Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] Global vs Universal vs Domain Local groups for software distribution groups
Prev Next
You are not authorized to post a reply.

AuthorMessages
Thomas VuylstekeUser is Offline

Posts:207

06/02/2010 9:36 PM  
Hey all,

Perhaps not really a technical question, but I'm a bit curious of how far the A-G-DL-P principal reaches, here is an example to come to my question:
Suppose you have a number of people who are considered to be "administrative personnel" (fictive example).
You want to make sure these people have access to their shares, their printers and that they receive their applications (which are pushed/installed by SCCM).

Now in the AGDLP I would say:

* create a global group: GG_AdminstrativePersonnel

* add Mr X, Lady Y, Sir Z, ... to that group.

Now If you want to ensure proper access to their share called Data:

* Create a group "DL_Data_RW"

* add GG_AdministrativePersonnel to that group.

We continue with the printers, we want to make sure they can manage the print queue of the printer in their office:

* create DL_ManageAdminPrinter

* add GG_... to that group

See where I'm going? What with SCCM? Applications can hardly be considered permissions. But I don't see the DL_Data_RW group as a permission, I see it as a resource you get granted access to.Just like you can get granted access to an Applicaton.

Are there any pro's, contra's, do's, don'ts to choose between Global and Domain Local groups for SCCM collections? My thought was to just use the same principle as above, but all people I encounter say they somehow prefer Global.

Any thoughts are appreciated!

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Global vs Universal vs Domain Local groups for software distribution groups



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:56
MembersMembers:1
TotalTotal:57
Online NowOnline Now:
01: smitchel87

Ads

Copyright 2009 ActiveDir.org
Terms Of Use