Solved

AD object permissions

Posted on 2012-03-14
5
207 Views
Last Modified: 2012-06-16
Anyone knows how to prevent a Security Group to be a part of other Groups through AD Object permissions?  
Or any other possible way?
0
Comment
Question by:Tiras25
  • 3
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
vmagan earned 500 total points
ID: 37723139
What are you trying to accomplish?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37725230
During the new Group creation process, all new groups are made "member of' the that one Group.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?  I heard something can be done with AD Object permissions.
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 500 total points
ID: 37725782
The only thing i can think of is through group policy where we deny access to a specific group. Not sure if it can be done where to exclude a security group from another security group. I will do more research on it. But I dont think its possible.
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 500 total points
ID: 37725808
This is what I'm talking about in regards to deny security groups through gpo. Called "Scope Filtering"

http://technet.microsoft.com/en-us/library/cc786636(v=ws.10).aspx
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37783828
Still looking into this.  Sorry for the delay.  Would that be possible to change from Global to Local security group?  That way they won't be able to add a local group into anywhere.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Both MMF (multi-mode fiber) and SMF (single-mode fiber) are types of optical fiber that can aid in communication applications. These thin strands of silica or glass will allow communication to occur between devices. The transmission of light between…
Why pager replacement is still an issue OnPage has what some might call a “hate/hate” relationship with pagers. Not much room for love. As we see it, pagers are an antiquated bit of technology. Pagers are dinosaurs which, like most dinosaurs, sho…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now