How should an administrator plan a security group strategy?

Posted by mcsenow on June 26, 2010 in Uncategorized |
Subscribe

For planning a security group strategy, various user groups are required. The Windows network supports the following types of user groups:

  • Local groups
  • Domain local groups
  • Domain global groups
  • Universal groups

According to the needs of an organization, users are organized in groups. These groups can be created on the basis of location, permission requirement, and administrative requirements. Granting rights and creating groups are planned to reduce errors and administrative efforts. Microsoft recommends the following structure of groups and rights for planning a security group strategy:

  • Create universal groups for groups that contain members from multiple domains in more than one forest. Make global groups members of the universal groups. Use the universal groups when providing access to resources across multiple forests.
  • Create domain global groups for groups that contain members from a single domain, but that will be granted access to resources within other domains. Make universal groups members of domain global groups as applicable. Make users members of domain global groups.
  • Create domain local groups for groups that contain members from a single domain whether or not they will be granted access to resources within other domains. Make domain global groups members for the appropriate domain global groups. Grant domain-wide rights to domain local groups.
  • Create local groups on member servers and computers. Make domain local groups members of local groups. Grant local rights to local groups.
Share

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

© 2011-2012
Powered by uCertify.com