Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

AD object permissions

Anyone knows how to prevent a Security Group to be a part of other Groups through AD Object permissions?  
Or any other possible way?
0
Tiras25
Asked:
Tiras25
  • 3
  • 2
3 Solutions
 
vmaganCommented:
What are you trying to accomplish?
0
 
Tiras25Author Commented:
During the new Group creation process, all new groups are made "member of' the that one Group.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?  I heard something can be done with AD Object permissions.
0
 
vmaganCommented:
The only thing i can think of is through group policy where we deny access to a specific group. Not sure if it can be done where to exclude a security group from another security group. I will do more research on it. But I dont think its possible.
0
 
vmaganCommented:
This is what I'm talking about in regards to deny security groups through gpo. Called "Scope Filtering"

http://technet.microsoft.com/en-us/library/cc786636(v=ws.10).aspx
0
 
Tiras25Author Commented:
Still looking into this.  Sorry for the delay.  Would that be possible to change from Global to Local security group?  That way they won't be able to add a local group into anywhere.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now