Solved

Active Directory groups permissions quesion

Posted on 2012-03-12
7
216 Views
Last Modified: 2012-06-16
Is there a way to prevent one Security Group-A to be added to any other Groups? During the new Group creation process, all new groups are made "member of' the that Group-A.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?
0
Comment
Question by:Tiras25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
hirenvmajithiya earned 250 total points
ID: 37713055
As far as I know, you cannot prevent showing the group you created, because of its attribute as group.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37716159
Is there any way to prevent the Group to be added as a member of other Group?
Don’t really want to hide it, but my gut says there is something to prevent it from being part of another group.  Maybe through AD Object permissions?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37745610
Hmm, I noticed EE slow down a lot.  Do you think its on the way down?
0
 
LVL 1

Assisted Solution

by:Columbia Energy
Columbia Energy earned 250 total points
ID: 37825659
The short answer to the question is no.

Active Directory does not really play nice when it comes to modifying its object permissions.  In my experience with such, AD just resets the permissions back to default.  While I'm sure there's a way to achieve what you seek, it's likely not recommended.

With proper Active Directory structure and administrative controls, you should not need to prevent one group from being placed into another.  If Group-A is encompassing of all users on the domain, consider changing that practice.  One should always use a security model that is least permissive.  This may yield a ton of security groups, but that headache is worth having as opposed to someone with access to stuff they shouldn't.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Make the most of your online learning experience.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question