Solved

Active Directory groups permissions quesion

Posted on 2012-03-12
7
214 Views
Last Modified: 2012-06-16
Is there a way to prevent one Security Group-A to be added to any other Groups? During the new Group creation process, all new groups are made "member of' the that Group-A.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?
0
Comment
Question by:Tiras25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
hirenvmajithiya earned 250 total points
ID: 37713055
As far as I know, you cannot prevent showing the group you created, because of its attribute as group.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37716159
Is there any way to prevent the Group to be added as a member of other Group?
Don’t really want to hide it, but my gut says there is something to prevent it from being part of another group.  Maybe through AD Object permissions?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37745610
Hmm, I noticed EE slow down a lot.  Do you think its on the way down?
0
 
LVL 1

Assisted Solution

by:Columbia Energy
Columbia Energy earned 250 total points
ID: 37825659
The short answer to the question is no.

Active Directory does not really play nice when it comes to modifying its object permissions.  In my experience with such, AD just resets the permissions back to default.  While I'm sure there's a way to achieve what you seek, it's likely not recommended.

With proper Active Directory structure and administrative controls, you should not need to prevent one group from being placed into another.  If Group-A is encompassing of all users on the domain, consider changing that practice.  One should always use a security model that is least permissive.  This may yield a ton of security groups, but that headache is worth having as opposed to someone with access to stuff they shouldn't.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question