Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

Managing security groups Windows server

hi guys

We've currently got some issues managing our internal security groups in AD.

For example, we have a department called Buying. This buying department has two security groups set up: one for login scripts and one used for folder permissions.

I'm wondering whether we should just create one security group per department instead of separating? As it creates more headaches when managing it?

Also, how do you design your security groups? Is there a methodology you apply for example prior to creating a group?

Thanks
Yashy
0
Yashy
Asked:
Yashy
3 Solutions
 
Walter PadrónCommented:
I used to create groups reflecting the AD structure but as you said that was a nightmare, then i change to role-based groups.

For instance,  if i need to set permissions on a file share i don't create a group for every dept instead i create one group, set the permissions using this group and add as members the users that need access to file share.

You can nest groups but to keep things simple i only break a group if a will DELEGATE ownership of that group to some one else. In that case i maintain all users in the primary group, create a new one and add back new group to the primary group.

Best regards
0
 
lruiz52Commented:
Role based management is the way to go in my opinion.

Check out this technet video from Dan Holme at the link below, I used the info in it to rework my environment and is what I try to stick with when I set up new AD environments

http://technet.microsoft.com/en-us/video/tdbe11-role-based-management-extreme-makeover-for-active-directory.aspx

Let us know what you think.
0
 
YashyAuthor Commented:
Guys, everything here was superb.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now