Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

AD object permissions

Posted on 2012-03-14
5
Medium Priority
?
215 Views
Last Modified: 2012-06-16
Anyone knows how to prevent a Security Group to be a part of other Groups through AD Object permissions?  
Or any other possible way?
0
Comment
Question by:Tiras25
  • 3
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
vmagan earned 2000 total points
ID: 37723139
What are you trying to accomplish?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37725230
During the new Group creation process, all new groups are made "member of' the that one Group.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?  I heard something can be done with AD Object permissions.
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 2000 total points
ID: 37725782
The only thing i can think of is through group policy where we deny access to a specific group. Not sure if it can be done where to exclude a security group from another security group. I will do more research on it. But I dont think its possible.
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 2000 total points
ID: 37725808
This is what I'm talking about in regards to deny security groups through gpo. Called "Scope Filtering"

http://technet.microsoft.com/en-us/library/cc786636(v=ws.10).aspx
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37783828
Still looking into this.  Sorry for the delay.  Would that be possible to change from Global to Local security group?  That way they won't be able to add a local group into anywhere.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question