Re: Best practice for local folder security

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

OK if it is information to obtain regarding what they would be asking you on
cert test then you are best to go with sing local groups and populating them
with domain global or unicersal groups.

What I mean by "Plus it keeps the folder security clean so you don't see all
those SID's and accounts unknown remnants when you view NTFS folder
permissions." Let's say you have a domain group applied to a folder on a
local server NTFS permissions. What happens when you "delete" this group
from AD? Go back and look at the folders NTFS permissions and you will see
what I mean. The group no longer exists so it cannot be resolved and you end
up with those SID remnents. Now if you used local groups populated with
domain global groups and you delete that global group you see no garbage.

"RichGK" <RichGK@xxxxxxxxxxxxx> wrote in message
news:ae6ebc36-9705-46bc-a407-ef3ab53472e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 14 Apr, 18:51, "AllenM" <nore...@xxxxxxxxxxx> wrote:
That's why he is the manager. He is correct. This does stem back from the
NT
best practices days however it still applies. Why? First of all and most
importantly is centralized administration. All administration can be dome
from any AD server. Plus it keeps the folder security clean so you don't
see
all those SID's and accounts unknown remnants when you view NTFS folder
permissions.

Surely you only see SIDs in an ACL if a domain controller can't be
contacted? Also, can you explain what you mean by all administration
can be done from any AD server? As it looks to me that this also
applies to the other method (especially if you are using remote
desktop).

I'm not arguing BTW, just want to understand this as I'm studying for
the MCSA.


.

Relevant Pages

  • Re: Block AOL Inst. Messenger???
    ... and usb ports are disabled in cmos if they are not needed. ... installed The other main thing to do is to tighten up ntfs permissions. ... Other folders added to the root folder since installation should probably ...
    (microsoft.public.win2000.security)
  • Re: Creating "Home" dirs via script
    ... But share access is only half the story; what NTFS permissions ... This script can be "wrapped" in another to create MANY home folders at ... If doesFolderExist = 0 then 'If Folder does not exist, ... Set ace = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Re: Block AOL Inst. Messenger???
    ... > administrator access. ... > installed The other main thing to do is to tighten up ntfs permissions. ... First on the root folder of each ... > Other folders added to the root folder since installation should probably ...
    (microsoft.public.win2000.security)
  • Re: some files are not accessable in shared folder in home network
    ... If you're familiar with NTFS permissions, check 'em yourself and adjust as necessary. ... they're on the Security tab when you right-click on a file or folder and choose Properties. ... computers that have to go to that folder on the primary computer,.. ... It is strange because of the hundred or so .exe files in that folder, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Shared Folder NTFS Permission Problems with Domain Accounts
    ... I just tried sharing the folder using Domain Users and it did indeed work. ... Odd thing was though that the domain was already in Server 2003 native mode. ... You cannot use LOCAL groups of the domain on non-DCs unless you are ...
    (microsoft.public.windows.server.general)