Solved

Managing security groups Windows server

Posted on 2014-12-02
4
191 Views
Last Modified: 2014-12-09
hi guys

We've currently got some issues managing our internal security groups in AD.

For example, we have a department called Buying. This buying department has two security groups set up: one for login scripts and one used for folder permissions.

I'm wondering whether we should just create one security group per department instead of separating? As it creates more headaches when managing it?

Also, how do you design your security groups? Is there a methodology you apply for example prior to creating a group?

Thanks
Yashy
0
Comment
Question by:Yashy
4 Comments
 
LVL 5

Assisted Solution

by:A Karelin
A Karelin earned 150 total points
Comment Utility
0
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 150 total points
Comment Utility
I used to create groups reflecting the AD structure but as you said that was a nightmare, then i change to role-based groups.

For instance,  if i need to set permissions on a file share i don't create a group for every dept instead i create one group, set the permissions using this group and add as members the users that need access to file share.

You can nest groups but to keep things simple i only break a group if a will DELEGATE ownership of that group to some one else. In that case i maintain all users in the primary group, create a new one and add back new group to the primary group.

Best regards
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 200 total points
Comment Utility
Role based management is the way to go in my opinion.

Check out this technet video from Dan Holme at the link below, I used the info in it to rework my environment and is what I try to stick with when I set up new AD environments

http://technet.microsoft.com/en-us/video/tdbe11-role-based-management-extreme-makeover-for-active-directory.aspx

Let us know what you think.
0
 
LVL 1

Author Comment

by:Yashy
Comment Utility
Guys, everything here was superb.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now