Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Easy explanation of security groups?

Status
Not open for further replies.
xjbone

xjbone

MIS
Jun 8, 2005
6
US
OK, I'm currently studying for the Windows 2003 MCSE (passed the 70-270 XP exam yesterday), and the one thing I can't sem to grasp is the differences between the security groups (Domain Local, Global and Universal), and when to use them.

In real life, my w2k3 domain (a single domain in the forest) only uses global goups (in mixed mode), and it works out just fine for me, so I never really had a need for DL or Universal groups (at least I don't think I did).

Has anyone come up with an easy way to remember this info? Keep in mind, I want to actually learn this stuff, not just know the answers I need for the exam.

Any help is GREATLY appeciated.

Thanks in advance!

-DP

MCSE NT 4.0
MCSE 2000
A+
 
Sort by date Sort by votes
When I was on my 290/291 bootcamp, the instructor gave an easy way of remembering the order of determining group usage when nesting:

AGGUDLP - All Good Girls Usually DownLoad Pictures

Account - Global - Global - Universal - Domain Local - Printer

Printer - refers to the resource you want to secure.
Account refers to the user object of the person to grant rights to the resource.
You remove Global groups from the list when you don't have such a complex security hierarchy.
Remove Universal if you don't need to link two domains in a hierarchy.

The rule is that the sentence should always make good grammatical sense.

John
 
Upvote 0 Downvote
xjbone,

I had a similar drill in school.

[User] Accounts > Global Groups > [Universal Groups >] Domain Local Groups.

User Accounts never get access to a resource individually. They become members of Global Groups instead.

[Global Groups become members of Universal Groups if they need access to resources outside of the local domain.]

Domain Local Groups have Global Groups and/or Universal Groups as members. Domain Local Groups are the only level where access to resources is actually allowed or denied.

I think that there was a clever mnemonic for this, but if so I forget it.

Wishdiak
A+, Network+, Security+, MCSA: Security 2003
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MAZZ75
  • Locked
  • Question
Security + Prep
Replies
1
Views
77
RyanSW
RyanSW
enet
  • Locked
  • Question
Binary software for security assessments
Replies
0
Views
73
enet
enet
Starwind
  • Locked
  • Question
Microsoft Certs explanation please 1
Replies
7
Views
112
Starwind
Starwind
SteveTheGeek
  • Locked
  • Question
What do you do with out-of-date cert books? 1
Replies
5
Views
118
itsp1965
itsp1965
skk391
  • Locked
  • Question
CCNA Security - VPN section help please.
Replies
3
Views
83
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top