We've currently got some issues managing our internal security groups in AD.
For example, we have a department called Buying. This buying department has two security groups set up: one for login scripts and one used for folder permissions.
I'm wondering whether we should just create one security group per department instead of separating? As it creates more headaches when managing it?
Also, how do you design your security groups? Is there a methodology you apply for example prior to creating a group?