Re: Security Groups
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 23 Feb 2007 10:40:03 -0700
You would probably be best off doing an inventory of
what exists for permissions and also a use case analysis
of the categories of users in your environment and what
each should be able to access, and then from this transform
what you have inherited into a well-named set of groups
and grants. I attempt to name groups so that they are as
self-documenting as possible, to separate groups of users
and groups that grant resource access, and to make sure
that the groups are used only in accord with their naming
and/or otherwise documented use.
If one gets to the point where one does not know for what
a group is used, things only unravel further from there (new
groups get defined for new uses even when an existing is
appropriate just because no one is sure of the side effects
from reusing the existing for the new purpose, etc.).
As you are finding out, inventorying to find the uses of a
group is a process of exhaustively checking resouces to
discover where the group is used. So, getting the house
in order and keeping it that way is well worth the initial
investment in time/effort.
You are posting via the web portal interface (which I do
not use) and it may well be impossible to cross-post with
that portal. If you are going to make much use of the MS
newsgroups then it may be better if you were to use a
NNTP client (such as is Outlook Express). Just define
a new news server in your choosen news client and tell
it to use msnews.microsoft.com
Roger
"SEgerton" <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ADEC0E0D-B407-454C-9943-B819DC9F032F@xxxxxxxxxxxxxxxx
I just changed over our network from Netware to Active Directory. The
Netware
was here before i started w/ my company and the groups and rights were a
bit
of a mess. Now that i've migrated over to Active Directory. Is there a way
to
tell the rights a Group has to what files and directories? I'd like to
place
these rights in the notes section of the groups. Therefore i know what
groups
i can add people to w/o worrying that i'm giving them rights to something
more then what they need.
And can someone also tell me the correct formating to cross-post within
theses newsgroups. I saw and example on microsoft,
microsoft.public.word.newusers; but i don't really understand that. When i
come in here i usually post in English/Servers/Windows Server/Active
Directory and so on.
.
- Prev by Date: Re: 13552 FrsErrorJournalInitFailed error
- Next by Date: Re: PWD never expires
- Previous by thread: Re: Security Groups
- Next by thread: Re: Security Groups
- Index(es):
Relevant Pages
|
