Unity Migration Blog
Collaborating to develop a sustainable, dynamic, robust, scalable, stable, and secure academic IT environment...
Post details: Default security/role groups for new org containers
09/25/07
Default security/role groups for new org containers
Folks,
I had a chat with Barry on Friday regarding the types of tasks typically performed by his administrators, and we have a (short) list of default roles I plan to document and someday codify.
We were basically trying to ease adminstrator of three types of resources - containers, file systems, and printers.
In a new delegated OU, we would create a series of groups, and assign rights to those groups. The plan is to make it as easy as possible for folks to do routine tasks. The option to arbitrarily complex rights assignment is still available in MMC.
== Group OU_Supervisors
Membership would intially be the "Manager" associated with the organization's remedy group.
Members of this group would have the rights needed to add or remove members from any of the role/security groups. The Remedy Manager would be responsible for identifying who in their organization should control access, and place them in this group.
== Group OU_Full_Control
Membership would initially be null.
Members of this group would have full control, including create and delete object rights of the organization's AD container.
The Remedy Manager would populate this. Barry confirms that most folks who would manage AD would manage everything, but not likely delegate.
== Group GPO_Full_Control
Membership would initially be null.
Membershers of this group would have rights to create, modify, and assign Group Policy Objects. Since GPOs aren't stored in a shared container for the whole domain, it was desirable to have this seperate from GPO_Full_Control. Mistakes made with accounts in this group could potentially impact the entire campus.
The Remedy Manager would populate this.
== Group LockerName_Full_Control
== Group LockerName_ReadOnly
== Group LockerName_ReadWrite
Membership for all three groups would initially be null, and the Remedy Manager would populate them.
These groups would control basic access to a filesystem or "locker" Members of "ReadWrite" would have modify, read, write and create style access. The Full_Control group could also assign rights and take ownership. By default, no read access at all is set for new lockers. For "public" lockers, like App space, the "ReadOnly" group would need to include "Everybody"
== Group Printer_Operators
Membership would initially be null, and the Remedy Manager would populate this group.
Members can start and stop printers, see and hold the job queue, and basically control printers in the OU.
== Group Printer_Creators
With changes coming to the WolfPrint system, it may be possible to delegate the creation of new accounted printing printers directly. This group would control access if this proves viable.
Comments:
Comment from: Ersince [Visitor] 
· http://www.sokaksairi.com
· http://www.sokaksairi.com
ersince den selamlar
Permalink
05/29/08 @ 06:37
Comment from: SewoGnc [Visitor] · http://www.eksioglunakliyat.com
· http://www.eksioglunakliyat.com
evden eve nakliyat
Permalink
06/19/08 @ 11:17
Comment from: ahmad [Visitor] · http://www.diziklip.com
· http://www.diziklip.com
Membershers of this group would have rights to create, modify, and assign Group Policy Objects. Since GPOs aren't stored in a shared container for the whole domain, it was desirable to have this seperate from GPO_Full_Control. Mistakes made with accounts in this group could potentially impact the entire campus.
Permalink
07/20/08 @ 16:24
Comment from: ahmad [Visitor] · http://www.forzaneuro.com
· http://www.forzaneuro.com
These groups would control basic access to a filesystem or "locker" Members of "ReadWrite" would have modify, read, write and create style access. The Full_Control group could also assign rights and take ownership. By default, no read access at all is set for new lockers. For "public" lockers, like App space, the "ReadOnly" group would need to include "Everybody"
== Group Printer_Operators
Membership would initially be null, and the Remedy Manager would populate this group.
Members can start and stop printers, see and hold the job queue, and basically control printers in the OU.
== Group Printer_Creators
With changes coming to the WolfPrint system, it may be possible to delegate the creation of new accounted printing printers directly. This group would control access if this proves viable.
== Group Printer_Operators
Membership would initially be null, and the Remedy Manager would populate this group.
Members can start and stop printers, see and hold the job queue, and basically control printers in the OU.
== Group Printer_Creators
With changes coming to the WolfPrint system, it may be possible to delegate the creation of new accounted printing printers directly. This group would control access if this proves viable.
