Solved

Security groups require two, best approach.

Posted on 2006-12-01
6
188 Views
Last Modified: 2010-04-19
First. This site is really appreciated. As an IT Pro (better make that amateur) it's a must.
Elevated to first on my billing list when renewals come around.

Also a big thanks to Jeff from TechSoEasy for assistance with my last two questions.

I am trying to plan. Plan and Plan. Something that I see consistenlty in these pages.
I am about to implement SBS2003 Premium in a new client site.
They currently have 2 peer to peer networks lets call them A and B
Ulitmately it is one company with two divisions. Division A provides training services Division B the administration
In order to provide document security for each division my approach was to;

1. Create two new security groups A and B
2. Create two new shares, remove the everyone permission and add the appropriate security group.
3. Create the new users and add them to the appropriate security groups using the Add User Wizard.
Am I on the right track?

Thanks
Philip

PS. My only dlimena with this client is with faxing as they essentially have two inbound phone and fax numbers one for each division. Havent got to that hurdle yet.  Email is fine as same domain and I can create distribution groups to handle common email addresses.

 


0
Comment
Question by:Philip
  • 2
  • 2
  • 2
6 Comments
 
LVL 9

Assisted Solution

by:DanKoster
DanKoster earned 125 total points
ID: 18059056
Sounds like the right track to me.  Remember that the security groups can be added to the templates so that the new users are automatically added to them.  

It also sounds like you haven't familiarized yourself with SharePoint.  It too can be secured via security groups.  I highly recommend Harry B's book at http://www.smbNation on Small Business Server 2003 as a great place to start learning SharePoint.  

Faxes shouldn't be a problem, just get two modems.  You can create rules so that each modem prints to a different printer or goes to a different e-mail address, folder, etc.  

Also FYI - Remember that Public Folders can have e-mail addresses as well (and can be secured to specific groups).  So if you have an Info@YourCompany.com, you could make that a distro group going to several people, or you make it a Public Folder so that people can check on it, see which ones have been read/addressed or need to be.

And if you just have more than one e-mail address for a specific person, you don't need a distro for that either, just add the address to the user on the e-mail addresses tab on the user properties.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18062017
Philip,

If you're getting paid for it, you're a Pro!  :-)

Anyhow... you're "almost" on the right track... at least until item 3.  If you are going to have two distinct classes of user accounts, then you should create a user template for each of those rather than manually making the assignments each time you add a user.  This willl ensure that users are configured properly every time.  There isn't really a Template Copy function, so you have to just build it from scratch.. but that's pretty easy to do.

I would concur with Dan's recommendation of SharePoint.  So, you may want to consider this instead of using NTFS shares.  In order to have users automatically put into specific SharePoint Site groups, you would just add the new User Template that you created as described above, as member of the particular Site, and then the add-user wizard will automatically add new users to that particular site.

In addition to Harry's Brelsford's book, (http://sbsurl.com/best) I also like Eriq Neale's...http://sbsurl.com/unleashed

Jeff
TechSoEasy
0
 

Author Comment

by:Philip
ID: 18062776
Thanks to both Dan and Jeff.
Dan I actually own a number of Harry's books so last night I went back to reading both of them (the Sharepoint chapters). It's amazing what you forget when your not using it everyday. It helped. I still think thats initially my client will be better off with standard NTFS shares but this gives me something to build on. As for the Faxes good point will look into it.
Jeff thanks for the advise on the templates as this is probably my solution. So I guess I will create two security templates from scratch.
This being the case as I understand it I should,
1. Create users first
2. Create new security groups second (and add users to each group with the wizard)
3. Create my NTFS shares.
4. Assign my security groups to they shares last.

Thanks
Philip

 
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 9

Expert Comment

by:DanKoster
ID: 18064732
Step 1 and 2 should be reversed.  

1.  Create the security groups.
1b.  Create the templates.  
2.  Create the users.  The Add User wizard will prompt for which template to use and if you did it right, your users will be part of the right security group as soon as they're created.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 125 total points
ID: 18065173
Well, I'd do it this way...

1.  Create the Security Groups in Stndard Management > Security Groups
2.  Create the Templates in Standard Management > User Templates
3.  Create the Shares and assign permissions to the Security Groups in Standard Management > Shares (Local)
4.  Creat the users with the Add-User wizard using the new templates in Standard Management > Users

(My point here is that you can and should do all of this from the Server Management Console).

FYI, after installing almost 100 SBS's, I still have Harry's book at my side during EVERY one.

Jeff
TechSoEasy
0
 

Author Comment

by:Philip
ID: 18067477
Thanks guys to you both.
I have just come onsite and now have the next three days to get everything setup. (which translates you maybe seeing more of my posts). I appreciate the time and effort it takes to respond to these posts. In this situation I have decided to split the points as you have both given me some valuable advice however I will leave this topic open for another 24 hours just in case.
Best wishes.
Philip

PS. I brought both of Harry's books with me :-) Just in case, besides you can only read so many hotel bibles.
PPS. Dan I went to your company website  http://www.ITforSmall.Biz it redirects to http://sharepoint.paperlesssolutions.org/ which doesnt work.


0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now