Questions about AGDLP implementation

The ShadowThe Shadow Member Posts: 78 ■■□□□□□□□□
in Server 70-290
I am a little confused about the AGDLP implementation process. Here's my setup:

I have an OU named sales with 10 users accounts. I place the the user accounts into a global group (called sales_accounts), then I place that group into a domain local group (called sales_permissions), then I go to to my shared folder called sales. Then I click the permissions button on the shared tab and add the sales_permissions group to the shared permissions.

Is my setup correct?
· Share on FacebookShare on Twitter

Comments

  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    The Shadow wrote: »
    I am a little confused about the AGDLP implementation process. Here's my setup:

    I have an OU named sales with 10 users accounts. I place the the user accounts into a global group (called sales_accounts), then I place that group into a domain local group (called sales_permissions), then I go to to my shared folder called sales. Then I click the permissions button on the shared tab and add the sales_permissions group to the shared permissions.

    Is my setup correct?

    Yes, but you would also grand NTFS permissions to the domain local group as well.

    Do you understand why AGLP is a best practice?
    · Share on FacebookShare on Twitter
  • The ShadowThe Shadow Member Posts: 78 ■■□□□□□□□□
    Thanks Robert for helping me out. I added the NTFS permissions to the domain local group. Yes, I understand the why its best to use the AGLP. Given my setup, if I didn't use the AGLP, I would have to give the user accounts direct access to the shard folder (and any other resources), verses placing the use accounts into a group and giving the group access to the resources.
    · Share on FacebookShare on Twitter
  • Super99Super99 Member Posts: 274
    Here's what helped me.

    http://www.laboratoire-microsoft.org/articles/win/groupes/images/agudlp.jpg
    · Share on FacebookShare on Twitter
Sign In or Register to comment.