Permalink
07/20/08 @ 16:24
Comment from: RedStart [Visitor] · http://www.redstarttonersupply.com
· http://www.redstarttonersupply.com
Thank you!
Permalink
08/20/08 @ 22:49
Comment from: www.onlinepaylas.com [Visitor] · http://www.onlinepaylas.com
· http://www.onlinepaylas.com
Film indir Full Film
Permalink
09/10/08 @ 04:28
Comment from: Kyocera Toner [Visitor] · http://www.redstartprinters.com
· http://www.redstartprinters.com
Thanks!!
Permalink
09/18/08 @ 19:32
Comment from: mubarek gun ve geceler [Visitor] · http://blog.islamdersleri.com
· http://blog.islamdersleri.com
Membershers of this group would have rights to create, modify, and assign Group Policy Objects.
Permalink
11/15/08 @ 12:04
Comment from: film izle [Visitor] · http://www.filmizlex.com
· http://www.filmizlex.com
Thanks for all
http://www.telefondinleme.net/5-telefon-dinleme.html
http://www.telefondinleme.net/5-telefon-dinleme.html
Permalink
12/20/08 @ 15:05
Comment from: telefon dinleme [Visitor] · http://www.telefondinleme.net/5-telefon-dinleme.html
· http://www.telefondinleme.net/5-telefon-dinleme.html
Enjoy the article.Hing Regards
Permalink
12/20/08 @ 15:06
Comment from: berk [Visitor] · http://mesleksec.blogsopot.com
· http://mesleksec.blogsopot.com
terrific article. thanks for your share.
Permalink
01/06/09 @ 15:52
Comment from: Paul [Visitor] · http://bookwormlab.com
· http://bookwormlab.com
might be a good topic for my research...
Permalink
02/19/09 @ 13:25
Comment from: geciktirici [Visitor] · http://www.rhino-tr.com
· http://www.rhino-tr.com
Thanks,
Nice very text.
Nice very text.
Permalink
03/25/09 @ 05:26
Comment from: geciktirici sprey [Visitor] · http://www.geciktirici-pjur.com
· http://www.geciktirici-pjur.com
Thans you
Permalink
03/25/09 @ 05:27
Comment from: comforter down [Visitor]
The option to arbitrarily complex rights assignment is still available in MMC.
Permalink
04/10/09 @ 03:43
Comment from: kampanye damai pemilu indonesia 2009 [Visitor] · http://newreil.com/kampanye-damai-pemilu-indonesia-2009/
· http://newreil.com/kampanye-damai-pemilu-indonesia-2009/
great article...thanks for it
Permalink
04/25/09 @ 01:17
Comment from: David Shaw [Visitor] · http://www.error-code-repair.com
· http://www.error-code-repair.com
terrific article. thanks for sharing it with us, I have some work to do in this area.
Permalink
05/05/09 @ 12:06
Comment from: tabela [Visitor] · http://www.sirtabela.com
· http://www.sirtabela.com
great article...thanks for it
Permalink
05/18/09 @ 19:28
Comment from: evden eve nakliyat [Visitor] · http://www.evdenevetasima.net
· http://www.evdenevetasima.net
great article
Permalink
05/18/09 @ 19:29
Comment from: How To Grow Taller [Visitor] · http://howtogrowtaller101.com/
· http://howtogrowtaller101.com/
This is a great post
Permalink
06/03/09 @ 14:46
Comment from: mirc [Visitor] · http://www.mircbook.net
· http://www.mircbook.net
very good web :) thanx admin
Permalink
06/11/09 @ 12:03
Comment from: telefon dinleme [Visitor] · http://www.trdedektiflik.com
· http://www.trdedektiflik.com
thank you.
Permalink
06/23/09 @ 04:03
Comment from: bursa evden eve [Visitor] · http://www.akgulnakliyat.com
· http://www.akgulnakliyat.com
wonderful article good thanks
Permalink
07/14/09 @ 02:26
Comment from: Acai Power Blast [Visitor] · http://www.scribd.com/doc/18243043/Acai-Power-Blast
· http://www.scribd.com/doc/18243043/Acai-Power-Blast
great article
Permalink
08/07/09 @ 13:02
Comment from: dangerousboy_55 [Visitor] · http://www.ssksorunlari.com
· http://www.ssksorunlari.com
Thank you!
