Solved

Managing security groups Windows server

Posted on 2014-12-02
4
255 Views
Last Modified: 2014-12-09
hi guys

We've currently got some issues managing our internal security groups in AD.

For example, we have a department called Buying. This buying department has two security groups set up: one for login scripts and one used for folder permissions.

I'm wondering whether we should just create one security group per department instead of separating? As it creates more headaches when managing it?

Also, how do you design your security groups? Is there a methodology you apply for example prior to creating a group?

Thanks
Yashy
0
Comment
Question by:Yashy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Assisted Solution

by:A Karelin
A Karelin earned 150 total points
ID: 40475816
0
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 150 total points
ID: 40476634
I used to create groups reflecting the AD structure but as you said that was a nightmare, then i change to role-based groups.

For instance,  if i need to set permissions on a file share i don't create a group for every dept instead i create one group, set the permissions using this group and add as members the users that need access to file share.

You can nest groups but to keep things simple i only break a group if a will DELEGATE ownership of that group to some one else. In that case i maintain all users in the primary group, create a new one and add back new group to the primary group.

Best regards
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 200 total points
ID: 40478010
Role based management is the way to go in my opinion.

Check out this technet video from Dan Holme at the link below, I used the info in it to rework my environment and is what I try to stick with when I set up new AD environments

http://technet.microsoft.com/en-us/video/tdbe11-role-based-management-extreme-makeover-for-active-directory.aspx

Let us know what you think.
0
 
LVL 1

Author Comment

by:Yashy
ID: 40488782
Guys, everything here was superb.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question