Castlewood
asked on
Shall I use the builtin "Users" instead of "Domain Users" to assign permission to resources?
I was told to use a "Domain Local" type rather than "Global" type for domain access control. Since the built-in "Users" account is a Domain Local type while "Domain Users" a Global, shall I use the built-in "Users" instead of the "Domain Users" for access control in the local domain?
ASKER
Thank you Toni.
But we have another two two-way-trusted domains in respective separate forest. (Each domain is in a different forest.) Each domain could share its resources.
In that case, would you consider ours a single domain?
But we have another two two-way-trusted domains in respective separate forest. (Each domain is in a different forest.) Each domain could share its resources.
In that case, would you consider ours a single domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You nest groups in Active Directory by A-G-U-DL-P rule.
You put A-account in G-global group, which can be put in U-universal group in multiple domain environment, which can be put in DL - domain local group to which you assign P - permissions.
In single domain forest I would use A-G-P.