Help Needed with MOSS 2007 Permissions and Group Assignments

I am having trouble understanding how and where to add users to groups on my MOSS Server. I would like to add all of my Domain Users to Viewers group. Also, I would like to add a Domain Security Group to a MOSS Group for people who will add, delete, modify documents on my sites. Also, would like a domain group added to Moss with slightly lower perms as Full Admin to create and edit web pages. I want these permissions to inherit to all Sites and Sub-Sites as well. Someone please help me to understand and make this happen.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ted BouskillSenior Software DeveloperCommented:
MOSS has same preset groups already built that cover the categories you are describing

Readers (Read only access)
Contributors (Can add/delete/modify documents)
Authors (More than contributors, less than owners)
Owners (Have full control of a site)
Site Clection Administrators

However there are a couple of gotchas.  Owners can turn off permission inheritance (which can cause support and maintenance headaches)  They can also edit master pages with Sharepoint Designer and ruin a consistent look and feel.

Basically what you do is add AD security groups or individuals to Sharepoint security groups.  So for example, we set all 'Authenticated users' in AD as readers.  If we have a private site we remove it.

However, we were not happy with the higher level groups so we tweaked them a little bit.  The permissions are very detailed and it's easy to add or change the groups.

Inheritance of permissions is automatic by default.  Basically your designated Site Collection Administrators will control permissions and should be familiar with them before you start allocating sites.  At the default site level we first give all 'Authenticated Users' read only access.  Then as we create sites we assign permissions as required to designated sites.

Usually we designate a couple of site owners and let them administer permissions.  All users have read only access by default so the site owners can decide who on their team gets other priviledges.  We prefer to give people the power to administrate their own sites to lighten our load.

I managed a 6 person team on a 7 server web farm for 9000+ users.  We don't have time to administrate our hundreds of sites so we empower people to do it themselves.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.