Security group / dist list
How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Security group / dist list
I keep them in different OUs. Some but not all distribution lists will have DL in the name. On 9/10/08, David Lum [EMAIL PROTECTED] wrote: How do you guys differentiate your security group names from distribution list names in AD? *David Lum** *SYSTEMS ENGINEER *//* NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] *//* 971.222.1025 -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Security group / dist list
Well, one has the security group checked and the other distribution group... but seriously, all our distribution groups have a naming standard and we use the '#' as the designator. #All Employees #Some Departments List On Wed, Sep 10, 2008 at 9:07 AM, David Lum [EMAIL PROTECTED] wrote: How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Security group / dist list
Put a Prefix on them like DG_ for Distrubution Group and SG_ for Security group. Quick easy and pretty well understood :-) Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 From: David Lum [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2008 12:08 PM To: NT System Admin Issues Subject: Security group / dist list How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Security group / dist list
We preface our distribution groups with the word (List). It also has the added benefit of putting the distribution lists first in the GAL. Thanks, James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services From: Ziots, Edward [mailto:[EMAIL PROTECTED] Posted At: Thursday, September 11, 2008 9:40 AM Posted To: NTSysadmin Conversation: Security group / dist list Subject: RE: Security group / dist list Put a Prefix on them like DG_ for Distrubution Group and SG_ for Security group. Quick easy and pretty well understood :-) Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 From: David Lum [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2008 12:08 PM To: NT System Admin Issues Subject: Security group / dist list How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Security group / dist list
Sherry Abercrombie [EMAIL PROTECTED] wrote on 09/11/2008 12:22:54 PM: I keep them in different OUs. Some but not all distribution lists will have DL in the name. I don't have DLs here (I'm a victim of Lotus Notes ...), but I used to append -DL to the name, to differentiate them from regular security groups. On 9/10/08, David Lum [EMAIL PROTECTED] wrote: How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Security group / dist list
I keep them in separate OUs too, but have the DL as a marker to differentiate them when I am looking at a user's group memberships. I hate scrolling to the right :-) 2008/9/11 [EMAIL PROTECTED] Sherry Abercrombie [EMAIL PROTECTED] wrote on 09/11/2008 12:22:54 PM: I keep them in different OUs. Some but not all distribution lists will have DL in the name. I don't have DLs here (I'm a victim of Lotus Notes ...), but I used to append -DL to the name, to differentiate them from regular security groups. On 9/10/08, David Lum [EMAIL PROTECTED] wrote: How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Security group / dist list
We add SEC to the end of all the Security groups. That way it is something no one ever sees in an address book. Not that it is a big issue, just cleaner looking. And different OU's of course. We have 233 DL's for 800 employee's. Not that I am proud of that. From: James Rankin [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2008 4:13 PM To: NT System Admin Issues Subject: Re: Security group / dist list I keep them in separate OUs too, but have the DL as a marker to differentiate them when I am looking at a user's group memberships. I hate scrolling to the right :-) 2008/9/11 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] Sherry Abercrombie [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] wrote on 09/11/2008 12:22:54 PM: I keep them in different OUs. Some but not all distribution lists will have DL in the name. I don't have DLs here (I'm a victim of Lotus Notes ...), but I used to append -DL to the name, to differentiate them from regular security groups. On 9/10/08, David Lum [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] wrote: How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] // 971.222.1025 -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Security group / dist list
Thanks everyone for the comments. To me a prefix works better than just a different OU because when you want to select from a list you have all the group types together... easier than a suffix, but here they have a suffix.. David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 From: James Rankin [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2008 1:13 PM To: NT System Admin Issues Subject: Re: Security group / dist list I keep them in separate OUs too, but have the DL as a marker to differentiate them when I am looking at a user's group memberships. I hate scrolling to the right :-) 2008/9/11 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] Sherry Abercrombie [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] wrote on 09/11/2008 12:22:54 PM: I keep them in different OUs. Some but not all distribution lists will have DL in the name. I don't have DLs here (I'm a victim of Lotus Notes ...), but I used to append -DL to the name, to differentiate them from regular security groups. On 9/10/08, David Lum [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] wrote: How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] // 971.222.1025 -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Security group / dist list
I use a verbose naming scheme, which a lot of people hate, but I love... DLs go with ZwwExDL-GroupName - WorldWide groups, which only contain DLs ZauExDL-GroupName - two letter country code groups, which may contain other DLs or names ZukExDL-GroupName ZusEXDL-GroupName Permissions go with something like this: ZauServerShareDirectoryPath-[RO|RW] - read-only or read-write permissions on a share/directory, never more than two directories deeper than the share. or ZusServerFunctionalGroupName - for SQL or other application servers which might need embedded permissions. Mind you - since we're still new to AD, and working in a converted NT4 environment, I haven't completed all of this, but that's where I'm headed. The Z is to sort the groups to the bottom of the lists, the two-letter country codes are obvious, as I hope the rest of it is too. Kurt On Wed, Sep 10, 2008 at 9:07 AM, David Lum [EMAIL PROTECTED] wrote: How do you guys differentiate your security group names from distribution list names in AD? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~