Global groups and local groups....why aglp?

G

Guest

Good Day All,

I have just started to work for a relatively big company. About 500
computers and 600 users. I am glancing around on the server configs and how
the global groups are structured. I notice that the senior network Admin
created about 100 Global groups and she added users in each global group.
Many if not all users belong to more than 1 global group. And then she
assigns permissions to ressources on the network by adding the global group
to the security tab of the ressource.
According to Microsoft I am suppose to add users to a global group and then
add the global group to a local group and assign permissions to ressources to
the local group. Now i really do not see a difference in both strategies
other than the Microsoft way I would have to do more configuration by
creating a local group.
What is the advantage by doing it the Microsoft way compatred to the other
way? Is it less work, less management etc... . Please can someone explain
this to me.

Many thanks,

Tacobell2000
 
R

Ryan Hanisco

In a smaller environment like yours, especially when there is only one
domain (no, you didn't mention this), the way she is assigning permissions
is just fine. in a much larger environment, especially with more than one
domain, you use the domain groups to aggregate domain resources and the
global groups to pull in users and foreign security principals.

So in your environment, there isn't a big difference.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top