
- From: Kshaeta <visual.eyes@xxxxxxxxx>
- Date: Thu, 19 Oct 2006 14:53:23 -0700
*** Note, I posted this is the "security" group, but someone suggested I put it here to get an answer. ***
One reason I ask, is because of this problem. I have two security groups, within my domain, and two servers in my domain. One server is a domain server (DOM), the other is a member server (MEM).
I have 2 security groups. The difference between the two is one is a DLS group, the other is a GS group. The DLS one doesn't allow the security group to be set on servers other than the domain servers. That is, if you are on DOM and you create a directory, you can grant it "Information Systems_DLS" security, or "Information Systems_GS" security. But if you log on to MEM, and try that it won't work. You need to grant it "Information Systems_GS". The option to grant any DLS doesn't even show up in the security selection on the member server.
I don't really grasp this. Should "Domain level Security" allow you to grant that security group to any member server?
I know how security groups work together, how certain ones can't be part of others, etc. But I don't really understand how they work, or where and when to use them.
Where are DLS (Domain Local Security) groups used, and why?
How about GS (Global Security) groups? Universal Security groups?
Is there any good documentation that explains how these are used and why?
Thanks for any info.
--
Bill Tkach
MSP, A+
visual{period}eyes{period}this{at}gmail{period}com
.
- Follow-Ups:
- Re: Security Groups issue...
- From: Trevor Sullivan
- Re: Security Groups issue...
- From: Jorge Silva
- Re: Security Groups issue...
- From: Herb Martin
- Re: Security Groups issue...
- Prev by Date: Re: Group Policy Editor not allowing GP changes
- Next by Date: Re: ADAM Replication Service Account
- Previous by thread: Re: Windows 2003 trust
- Next by thread: Re: Security Groups issue...
- Index(es):
Relevant Pages
|
Loading
