Exploring the Concept of Active Directory Access Groups and Role
Groups
A best-practice approach that utilizes role-based access control for ISA Server 2006
Administration, and administration of an IT environment in general, can be deployed in a
relatively straightforward approach, using Active Directory groups to delegate administration
and to define membership in particular roles.
This administrative concept logically divides groups into two types, as follows:
. Access Groups??”Access groups are Active Directory groups that are created to
control a certain level of access that is granted to a particular resource, such as a file
share, printer, server, or any other network resource. For example, a group could be
created called AG-ISAFullAdmins that would be granted Full Admin rights to an ISA
server. For the most efficient replication and application, these types of groups are
typically Domain Local groups.
. Role Groups??”Role groups are Active Directory groups whose members share the
same roles within an organization. These groups are then added into the membership
of an access group to allow the members of that role to have the type of access
they need to do their job.
Pages:
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688