As I try to instil in my first-line support bods - a group without a good, succinct description is like fish without chips.
2009/10/13 Erik Goldoff <egold...@gmail.com> > agreed with most replies ... > > as long as you don't create too many individual groups ( so many as to be > insane to manage ) I think you're always better off with discreet, granular > groups ( ideally with self documenting names too ) so as not to over-permit > beyond what is needed ... back to the principle of 'least privledged' > > On Tue, Oct 13, 2009 at 8:48 AM, David Lum <david....@nwea.org> wrote: > >> I am going through file/folder permissions and our security groups in AD >> – I imagine some of you guys have hundreds of security groups? For a given >> share I have a security group associated (with RWXD perms) with it, and if >> some folks need read-only I create another group. I also have groups for >> each department and they become members of whatever security group is >> associated with access to whatever shares they need. I do the same for >> non-shared folders that also need specific permissions. >> >> *David Lum** **// *SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 971.222.1025 *// *(Cell) 503.267.9764 >> >> >> >> >> >> >> >> > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~