Permalink
08/08/09 @ 17:55
Comment from: dangerousboy_55 [Visitor] · http://www.ssksorunlari.com
· http://www.ssksorunlari.com
are you crazy
Permalink
08/08/09 @ 18:11
Comment from: Arayipbul [Visitor] · http://www.arayipbul.net
· http://www.arayipbul.net
Thanks a lot...
Permalink
08/08/09 @ 18:12
Comment from: Karpuz Peynir [Visitor] · http://www.karpuzpeynir.com/
· http://www.karpuzpeynir.com/
very nice. health information available at the bottom of the expected
http://www.karpuzpeynir.com/search/label/sa%C4%9Fl%C4%B1k
http://www.karpuzpeynir.com/search/label/sa%C4%9Fl%C4%B1k
Permalink
08/08/09 @ 18:20
Comment from: dizi izle [Visitor] · http://http//www.sanaldizi.net
· http://http//www.sanaldizi.net
The option to arbitrarily complex rights assignment is still available in MMC.
http://www.sanaldizi.net
http://www.filmturka.net
http://www.sanaldizi.net
http://www.filmturka.net
Permalink
08/08/09 @ 20:32
Comment from: kariyerrusya [Visitor]
thank you for ur information
rergards!
rergards!
Permalink
08/09/09 @ 07:03
Comment from: araba oyunları [Visitor] · http://www.arabaoyunu.gen.tr
· http://www.arabaoyunu.gen.tr
thank you admin
Permalink
08/09/09 @ 07:47
Comment from: kadın sitesi [Visitor] · http://www.kadinform.com
· http://www.kadinform.com
great information.. thx!
Permalink
08/09/09 @ 07:48
Comment from: yemek oyunları [Visitor] · http://www.pastaoyunlari.net
· http://www.pastaoyunlari.net
tahnk you
Permalink
08/09/09 @ 07:53
Comment from: futbol oyunları [Visitor] · http://www.futbol-oyunlari.gen.tr
· http://www.futbol-oyunlari.gen.tr
very good
Permalink
08/09/09 @ 07:54
Comment from: savaş oyunu [Visitor] · http://www.savas-oyunu.com
· http://www.savas-oyunu.com
thanks love you admin
Permalink
08/09/09 @ 08:00
Comment from: zeka oyunları [Visitor] · http://www.zeka-oyunlari.gen.tr
· http://www.zeka-oyunlari.gen.tr
very good
Permalink
08/09/09 @ 08:01
Comment from: said [Visitor] · http://www.dinimakale.com
· http://www.dinimakale.com
I've migrated the volumes off of 22acn to clear a stuck Thunderbird lock file. I'm also rebooting it to clear some old connections that can't be manually cleared. I'll re-balance tonight.
Permalink
08/09/09 @ 08:56
Comment from: iris [Visitor] · http://news-kurdish.blogspot..com
· http://news-kurdish.blogspot..com
I've migrated the volumes off of 22acn to clear a stuck Thunderbird lock file. I'm also rebooting it to clear some old connections that can't be manually cleared. I'll re-balance tonight.
What is this
What is this
Permalink
08/09/09 @ 08:58
Comment from: Rockco [Visitor] · http://www.headmm.com
· http://www.headmm.com
Emo, Emo nedir, Emo resimleri, Emo Nickler,Headmm,Emo Avatarları, Punk, Punk Resimleri, Punk Avatarları,Gothic,Gothic Resimler,Gothic Nickler,Gothic Avatarları,Rock, Rock Resimleri, Rock Avatarları, Msn Nickleri, Msn Avatarları, Müzik
Permalink
08/09/09 @ 09:12
Comment from: renk [Visitor] · http://www.sohbetmeydani.com
· http://www.sohbetmeydani.com
thanks love you admin
Permalink
08/09/09 @ 17:49
Comment from: arabalar [Visitor] · http://www.resims.net
· http://www.resims.net
thank you so much
Permalink
08/10/09 @ 01:27
Comment from: trosor [Visitor] · http://www.handlanu.com
· http://www.handlanu.com
Nice information
Permalink
08/10/09 @ 03:26
Comment from: Mesut Demir [Visitor] · http://www.rhino-tr.com
· http://www.rhino-tr.com
Thanks for text.
