Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Managing security groups Windows server

Posted on 2014-12-02
4
Medium Priority
?
262 Views
Last Modified: 2014-12-09
hi guys

We've currently got some issues managing our internal security groups in AD.

For example, we have a department called Buying. This buying department has two security groups set up: one for login scripts and one used for folder permissions.

I'm wondering whether we should just create one security group per department instead of separating? As it creates more headaches when managing it?

Also, how do you design your security groups? Is there a methodology you apply for example prior to creating a group?

Thanks
Yashy
0
Comment
Question by:Yashy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Assisted Solution

by:A Karelin
A Karelin earned 600 total points
ID: 40475816
0
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 600 total points
ID: 40476634
I used to create groups reflecting the AD structure but as you said that was a nightmare, then i change to role-based groups.

For instance,  if i need to set permissions on a file share i don't create a group for every dept instead i create one group, set the permissions using this group and add as members the users that need access to file share.

You can nest groups but to keep things simple i only break a group if a will DELEGATE ownership of that group to some one else. In that case i maintain all users in the primary group, create a new one and add back new group to the primary group.

Best regards
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 800 total points
ID: 40478010
Role based management is the way to go in my opinion.

Check out this technet video from Dan Holme at the link below, I used the info in it to rework my environment and is what I try to stick with when I set up new AD environments

http://technet.microsoft.com/en-us/video/tdbe11-role-based-management-extreme-makeover-for-active-directory.aspx

Let us know what you think.
0
 
LVL 1

Author Comment

by:Yashy
ID: 40488782
Guys, everything here was superb.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question