Home > Archive > 70-219 > August 2002 > global group problem?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author global group problem?
toddparsons

2002-08-22, 11:03 pm

For 70-219 I keep reading thing like the below
For each case where you decide to delegate control you will need to create a local group that will be allowed to perform the desired function and add the pertinent users objects to that gourp, and grant that group specific rights on the highest oU possible

I thought you only( or tried to in most cases) added user of similar job responibilities to global groups then made them members of domain local group and assigned resource permissions to the domain local group???

thanks in advance for your help
Todd
jeff_j_black

2002-08-22, 11:27 pm

Sounds like you have it correct. It is not correct to put users directly in local groups. Users in global, global in local. The real gist of the questions you are referring to are more focused on the mechanics of delegation of control, sometimes the most correct answer in the exam is not the optimal configuration.
Sexy Lexy

2002-08-23, 2:25 am

The acronym I use (someone told me it a while back) is PIGIL.

People Into Global Into Local.

Assign users into global groups and assign the global groups into the local groups to which you have grated permissions or access.

Sounds awful I admit. However, it's simple to remember and it gets the point across. If you can remember PIGIL then any group assignment or permission question in an exam is easy to figure out.

Hope it helps.

Pavlov

2002-08-23, 8:02 am

How about UGLY?
Users
Global
Local
Your resources (access to)
jp_d55

2002-08-26, 12:53 am

I use this one

A: User accounts
G: Global Groups
DL: Domain Local
P: Permisions
toddparsons

2002-08-26, 12:59 am

here is a private reply I got...I think I understand and think is what I was after???



Delegation is the process of assigning administrative rights (such as the
ability to reset passwords) to certain groups.

What you're referring to is the permissions for access to a particular
resource, which is correct.
You have to differentiate between permissions for active directory objects
and permissions on resources.

Object permissions control administration of resources (adding users to OUs,
resetting passwords, GPO policy)
Resource permissions control access (read, write etc.)

So for one you create local group and other you do the global into
domain local and assign permission to the domain local often as delegation of OU s are always gonna be in the same domain. So the scope of the group will always be in only one domain (domain
local), whereas resources might not...

AGDLP - Accounts, Global, Domain Local, Permissions
Is a separate thing, used for permissions not delegation, try to
separate the two.
Tech Ranger

2002-08-27, 8:50 pm

It seems to me that for the purpose of delegating control in the context of an OU, it wouldn't make sense to create a Global group. You are working stricly within the confines of an OU which exists within a domain. I would use a Domain Local group, and put users into that group to whom you want to delegate control.
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net