Permalink
08/11/09 @ 06:53
Comment from: pornlop [Visitor] · http://pornlop.com
· http://pornlop.com
Free stream porn videos
http://pornlop.com
http://pornlop.com
Permalink
08/12/09 @ 10:46
Comment from: chat [Visitor] · http://www.hayda.net
· http://www.hayda.net
I've migrated the volumes off of 22acn to clear a stuck Thunderbird lock file.
Permalink
08/13/09 @ 20:18
Comment from: katlamali perde [Visitor] · http://www.katlamaliperde.net
· http://www.katlamaliperde.net
Today's enterprise is increasingly dependent on IT, to the point that operating without its services is nearly impossible.
Permalink
08/19/09 @ 11:42
Comment from: Bayrak [Visitor] · http://www.bayrak.cc
· http://www.bayrak.cc
thank you very very nice :)
Permalink
08/19/09 @ 12:05
Comment from: Teknoloji Haberleri [Visitor] · http://www.dogalyazi.com
· http://www.dogalyazi.com
thanks admin
Permalink
08/19/09 @ 12:06
Comment from: Jack01 [Visitor] · http://www.zevkli-forum.com/
· http://www.zevkli-forum.com/
I think you have called attention
Permalink
08/19/09 @ 13:08
Comment from: alison12 [Visitor] · http://www.temaciyiz.com/
· http://www.temaciyiz.com/
I am looking forward to see your other subjects and I follow those.
Permalink
08/19/09 @ 13:09
Comment from: mark [Visitor] · http://www.mysaglik.com/
· http://www.mysaglik.com/
In my opinion, everybody should read this.
Permalink
08/19/09 @ 13:10
Comment from: Sohbetizm.Com [Visitor] · http://www.sohbetizm.com
· http://www.sohbetizm.com
Sohbet chat sohbetizm
Permalink
08/19/09 @ 16:12
Comment from: emre [Visitor] · http://www.oteltatil.org
· http://www.oteltatil.org
goog write, Thanks admin
Permalink
08/23/09 @ 07:29
Comment from: jack001 [Visitor] · http://www.ealbeni.com
· http://www.ealbeni.com
I enjoyed reading your article
Permalink
08/24/09 @ 14:35
Comment from: youtube [Visitor] · http://www.youtube.bitanesiol.com
· http://www.youtube.bitanesiol.com
thank you
Permalink
08/25/09 @ 16:54
Comment from: kadin [Visitor] · http://www.kadin.bitanesiol.com
· http://www.kadin.bitanesiol.com
thank you
Permalink
08/25/09 @ 16:56
Comment from: mankenler [Visitor] · http://www.mankenaskim.bitanesiol.com
· http://www.mankenaskim.bitanesiol.com
thank you
Permalink
08/25/09 @ 16:56
Comment from: koçluk [Visitor] · http://deneme
· http://deneme
A powerful guide designed to help executives, coaches, and managers implement programs that work for their organizations.
Permalink
08/25/09 @ 17:14
Comment from: İnşaatSözlük [Visitor] · http://www.insaatsozluk.com
· http://www.insaatsozluk.com
Thanks...
Permalink
08/26/09 @ 02:16
Comment from: aho [Visitor] · http://www.sohbetlive.com
· http://www.sohbetlive.com
chok guzel, thank you
Permalink
08/26/09 @ 06:37
Comment from: meho [Visitor] · http://www.sohbetlive.net
· http://www.sohbetlive.net
thank you for that
Permalink
08/26/09 @ 06:37
Comment from: salih [Visitor] · http://www.aniden.net
· http://www.aniden.net
aniden in english suddenly
Permalink
08/26/09 @ 06:38
Comment from: salo [Visitor] · http://www.problemcocuk.com
· http://www.problemcocuk.com
we do seo for all sites.
