It has been mentioned several times in this book that the best way to make sure that your users can get access to information is through the use of security groups. Windows 2000 allows you to organize users and other domain objects into groups for easy administration of access permissions. Defining your security groups is a major task when you are planning your security matrix.
The Windows 2000 security groups let you assign the same security permissions to large numbers of users in one operation. This ensures consistent security permissions across all members of a group. Using security groups to assign permissions means the access control lists on resources remain fairly static. "Fairly static" means they are easy to control and audit. Users who need access are added or removed from the appropriate security groups as needed, and the access control lists change infrequently. It all falls under that democratic principle mentioned above, to do unto as many others as possible without doing too much work.
Was this article helpful?