Link to home
Start Free TrialLog in
Avatar of Garry Shape
Garry ShapeFlag for United States of America

asked on

Any suggestions for Security Group OU structure in AD (Role based access)

I'm trying to think of an easy way without being over-complicated, to organize OU in AD to manage security groups.
Here's what I'm looking at now:
User generated image
Does anyone else organize similar to that?

The idea of Groups > Access > File > Servers, would be that I create a security group called something like "ACL_Server1_inetpub_write", and then add that group to have write access to C:\inetpub on "Server1".
Versus giving a user local Admin rights entirely to Server1.

Then I could have a Role Group called "Server1 Web Editors", which would be a member of ACL_Server1_inetpub_write.
Am I over-complicating Role Based Access, given this idea, OU structure and naming convention?
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Garry Shape

ASKER

I got the idea from this video, at this timestamp you can see a similar OU structure; https://youtu.be/vvhwN5bOyV8?t=1370   

The environment is school. Couple hundred staff, couple thousand student, ultimately. no security groups for the student body yet. I'm not sure if I need one for them. Im' thinking maybe just a "Student" security group, and Deny it logon access to staff computers.
Hey that's interesting. So it allows like editing the webpages?
The user was going to get RDP into the server, but this solution is a workaround to that?
Also I'm not organizing OU by security group, I'm organizing Security Group by OU.  
I will have other OU's for users and computers
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial