Active Directory/Special Groups

From WolfTech
Jump to navigation Jump to search

The WOLFTECH domain has a number of special groups to apply security policies and provide access to resources. This document explains the function of these groups and their intended memberships.

Top Level Groups

Group Name Description
NCSU-ACS Users This group is given Read access to the ACS Q Drive on the ACS domain. A GPO (NCSU-ACS Users) is linked at the People OU and is filtered to this group to automatically mount the Q drive. Only staff who need access to the ACS Q Drive should be members of this group.
NCSU-Allow RIS A GPO (Domain-Allow RIS) is linked to the domain root and filtered to this group to allow members of this group to use RIS to reinstall computers. Members of NCSU-Departmental OU Admins are a member of this group.
NCSU-Computers All computers under the NCSU OU are a member of this group.
NCSU-Departmental OU Admins All OU admins are a member of this group. Members of this group are delegated Read access to all group policy objects.
NCSU-Desktops All desktop computers under the NCSU OU are a member of this group.
NCSU-Laptops All laptop computers under the NCSU OU are a member of this group. A GPO (Domain-Laptop Policy) is linked at the domain root and filtered to this group to set laptop specific policies.
NCSU-Software Packagers Members of this group have Full access to the NCSU software packages share (\\wolftech\files\common\ncsu\packages)
NCSU-User Account Managers Members of this group have Full access to the People OU. Once user account creation scripting is completed, this group will be retired.

ECE Departmental Groups

The following special groups are used in the ECE departmental OU. This is provided as a suggestion to other departments.

Group Name Description
ECE-ACS Users This group is a member of NCSU-ACS Users that gives Read access to the ACS Q Drive on the ACS domain. Only staff who need access to the ACS Q Drive should be members of this group.
ECE-Allow RIS This groups is a member of NCSU-Allow RIS that allows members to use RIS to reinstall computers. This group is useful for users who need to be able to use RIS, but are not OU admins.
ECE-Computer Admins This group is a member of the local Administrators group on all computers in the ECE OU. Members of this group have Administrator priveleges on all ECE computers, but no special domain priveleges. ECE-OU Admins is a member of this group.
ECE-Computers All computers within the ECE OU are members of this group.
ECE-Desktops All desktops within the ECE OU are members of this group.
ECE-Enable Remote Assistance A GPO (ECE-Enable Remote Assistance) is linked at the root of the ECE OU and filtered to this group that enables Unsolicited Remote Assistance on all members of this group..
ECE-Enable Remote Desktop A GPO (ECE-Enable Remote Desktop) is linked at the root of the ECE OU and filtered to this group that enables Remote Desktop on all members of this group.
ECE-Laptops All laptops within the ECE OU are members of this group.
ECE-OU Admins
ECE-Users