I was just wandering what is the best practice to manage security in a windows server environment?
Please find an example below of what I mean:
Directory name: Test
Assume that test is a top-directory with the following permissions:
Domain admins = Full
Domain users = Change
Until now it all ok.
Now i want the 'topics' directory to be denied for Domain users, but accessible for Domain admins.
Issue is that if a user is part of Domain Users & domain admins, access to that directory will be denied.
Is it better to create Groups & manage security from Groups rather than the default Domain users?