• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Ugh... Groups and Organizational Units?

G

GeSuN

Senior member
Hi,

I'm setting up MS Windows Advanced Server where I work... In fact, my boss is paying me to learn how to install it wich is pretty cool.

I'm setting up groups (well trying to...) and was wondering if I needed organizational units too? We have a small network here, with few personal. We have sales, accounting and technicians people. So I guess I have to create 3 groups, one for each, then create users in each groups... But what about organizational units??? Do I need them...

Maybe I'm not giving enough info here so if you need more info ask me!

 
Actually, the three departments would be more like OU's than security groups.

Given the small size of your environment, forget about OU's.
 
Organizational Units allow you to apply a Group Policy to them where as a Group doesn't. I suggest you create at least one OU for Users and one for Computers. This way you can apply a policy to that one OU and not affect the whole domain. This is in no way a one size fits all scenario. It all depends on what you want to do.

Groups are good for file permissions and stuff like that. For example where I work it's setup like this. Each user has a G drive which is their group drive for all their share department data. They have an H drive which is their own personal home drive that only they have access too. The last drive is an X drive which is a swap directory for the whole company that everyone has read and write access to. This is for sharing information between different departments and get cleared out monthly. We then use groups to define the permissions for each group share. It's more convient and not nearly as messy as using individual users for the permissions (we ahve some groups with over 200+ users in them).

Since you new to AD and Win2k Server check out the best practices guides at TechNet. They have tons of information on how to setup Win2k Server and what everything should be used for.
 
Okay, I realize that my response was vague. So I looked it up.

Groups are used for security.

But you can apply group policy to and delegate authority to OU's.
 
Ok I understand the group thing, but really not sure about OU... to resume, groups are used to set permissions on drives and files, as for OUs they are used for group policy...

but what is group policy... I mean can you give me a real example of the usage of group policy?

btw thanks for your help guys!!
 
Create an OU, right click it and select properties. Select the Group Policy tab, and then the New button.
Name your policy, then click the Edit button.

What you will see is an snap-in that is full of settings, hundreds of them. It takes a while to get familiar with them and where you can find each one. Look around and it will give you a good idea of how powerful they are.

Group policy is broken down into two major categories. (1) Users, (2) Computers.

If you make a change in the user policy category, any user in the OU this group policy is applied to will be affected. So if you (example) enable the setting to remove run line from Start menu, the users in this OU will not see the Run option on thier start menu anymore.

If you make a change to the computer policy category the change is made on the computer, and tends to affect any user who logs on to said computer (with a few exceptions, but lets keep it simple for now).

Group policy is very powerful. It can control pretty much evey aspect of your Domain's security policy, user rights, desktop apperance, etc.

There are many rules regarding how GP is applied as well. Far to many to get into here. If you want to use it, do some reading. If it's a small organization you could probably get away with using the default domain policy (right click the domain object in AD users and computers, select properties, GP tab). From there you can set domain wide policy for security (mandate password complexity, length, etc). Keep it simple.
 
Thanks!

Now I do understand the difference between OU and groups and also understand what group policies are used for... thanks all!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top