Permalink
08/26/09 @ 06:40
Comment from: forum ulen [Visitor] · http://www.tamsaha.com
· http://www.tamsaha.com
90*45 for a football match area.
Permalink
08/26/09 @ 06:41
Comment from: mantar [Visitor] · http://www.lantar.com
· http://www.lantar.com
about irc and web.
Permalink
08/26/09 @ 06:50
Comment from: nia [Visitor] · http://www.nidosa.com
· http://www.nidosa.com
How we do it default?
Permalink
08/26/09 @ 06:56
Comment from: Diyarbakir [Visitor] · http://www.anzele.net
· http://www.anzele.net
Thanks you hacı
Permalink
08/26/09 @ 18:17
Comment from: lida fx15 biber hapı ikibindokuz seo yarışması [Visitor] · http://2009yerelsecimleri.wordpress.com/
· http://2009yerelsecimleri.wordpress.com/
create a series of groups
Permalink
08/27/09 @ 03:21
Comment from: bilet [Visitor] · http://www.biletbul.com
· http://www.biletbul.com
thank you man for this article
Permalink
08/27/09 @ 12:51
Comment from: yemek tarifleri [Visitor] · http://www.kilerde.com
· http://www.kilerde.com
very nice. health information available at the bottom of the expected
Permalink
08/28/09 @ 06:50
Comment from: yemek tarifleri [Visitor] · http://www.kilerde.com
· http://www.kilerde.com
very nice. health information available at the bottom of the expected
Permalink
08/28/09 @ 06:54
Comment from: bitkisel eczane [Visitor] · http://bitkisel-eczane.com/
· http://bitkisel-eczane.com/
Thanks you
http://bitkisel-eczane.com/
http://bitkisel-eczane.com/
Permalink
08/28/09 @ 17:41
Comment from: medyum [Visitor] · http://www.medyumara.com
· http://www.medyumara.com
These groups would control basic access to a filesystem or "locker" Members of "ReadWrite" would have modify, read, write and create style access.
Permalink
10/08/09 @ 12:59
Comment from: judith andy [Visitor] · http://www.miamiinjurieslawyer.com
· http://www.miamiinjurieslawyer.com
i will try to do this thing you mentioned
Permalink
10/26/09 @ 10:24
Comment from: Home Lighting [Visitor] · https://lightingsale.com
· https://lightingsale.com
Thanks for this great post.
Permalink
11/02/09 @ 03:10
Comment from: parça kontör bayi [Visitor] · http://www.kontoranabayi.com/
· http://www.kontoranabayi.com/
Thank you very much for this information.I like This site!
http://www.jetkontorbayi.com
http://www.kontoranabayi.com
http://www.jetkontorbayi.com
http://www.kontoranabayi.com
Permalink
11/22/09 @ 04:00 Leave a comment:
Unity Migration Blog
This blog is intended to be used by the staff members of ITD's Microsys group at NC State University. It is an internal project management and collaboration tool to be used throughout the Unity migration project. Project updates, thoughts, suggestions, and anything else related to the migration should be included.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| << < | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
Search
Categories
- All
- Applications (46)
- Architecture (66)
- Active Directory (51)
- Licensing & Activation (8)
- Servers (31)
- Systems Management Server (6)
- TESTITD Domain (2)
- Change Management (80)
- Communication (56)
- Blog (6)
- Meetings (12)
- Reports and Updates (12)
- Unity Forums (5)
- Website (11)
- Desktop Management (27)
- Disaster Recovery (18)
- Filesystems (27)
- Migration Issues (18)
- Miscellaneous (23)
- Resources (22)
- User Accounts (18)
- Workstation Deployment (35)
Archives
- March 2008 (2)
- January 2008 (1)
- November 2007 (2)
- October 2007 (4)
- September 2007 (4)
- August 2007 (9)
- July 2007 (11)
- June 2007 (29)
- May 2007 (19)
- April 2007 (12)
- March 2007 (21)
- February 2007 (11)
- More...
Who's Online?
- Guest Users: 6
XML Feeds
What is RSS?
powered by
