Re: Security Group Settings/Usage

Permissions are defined at the resource being controlled (where
you use a security group to grant or deny a specific permission set).
The security groups as defined in AD are just that, groups of accounts,
perhaps defined by nesting of other groups. The type of grants they
will be used to carry are not defined there (a group might for example
represent an organizational role and end up being used on multiple
resources and used to grant different permission level on each).
Another way to look at this is that each securable resource carries
its own specification of what permissions are allowed to what
accounts (groups). From this view the groups are only used to
name the principals.

Roger

"Diane" <Diane@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1175A49D-F0DD-462C-A910-94B1E170C53F@xxxxxxxxxxxxxxxx
I realize this is a simple question in the scheme of things. As a newcomer
to this area, I would appreciate your help.

I rarely deal with security items and now need to create AD security
groups
to allow certain users only read access to a set of folders/subfolders,
while
enabling a smaller group to create folders. I have researched security
groups and created two seperate groups with the appropriate users. What I
don't understand is what, if anything, I am suppose to set on the security
tab for the security group in AD. I expected to be able to set the
permissions for the respective group on this tab, but instead see a list
of
other groups (e.g. domain users, etc). I don't understand why they are
listed there - should they removed or?????

I have tested my new groups with a folder set and see I can set the
permissions when I add the groups to the sharing permissions and security
settings. However, I thought the premise of security groups was that the
permissions were defined once in AD and then applied whenever that group
was
used with a folder or other object - not that the permissions were defined
when used with an object.

I am obviously missing some concept, can someone kindly help set me
straight?

Thank you,


.

Relevant Pages

  • ACLs and permissions viewed after Migrating from NT 4 domain... The twilight zone?
    ... The security on resources does not need to be translated before the source ... resource domain to Windows 2000, Windows 2000 will be able to detect the SID ... AD DC to a NT4 domain user, if this NT4 user has been migrated keeping ... if we view the permissions of these file then the permissions ...
    (microsoft.public.win2000.security)
  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
  • Re: get rid of security center?
    ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ... settings from being changed again. ... the firewall alert settings in Security Center get ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Password Protect IExplore
    ... You can protect the files and folders you store on your computer to make ... To set, view, change, or remove special permissions for files and folders ... clear the Inherit from parent the permission entries that apply ... To configure security so that the subfolders and files will not ...
    (microsoft.public.internet.explorer.ieak)
  • Re: Removing the Internet Security in SP2
    ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ... settings from being changed again. ... the firewall alert settings in Security Center get ...
    (microsoft.public.windowsxp.security_admin)
Loading