Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Security Policy

Status
Not open for further replies.
GlenJohnson

GlenJohnson

MIS
Aug 2, 2001
5,203
US
I'm a little confused about active directory users and groups. If I understand it, when I create a group, then add members, they can then be given rites to folders. Should I be giving the groups security settings at the folder level, or adding members to the security settings of the group, since some need read only and others need read/write. I've created groups in the past and have created the security settings at the folder level. Give a group access to the folder with the proper rites. Now, however, we're pushing for a full blown switch from novell to W2K, and as I said earlier, some people need read only, and others read/write. Security has to be set at the group level in this instance, correct? (I'm just trying to get this clear in my head. I've got about a 150 groups to create, and we have 250 users and the boss doesn't want to use the tools that would do this automatically for us. Want's me to do it manually.) Thanks. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"We will either find a way, or make one".
Hannibal (247-183 B.C.); Carthaginian general.
 
Sort by date Sort by votes
Create Security groups, add users to the appropriate groups, and apply file/directory permissions to the groups. Obviously, you won't be putting people who need different levels of access to the same files into the same groups...
 
Upvote 0 Downvote
Obviously, you won't be putting people who need different levels of access to the same files into the same groups... Why? I can add different users to the same group, and give some read only, and others read/write at the group level. I don't see a need to create a group that has read only access, and a second group that needs read/write. Thanks. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"We will either find a way, or make one".
Hannibal (247-183 B.C.); Carthaginian general.
 
Upvote 0 Downvote
Obviously - i dont understand why an mcp is asking these questions
 
Upvote 0 Downvote
Because someone who isn't an MCP told me I was crazy. I should have known better than to listen. He wanted me to set up the new server based on a Novell 4.0 file structure. That's what I get for working for a boss who only knows novell. He got me to a point where I started doubting myself. Last time that will happen. Thanks. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"We will either find a way, or make one".
Hannibal (247-183 B.C.); Carthaginian general.
 
Upvote 0 Downvote
Glen,

I usually do the following:
Set up folders associated with business funtionality.
Accounting, Management, Project mangement, Operations, Manufacturing, etc...

I then setup groups associated with these business functionality giving them the appropriate access to the folders they need.

EG Accounting group has full access to accounting, Management may only have read where project management would not have any.

I always try to look at what groups the individual needs to be in to give them access.. You may have a management person who also performs an audit function and therefore needs to be in the accounting group as well as management group.

If I remember my novell there wasn't much difference. It's been a while but I could swear I used the same methodology there as well.

Anyway hope this helps and don't listen to negative comments.

Walt..
 
Upvote 0 Downvote
With the novell we're using, (4.0) you've got users, groups and then Trustee Directoy Assignments. You create a user, a group and then the Trustee Directory Assignments is how you link the two to define who gets what rites. You can't even tell what rites a user has without going into the TDS. With W2K, you can tell what users in a group have what rites on one page. Totally different. Wouldn't be a problem if management kept up with Novell. If we had the current version running Novell Directory Service, I could use Microsofts tools to automatically migrate over to Active Directory and not worry about this nonsense. Of course they didn't, so it's all got to be done manually. ;P Glen A. Johnson
Microsoft Certified Professional
glen.johnson@insightbb.com
"Work consists of whatever a body is obliged to do.
Play consists of whatever a body is not obliged to do."
Mark Twain (1835-1910); US writer.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
150
rrmcguire
rrmcguire
amanua
  • Locked
  • Question
Event ID 4776 Security Log
Replies
0
Views
92
amanua
amanua
phil3000
  • Locked
  • Question
Screensaver Via Group Policy
Replies
1
Views
110
markdmac
markdmac
cabraun
  • Locked
  • Question
Group Policy Question (Set System Variable)
Replies
2
Views
86
markdmac
markdmac
usrinu
  • Locked
  • Question
applied wallpaper group policy
Replies
1
Views
78
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top