[Pc_Support] Nested group security in Active Directory (Win2000)?
Damien McKenna
dmckenna at thelimucompany.com
Tue Sep 27 11:45:44 EDT 2005
> Furthermore, _avoid_ assigning people to Domain Admins, and
> Domain Admins to anything. Instead, delegate authority as
> appropriate. There is a wizard that walks you through it.
I'll have to look up that wizard to see what its doing.
> > In effect you're saying to do it this way:
> > (files/directories) -> Domain Local group -> Global group
> > -> users
>
> Exactomundo!
> This was a "hard learned lesson" in the pre-ADS days.
> And it shows how _poorly_ Microsoft designed it's networking.
Yeah, really dumb.
OK, so what could happen if the above was not followed, in a small
company of 25 people and only a few servers which each have their own
unique duties?
> It's more than adding database capabilities.
> It's about getting the crucial filesystem info out of the
> registry. ;->
Guess that's easier than making everyone use dynamic disks.
Thanks, Bryan.
--
Damien McKenna - Web Developer - Damien.McKenna at thelimucompany.com
The Limu Company - http://www.thelimucompany.com/ - 407-804-1014
#include <stdjoke.h>
More information about the Pc_support
mailing list