DOMAIN GROUPS
What
is a group?
A collection of users
a/cs
Used to assign permissions
and rights
Groups can be nested,
ie they can contain other groups
THE
TWO TYPES OF GROUPS
Security groups
for assigning rights/permissions
Distribution groups unrelated
to security, used for sending e-mails etc
The group scope determines
where/how in the network you can use the group
Group
Scopes
Nesting
Eg create Managers group
in each region and then add these groups to the Worldwide Managers group
for access to resources across the network.
Do not
have too many levels of nesting this only makes tracking permissions
more complex.
Document group membership to keep track of permission assignments.
Good
Practice
Assign users with common
job responsibilities to global groups
Create a domain local group
for resources to be shared
Add global groups
who need access to the resources to the domain local group
Assign
resource permissions to the domain local group
(Dont forget to use meaningful group names!)
Universal
Groups
Use to give users access
to resources located in more than one domain
Changes to the membership can
cause unwanted network traffic
Use
the universal group like a domain local group add global
groups from several domains
Built-in
Global groups
Common
ones:
Domain Users
Domain Admins
Domain Guests
Enterprise Admins
Built-in
Domain Local Groups
Common
ones:
Account Operators
Server Operators
Print Operators
Administrators
Guests
Backup Operators
Users
Built-in
System Groups
These
groups cannot be administered and do not have specific membership, but can
represent different users at different times
Common
ones:
Everyone
Authenticated Users
Creator Owner
Network
Interactive
Last Updated
21 February, 2004
Please
Email [email protected]