?
Solved

Active Directory groups permissions quesion

Posted on 2012-03-12
7
Medium Priority
?
219 Views
Last Modified: 2012-06-16
Is there a way to prevent one Security Group-A to be added to any other Groups? During the new Group creation process, all new groups are made "member of' the that Group-A.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?
0
Comment
Question by:Tiras25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
hirenvmajithiya earned 1000 total points
ID: 37713055
As far as I know, you cannot prevent showing the group you created, because of its attribute as group.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37716159
Is there any way to prevent the Group to be added as a member of other Group?
Don’t really want to hide it, but my gut says there is something to prevent it from being part of another group.  Maybe through AD Object permissions?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37745610
Hmm, I noticed EE slow down a lot.  Do you think its on the way down?
0
 
LVL 1

Assisted Solution

by:Columbia Energy
Columbia Energy earned 1000 total points
ID: 37825659
The short answer to the question is no.

Active Directory does not really play nice when it comes to modifying its object permissions.  In my experience with such, AD just resets the permissions back to default.  While I'm sure there's a way to achieve what you seek, it's likely not recommended.

With proper Active Directory structure and administrative controls, you should not need to prevent one group from being placed into another.  If Group-A is encompassing of all users on the domain, consider changing that practice.  One should always use a security model that is least permissive.  This may yield a ton of security groups, but that headache is worth having as opposed to someone with access to stuff they shouldn't.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month11 days, 5 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question