Difference between revisions of "Active Directory/Special Groups"
Jump to navigation
Jump to search
(7 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | The WOLFTECH domain has a number of special groups to apply security policies and provide access to resources. This document explains the function of these groups and their intended memberships. | + | {{Active_Directory_toc}}The WOLFTECH domain has a number of special groups to apply security policies and provide access to resources. This document explains the function of these groups and their intended memberships. |
==Top Level Groups== | ==Top Level Groups== | ||
Line 7: | Line 7: | ||
<th>Group Name</th> | <th>Group Name</th> | ||
<th>Description</th> | <th>Description</th> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top>WT-<OU>-<NAME></td> | ||
+ | <td>Managed groups. The groups are defined using the [https://www.wolftech.ncsu.edu/wtmg/ WolfTech Managed Groups Tool].</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td width=200 valign=top>NCSU-ACS Users</td> | <td width=200 valign=top>NCSU-ACS Users</td> | ||
− | <td>This group is given Read access to the ACS Q Drive on the ACS domain. A GPO (NCSU-ACS Users) is linked at the People OU and is filtered to this group to automatically mount the Q drive. Only staff who need access to the ACS Q Drive should be members of this group.</td> | + | <td>This group is given Read access to the ACS Q Drive on the ACS domain. A GPO (NCSU-ACS Users) is linked at the People OU and is filtered to this group to automatically mount the Q drive. Only staff who need access to the ACS Q Drive should be members of this group. '''NOTE''': OU Admins should not move their local "ACS Users" group as this will cause this connection to fail.</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 19: | Line 23: | ||
<td valign=top>NCSU-Computers</td> | <td valign=top>NCSU-Computers</td> | ||
<td>All computers under the NCSU OU are a member of this group.</td> | <td>All computers under the NCSU OU are a member of this group.</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top>NCSU-Computer Migrators</td> | ||
+ | <td>All .admins which are members of this group have the ability to join a computer to the domain. For those whom you want to have this privilege without granting them full OU Admin status.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 37: | Line 45: | ||
<tr> | <tr> | ||
<td valign=top>NCSU-User Account Managers</td> | <td valign=top>NCSU-User Account Managers</td> | ||
− | <td>Members of this group have Full access to the People OU | + | <td>Members of this group have Full access to the People OU.</td> |
</tr> | </tr> | ||
</table> | </table> | ||
Line 71: | Line 79: | ||
<tr> | <tr> | ||
<td valign=top>ECE-Enable Remote Assistance</td> | <td valign=top>ECE-Enable Remote Assistance</td> | ||
− | <td>A GPO (ECE-Enable Remote Assistance) is linked at the root of the ECE OU and filtered to this group that enables Unsolicited Remote Assistance on all members of this group | + | <td>A GPO (ECE-Enable Remote Assistance) is linked at the root of the ECE OU and filtered to this group that enables Unsolicited Remote Assistance on all members of this group.</td> |
</tr> | </tr> | ||
<tr> | <tr> |
Latest revision as of 16:07, 28 August 2017
The WOLFTECH domain has a number of special groups to apply security policies and provide access to resources. This document explains the function of these groups and their intended memberships.
Top Level Groups
Group Name | Description |
---|---|
WT-<OU>-<NAME> | Managed groups. The groups are defined using the WolfTech Managed Groups Tool. |
NCSU-ACS Users | This group is given Read access to the ACS Q Drive on the ACS domain. A GPO (NCSU-ACS Users) is linked at the People OU and is filtered to this group to automatically mount the Q drive. Only staff who need access to the ACS Q Drive should be members of this group. NOTE: OU Admins should not move their local "ACS Users" group as this will cause this connection to fail. |
NCSU-Allow RIS | A GPO (Domain-Allow RIS) is linked to the domain root and filtered to this group to allow members of this group to use RIS to reinstall computers. Members of NCSU-Departmental OU Admins are a member of this group. |
NCSU-Computers | All computers under the NCSU OU are a member of this group. |
NCSU-Computer Migrators | All .admins which are members of this group have the ability to join a computer to the domain. For those whom you want to have this privilege without granting them full OU Admin status. |
NCSU-Departmental OU Admins | All OU admins are a member of this group. Members of this group are delegated Read access to all group policy objects. |
NCSU-Desktops | All desktop computers under the NCSU OU are a member of this group. |
NCSU-Laptops | All laptop computers under the NCSU OU are a member of this group. A GPO (Domain-Laptop Policy) is linked at the domain root and filtered to this group to set laptop specific policies. |
NCSU-Software Packagers | Members of this group have Full access to the NCSU software packages share (\\wolftech\files\common\ncsu\packages) and Full access to the SW-NCSU and FW-NCSU GPOs. |
NCSU-User Account Managers | Members of this group have Full access to the People OU. |
ECE Departmental Groups
The following special groups are used in the ECE departmental OU. This is provided as a suggestion to other departments.
Group Name | Description |
---|---|
ECE-ACS Users | This group is a member of NCSU-ACS Users that gives Read access to the ACS Q Drive on the ACS domain. Only staff who need access to the ACS Q Drive should be members of this group. |
ECE-Allow RIS | This groups is a member of NCSU-Allow RIS that allows members to use RIS to reinstall computers. This group is useful for users who need to be able to use RIS, but are not OU admins. |
ECE-Computer Admins | This group is a member of the local Administrators group on all computers in the ECE OU. Members of this group have Administrator priveleges on all ECE computers, but no special domain priveleges. ECE-OU Admins is a member of this group. |
ECE-Computers | All computers within the ECE OU are members of this group. |
ECE-Desktops | All desktops within the ECE OU are members of this group. |
ECE-Enable Remote Assistance | A GPO (ECE-Enable Remote Assistance) is linked at the root of the ECE OU and filtered to this group that enables Unsolicited Remote Assistance on all members of this group. |
ECE-Enable Remote Desktop | A GPO (ECE-Enable Remote Desktop) is linked at the root of the ECE OU and filtered to this group that enables Remote Desktop on all members of this group. |
ECE-Laptops | All laptops within the ECE OU are members of this group. |
ECE-OU Admins | This group is delegated Full access to the ECE OU. |
ECE-Users | All ECE users are a member of this group. This includes students who have access to teaching lab computers. |
ECE-IT.Users | The regular user accounts of IT staff members are members of this group. This group is a member of all ECE computers local Users group. This allows IT staff members to logon using regular user credentials. |
ECE-Remote Assistants | This group is referenced in the ECE-Enable Remote Assistance GPO to authorize users to provide Unsolicited Remote Assistance. |
ECE-Software Installers | Members of the group have Full access to the ECE software share (\\wolftech\files\ece\software). |
ECE-Software Packages | Members of this group have Full access to the ECE packages share (\\wolftech\files\ece\packages). |