<div>
I got the idea from this video, at this timestamp you can see a similar OU structure; <a href="https://youtu.be/vvhwN5bOyV8?t=1370" rel="ugc">https://youtu.be/vvhwN5bOyV8?t=1370</a>&nbsp; &nbsp; <br />
<br />
The environment is school. Couple hundred staff, couple thousand student, ultimately. no security groups for the student body yet. I'm not sure if I need one for them. Im' thinking maybe just a &quot;Student&quot; security group, and Deny it logon access to staff computers.
</div>


<div>
Hey that's interesting. So it allows like editing the webpages? <br />
The user was going to get RDP into the server, but this solution is a workaround to that?
</div>


<div>
Also I'm not organizing OU by security group, I'm organizing Security Group by OU. &nbsp; <br />
I will have other OU's for users and computers
</div>


<div>
<div class="content wysiwyg-content">
I'm trying to think of an easy way without being over-complicated, to organize OU in AD to manage security groups.<br />
Here's what I'm looking at now:<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/07_w31/1109173/xqRFr0-1-.png" target="_blank" title="partial OU screenshot (4 KB)"><img alt="partial OU screenshot" class="file-block lazyload" style="max-width: 142px;" data-src="https://filedb.experts-exchange.com/incoming/2016/07_w31/1109173/xqRFr0-1-.png" /></a><br />
Does anyone else organize similar to that?<br />
<br />
The idea of Groups &gt;&nbsp;Access &gt;&nbsp;File &gt;&nbsp;Servers, would be that I create a security group called something like &quot;ACL_Server1_inetpub_write<wbr />&quot;, and then add that group to have write access to C:\inetpub on &quot;Server1&quot;.<br />
Versus giving a user local Admin rights entirely to Server1.<br />
<br />
Then I could have a Role Group called &quot;Server1 Web Editors&quot;, which would be a member of ACL_Server1_inetpub_write.<wbr /><br />
Am I over-complicating Role Based Access, given this idea, OU structure and naming convention?
</div>
</div>


xqRFr0-1-.png

I'm trying to think of an easy way without being over-complicated, to organize OU in AD to manage security groups.
Here's what I'm looking at now:


Does anyone else organize similar to that?

The idea of Groups > Access > File > Servers, would be that I create a security group called something like "ACL_Server1_inetpub_write", and then add that group to have write access to C:\inetpub on "Server1".
Versus giving a user local Admin rights entirely to Server1.

Then I could have a Role Group called "Server1 Web Editors", which would be a member of ACL_Server1_inetpub_write.
Am I over-complicating Role Based Access, given this idea, OU structure and naming convention?

Any suggestions for Security Group OU structure in AD (Role based access)

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.