when to use what groups. and what security permissions
taz_55
Member Posts: 11 ■□□□□□□□□□
ok i failed the test by like i know what i need help on. can someone give me a few examples of when to use wich group mainly ( global, domain local and universal.) and some sample permissions like compare two permissions one shared and one ntfs and wich is the one effective and when to apply one opposed to the other.
you only live once.
Comments
-
Danman32 Member Posts: 1,243Shared permissions apply when you access a server file system from the network. Think of it like an outside door into a building. Different doors start you in different rooms, just as different shares start you out at different folders in the server file system.
NTFS permissions are on the file system itself, and apply regardless if you are coming in from a share, or at the server console itself (or remoting in through RDP/TS).
To find the effective permission, find the least restrictive effective permission on the shares then the NTFS, then of those two permissions, the most restrictive would apply.
Remember, a person can get permissions either directly, or through groups.
As far as when to use universal, global and local groups, you assign permissions to local groups, and you make users as members of global groups, then make the global groups as members of the local groups that have the needed permissions of the resources. It is reasonable practice to nest global groups a long as you aren't in an NT mixed mode. You can remember this using the UsrGGLR rule.
Now if the domain is in native mode, you can use universal groups. You can't use universal groups if the domain is in a mode compatable with NT DCs.
Universal groups are used to gather global groups from multiple domains to avoid unneccessary replication. Generally global group membership is limited to users and groups within the same domain. Then the universal groups are made members of the local groups. This would be the UsrGGULR rule.
I may have this a bit confused, so check out http://www.techexams.net/technotes/70290/man_groups.shtml and see if that helps any better.