Questions about AGDLP implementation
The Shadow
Member Posts: 78 ■■□□□□□□□□
I am a little confused about the AGDLP implementation process. Here's my setup:
I have an OU named sales with 10 users accounts. I place the the user accounts into a global group (called sales_accounts), then I place that group into a domain local group (called sales_permissions), then I go to to my shared folder called sales. Then I click the permissions button on the shared tab and add the sales_permissions group to the shared permissions.
Is my setup correct?
I have an OU named sales with 10 users accounts. I place the the user accounts into a global group (called sales_accounts), then I place that group into a domain local group (called sales_permissions), then I go to to my shared folder called sales. Then I click the permissions button on the shared tab and add the sales_permissions group to the shared permissions.
Is my setup correct?
Comments
-
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■The Shadow wrote: »I am a little confused about the AGDLP implementation process. Here's my setup:
I have an OU named sales with 10 users accounts. I place the the user accounts into a global group (called sales_accounts), then I place that group into a domain local group (called sales_permissions), then I go to to my shared folder called sales. Then I click the permissions button on the shared tab and add the sales_permissions group to the shared permissions.
Is my setup correct?
Yes, but you would also grand NTFS permissions to the domain local group as well.
Do you understand why AGLP is a best practice? -
The Shadow Member Posts: 78 ■■□□□□□□□□Thanks Robert for helping me out. I added the NTFS permissions to the domain local group. Yes, I understand the why its best to use the AGLP. Given my setup, if I didn't use the AGLP, I would have to give the user accounts direct access to the shard folder (and any other resources), verses placing the use accounts into a group and giving the group access to the resources.