Difference between revisions of "Active Directory/Special Groups"
Jump to navigation
Jump to search
m |
|||
| Line 7: | Line 7: | ||
<th>Group Name</th> | <th>Group Name</th> | ||
<th>Description</th> | <th>Description</th> | ||
| + | </tr> | ||
| + | <tr> | ||
| + | <td valign=top>WT-<OU>-<NAME></td> | ||
| + | <td>Managed groups. The groups are defined using the [https://www.wolftech.ncsu.edu/wtmg/index.php WolfTech Managed Groups Tool].</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Revision as of 14:18, 5 July 2007
The WOLFTECH domain has a number of special groups to apply security policies and provide access to resources. This document explains the function of these groups and their intended memberships.
Top Level Groups
| Group Name | Description |
|---|---|
| WT-<OU>-<NAME> | Managed groups. The groups are defined using the WolfTech Managed Groups Tool. |
| NCSU-ACS Users | This group is given Read access to the ACS Q Drive on the ACS domain. A GPO (NCSU-ACS Users) is linked at the People OU and is filtered to this group to automatically mount the Q drive. Only staff who need access to the ACS Q Drive should be members of this group. |
| NCSU-Allow RIS | A GPO (Domain-Allow RIS) is linked to the domain root and filtered to this group to allow members of this group to use RIS to reinstall computers. Members of NCSU-Departmental OU Admins are a member of this group. |
| NCSU-Computers | All computers under the NCSU OU are a member of this group. |
| NCSU-Departmental OU Admins | All OU admins are a member of this group. Members of this group are delegated Read access to all group policy objects. |
| NCSU-Desktops | All desktop computers under the NCSU OU are a member of this group. |
| NCSU-Laptops | All laptop computers under the NCSU OU are a member of this group. A GPO (Domain-Laptop Policy) is linked at the domain root and filtered to this group to set laptop specific policies. |
| NCSU-Software Packagers | Members of this group have Full access to the NCSU software packages share (\\wolftech\files\common\ncsu\packages) and Full access to the SW-NCSU and FW-NCSU GPOs. |
| NCSU-User Account Managers | Members of this group have Full access to the People OU. |
ECE Departmental Groups
The following special groups are used in the ECE departmental OU. This is provided as a suggestion to other departments.
| Group Name | Description |
|---|---|
| ECE-ACS Users | This group is a member of NCSU-ACS Users that gives Read access to the ACS Q Drive on the ACS domain. Only staff who need access to the ACS Q Drive should be members of this group. |
| ECE-Allow RIS | This groups is a member of NCSU-Allow RIS that allows members to use RIS to reinstall computers. This group is useful for users who need to be able to use RIS, but are not OU admins. |
| ECE-Computer Admins | This group is a member of the local Administrators group on all computers in the ECE OU. Members of this group have Administrator priveleges on all ECE computers, but no special domain priveleges. ECE-OU Admins is a member of this group. |
| ECE-Computers | All computers within the ECE OU are members of this group. |
| ECE-Desktops | All desktops within the ECE OU are members of this group. |
| ECE-Enable Remote Assistance | A GPO (ECE-Enable Remote Assistance) is linked at the root of the ECE OU and filtered to this group that enables Unsolicited Remote Assistance on all members of this group. |
| ECE-Enable Remote Desktop | A GPO (ECE-Enable Remote Desktop) is linked at the root of the ECE OU and filtered to this group that enables Remote Desktop on all members of this group. |
| ECE-Laptops | All laptops within the ECE OU are members of this group. |
| ECE-OU Admins | This group is delegated Full access to the ECE OU. |
| ECE-Users | All ECE users are a member of this group. This includes students who have access to teaching lab computers. |
| ECE-IT.Users | The regular user accounts of IT staff members are members of this group. This group is a member of all ECE computers local Users group. This allows IT staff members to logon using regular user credentials. |
| ECE-Remote Assistants | This group is referenced in the ECE-Enable Remote Assistance GPO to authorize users to provide Unsolicited Remote Assistance. |
| ECE-Software Installers | Members of the group have Full access to the ECE software share (\\wolftech\files\ece\software). |
| ECE-Software Packages | Members of this group have Full access to the ECE packages share (\\wolftech\files\ece\packages). |