• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

account management - large enterprises

Is there any general best practice to manage user permissions for windows security groups for departmental "movers"? How do you manage this in your companies (especially in large enterprises). For example user Y works in accounts, is a memeber of "company-accounts-team" group which is granted access to various directories on departmental file servers, they also have a couple of departmental mailboxes. When they move to payroll from accounts there accounts permissions are no longer acceptable, what do you do process wise to identify this and change permissions accordingly?
0
pma111
Asked:
pma111
  • 2
1 Solution
 
x3manCommented:
Nothing more than making sure that the user is removed from the old security group and added to the new security group. I have kept a list of users and security group membership before. There are various snippets of code on the web that will list groups and membership.
0
 
pma111Author Commented:
Is there like a management form they have to fill out to inform you though when a user moves role? How do you know otherwise that permissions are no longer valid?
0
 
x3manCommented:
Permissions are changed with group membership changes (The user will get the permissions from the new group and will no longer get permissions from the old group if they are removed).
Departmental managers or similar would need to approve the request to move groups in writing. Depends on your organisation but obviously you will need some sort of confirmation that a user can move groups.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now