[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

AD object permissions

Posted on 2012-03-14
5
Medium Priority
?
213 Views
Last Modified: 2012-06-16
Anyone knows how to prevent a Security Group to be a part of other Groups through AD Object permissions?  
Or any other possible way?
0
Comment
Question by:Tiras25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
vmagan earned 2000 total points
ID: 37723139
What are you trying to accomplish?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37725230
During the new Group creation process, all new groups are made "member of' the that one Group.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?  I heard something can be done with AD Object permissions.
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 2000 total points
ID: 37725782
The only thing i can think of is through group policy where we deny access to a specific group. Not sure if it can be done where to exclude a security group from another security group. I will do more research on it. But I dont think its possible.
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 2000 total points
ID: 37725808
This is what I'm talking about in regards to deny security groups through gpo. Called "Scope Filtering"

http://technet.microsoft.com/en-us/library/cc786636(v=ws.10).aspx
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37783828
Still looking into this.  Sorry for the delay.  Would that be possible to change from Global to Local security group?  That way they won't be able to add a local group into anywhere.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Ready to get certified? Check out some courses that help you prepare for third-party exams.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question