Re: Is every user a member of Users?

From: Herb Martin (news_at_LearnQuick.com)
Date: 01/05/05

• Next message: Dean L. Howen: "software and security"
• Previous message: Karl Levinson, mvp: "Re: Question on Attempted downgrade attack"
• In reply to: Les Desser: "Re: Is every user a member of Users?"
• Next in thread: Les Desser: "Re: Is every user a member of Users?"
• Reply: Les Desser: "Re: Is every user a member of Users?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 4 Jan 2005 22:20:33 -0600

"Les Desser" <NewsDump1@dessergroup.com> wrote in message
news:xve6beFmVw2BFAas@dessergroup.onetel.co.uk...
> In article <uDy$s7l8EHA.1228@tk2msftngp13.phx.gbl>, Herb Martin
> <news@LearnQuick.com> Tue, 4 Jan 2005 07:02:08 writes
>
> >E.g., if GroupA includes GroupB, then the members of GroupB are
> >effectively members of GroupA.
>
> I vote that groups should not be able to include other groups :)

Then you will hate NATIVE mode where they can be
arbitrarily nested, e.g., Global in Global ... in Universal
in Universal ... in Local ....

> I did write that rather tongue-in-cheek and from a standpoint of someone
> who is a starter in the area of Windows security, but on further
> reflection it has merit.

It is a practical necessity for large domains, but make
managing even a few hundred users much easier if
you design the structure well.

> There is a lot to be said for transparency and
> once you embed groups within groups one starts to lose the picture
> rather fast.

This probably stems from not setting up the groups
to follow a well-thought out picture -- design -- to
start.

Local groups REALLY represent "a collection of
resources/permissions and/or set of rights for doing
some job" while Global groups really should be
the ones that represent "a bunch of users who should
be given some privelege the same way."

None fo the books tell you that -- most authors
(and therefore admins) continue to think of Local
groups are primarily representing USERS instead
of a set of resources.

---

• Next message: Dean L. Howen: "software and security"
• Previous message: Karl Levinson, mvp: "Re: Question on Attempted downgrade attack"
• In reply to: Les Desser: "Re: Is every user a member of Users?"
• Next in thread: Les Desser: "Re: Is every user a member of Users?"
• Reply: Les Desser: "Re: Is every user a member of Users?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Three table query ... Okay groupA are Staff and GroupB are Students therefore I don't really ... Each person in either groupA or GroupB has a field titled RoomID. ... (microsoft.public.access.queries) Re: Problem with empty pages ... outermost group, then GroupB - which can contain multiple pages of data, ... GroupB will be multiple pages I get a page with just the Group header on a ... That is followed by a page with the new GroupA, ... In the change group, option, on the second tab, is keep group together ... (microsoft.public.vb.crystal) Re: Everyone take ownership ... I change its permissions so only GROUPA and ... > in GROUPA or GROUPB can claim Ownership of the folder. ... Looks like the permission is inherited from the parent folder. ... (microsoft.public.win2000.security) Re: Problem with empty pages ... GroupB will be multiple pages I get a page with just the Group header on a ... That is followed by a page with the new GroupA, GroupB and GroupC ... (microsoft.public.vb.crystal) Re: Address list and over 10.000 contacts ... Than make GroupA a member of GroupB ... Alexander Zammit ... ExchangeInbox.com the new MS Exchange Resource site at ... (microsoft.public.exchange.admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)