[Pc_Support] Nested group security in Active Directory (Win2000)?
Bryan J. Smith
b.j.smith at ieee.org
Wed Aug 17 12:37:38 EDT 2005
"Bryan J. Smith" <b.j.smith at ieee.org> wrote:
> Hold on, if you don't know the difference between "Domain
> Local" and "Global" groups, you should read up on them.
> 1. Users should _always_ be placed in Global groups
> 2. Domain Local groups should be applied to service
> objects
> (e.g., share, filesystem, etc...)
> 3. Global groups should then be assigned to Domain Local
> In other words:
> 1. _Never_ assign Global groups to service objects (e.g.,
> share, filesystem, etc...)
> 2. _Avoid_ assigning Users to Domain Local groups
Once again, I will recommend what I call the "Universal
Resource" for Windows 2000 Network operations:
The Exam 70-218 Self-Paced Training Kit:
http://www.amazon.com/exec/obidos/tg/detail/-/0735617767/
Chapter 8 has ~40 pages that gives you the "low down" on how
groups work, basic limitations (nesting, local/global,
universal, etc...), etc...
If you really want to get uber-anal and be Microsoft'ized
into "I am an Active Directory engineer," you can go find
some 70-217 and/or 70-219 books for Active Directory
implementation and design, respectively (or the 2003
equivalents). And you can even go through the 70-216 and/or
70-221 for Windows Networking implementation and design,
respectively.
But for "real world" usage, this "single book" for 70-218
designed as the "single exam" for MCSA (instead of the above
4 for MCSE) is the "ultimate intro" to everything, and those
40 pages on ADS groups will help you out tremendously, along
with all the other chapers of the book on other details.
It's basic stuff that you've "gotta know" to maintain ADS
2000.
Unfortunately, Microsoft seems to have not created such an
excellent single exam/guide for Windows Server 2003. Too
bad, the 70-218 was the only exam/guide I think anyone needs.
-- Bryan
P.S. I have loaned out both of my copies, sorry.
--
Bryan J. Smith | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org | (please excuse any
http://thebs413.blogspot.com/ | missing headers)
More information about the Pc_support
mailing list