Re: Group Scope Question

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/26/05

• Next message: Jason Tan: "RE: Information on VPN with L2TP"
• Previous message: Steven L Umbach: "Re: Event Viewer"
• In reply to: Corey Arndt: "Group Scope Question"
• Next in thread: Joe Richards [MVP]: "Re: Group Scope Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 25 Apr 2005 21:09:00 -0500

You can use either as long as your domain is in Native Mode. Keep in mind
that domain local groups can only be used within the domain. If you ever
think you may configure a trust between domains or have a child domains you
will need to use global groups to give users access to resources in another
trusted domain. Domain local groups are best used in access control lists
similar in the way you use local groups on a computer and they generally
contain global groups in a domain. In other words add users to global groups
and then add global groups to local/domain local groups. So you may end up
using both. Universal groups are good for nesting global groups into. ---
Steve

"Corey Arndt" <coreyarndt@hotmail.com> wrote in message
news:uqEmsAeSFHA.164@TK2MSFTNGP12.phx.gbl...
> This may sound basic but I need to ask anyway before I get AD implemented.
> I am not quite sure what I should set my 'Group Scope' to..Domain Local or
> Global.
> I have 2 sites linked via a slow connection that are similar and are in a
> single domain. I plan on having a Domain Controller in each site to
> control security and replicate files from the remote site to the main
> site. Licenses will be shared between the sites.
> I plan on having different groups for each site that are similar
> (QA_Site1, QA_Site2, Engineers_Site1, Engineers_Site2, etc).
> Should these groups be Domain Local or Global?
> Anys suggestions?
> I appreciate any help you can give.
> Thank You
>

• Next message: Jason Tan: "RE: Information on VPN with L2TP"
• Previous message: Steven L Umbach: "Re: Event Viewer"
• In reply to: Corey Arndt: "Group Scope Question"
• Next in thread: Joe Richards [MVP]: "Re: Group Scope Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Everyone, Users, and Guests ... Domain Guests = anonymous logons (the Guest account is ... Domain Users = domain's authenticated users (a member of ... Global Groups go into Local Groups, ... Local Groups are given permissions to resources. ... (microsoft.public.win2000.security) Re: I cant put a Group in a Group ?? ... Global Groups Cannot be added to Local Groups ... Have users accounts and global groups as members. ... Have users, global groups, and universal groups from any domain as ... (microsoft.public.windows.server.active_directory) global local security group question ... What's the proper way to setup security for a shared data directory? ... In AD, there are global groups, i.e. Accounting_Read, Accounting_Full, ... should I create local groups in AD and assign the ... Or should I create groups on the file server itself and assign ... (microsoft.public.windows.server.active_directory) Re: Win2K cant see domain local group of a NT 4 pdc ... denied" error message if he tried to access a resource if local groups are ... So until we can unify all those NT 4 domains under a single Windows 2003 ... we are stuck with the global groups. ... User accounts that originate in the Windows ... (microsoft.public.windows.server.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint