Questions about AGDLP implementation

The Shadow · September 2009

I am a little confused about the AGDLP implementation process. Here's my setup:

I have an OU named sales with 10 users accounts. I place the the user accounts into a global group (called sales_accounts), then I place that group into a domain local group (called sales_permissions), then I go to to my shared folder called sales. Then I click the permissions button on the shared tab and add the sales_permissions group to the shared permissions.

Is my setup correct?

RobertKaucher · September 2009

The Shadow wrote: »

I am a little confused about the AGDLP implementation process. Here's my setup:

I have an OU named sales with 10 users accounts. I place the the user accounts into a global group (called sales_accounts), then I place that group into a domain local group (called sales_permissions), then I go to to my shared folder called sales. Then I click the permissions button on the shared tab and add the sales_permissions group to the shared permissions.

Is my setup correct?

Yes, but you would also grand NTFS permissions to the domain local group as well.

Do you understand why AGLP is a best practice?

The Shadow · September 2009

Thanks Robert for helping me out. I added the NTFS permissions to the domain local group. Yes, I understand the why its best to use the AGLP. Given my setup, if I didn't use the AGLP, I would have to give the user accounts direct access to the shard folder (and any other resources), verses placing the use accounts into a group and giving the group access to the resources.

Super99 · September 2009

Here's what helped me.

http://www.laboratoire-microsoft.org/articles/win/groupes/images/agudlp.jpg

Questions about AGDLP implementation

Comments