Re: how to restrict users to search in their own Organizational Unit
- From: lao.nightwolf@xxxxxxxxx
- Date: 15 Dec 2006 07:38:54 -0800
Thank you all for your contributions.
However our main concern is that MOSS2007 Admins (some of our customers
are Sharepoint admins) cannot see user in other Organizational Units.
Herb Martin schreef:
I'm my opinion, at the end, even if you implement scripts, it's all about
groups... You can't do this by user scope, you must use groups, so why
mess with defaults when we can take advantage of MOSS capabilities.
What is MOSS?
"Microsoft Office SharePoint Server (MOSS)"
Agree about Groups, but the point was that maintaining the membership
of the group as you add, delete, and move users among OUs needs to
be automated -- especially if security depends on it (which I am not
convinced of in this scenario but did seem to be his goal.)
With a Script you can schedule it to to regular maintenance on the
groups so that they stay consistent with OU memberships.
And he asked how he was supposed to do all this for MANY OUs
even initially. Answer: Write a script.
In a large domain, manually ensuring new users have
the correct group membership (when failure to do so
will expose a security hole rather than allow access
and thus have the user complaining) is a very easy
thing to mess up.
Yes I agree in this point, that's why I suggested to take advantage of
MOSS Groups and AD Groups.
Pretty easy (In my opinion)
Maybe MOSS is some automatic group maintenance I don't
know about -- which is fine and if that is so it will perform
exactly the same goal as the script idea as long as it also
handles the initial setup that concerned the poster.
The point of the script was to AUTOMATE, not to build the
script for the sake of a script.
Create MOSS security groups, relate them with AD groups then when a new
user is needed just place it in the correct group.
That is the ISSUE: Most peole will not be able to ensure
that such group memberships are maintained over time if
it involves manual steps AND requires one "remember"
to do them.
If MOSS Admins need to administer users and/or group membership, just
create a mmc console and delegate the proper rights for them.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- References:
- how to restrict users to search in their own Organizational Unit
- From: lao . nightwolf
- Re: how to restrict users to search in their own Organizational Unit
- From: Jorge Silva
- Re: how to restrict users to search in their own Organizational Unit
- From: lao . nightwolf
- Re: how to restrict users to search in their own Organizational Unit
- From: Herb Martin
- Re: how to restrict users to search in their own Organizational Unit
- From: MPerrault
- Re: how to restrict users to search in their own Organizational Unit
- From: Herb Martin
- Re: how to restrict users to search in their own Organizational Unit
- From: Jorge Silva
- Re: how to restrict users to search in their own Organizational Unit
- From: Herb Martin
- Re: how to restrict users to search in their own Organizational Unit
- From: Jorge Silva
- Re: how to restrict users to search in their own Organizational Unit
- From: Herb Martin
- how to restrict users to search in their own Organizational Unit
- Prev by Date: Head Office and Remote sites
- Next by Date: Re: Help searching Active Directory for UserID
- Previous by thread: Re: how to restrict users to search in their own Organizational Unit
- Next by thread: Re: how to restrict users to search in their own Organizational Unit
- Index(es):
Relevant Pages
|
Loading
