|
|||
|
|
|
| Home |
| About |
| Hobbies |
| Software |
| Hardware |
| ICT Hotlist |
| Purpose |
React:
ICT-Hotlist Topic
Back to the ICT-Hotlist...Disable Windows Active Directory Security Groups
Found an old but valuable Active Directory tip on John Dougherty's website.All Active Directory administrators know that security has to be applied to groups and users should be added to security groups instead of getting the security settings on their own accounts (AGDLP). This way user management, hire, fire and changing functions, can be made more easily. But what if you need to manage groups? Is that group you want to delete used somewhere? Unless very accurately documented, a deletion of a security group can be tricky.
So why not disable the security group and wait until something fails? Where is the disable option for groups in Active Directory? There isn't, so here the tip comes in handy.
You cannot disable a Security Group in the same way a user account is disabled.
However, you can change a Security Group to a Distribution Group, which disables all access provided by the group, but does not modify the group's SID.
This allows you to test the results of disabling the permissions provided by a Security Group prior to deleting the group.
by John Dougherty
OutsideSys.com
By changing the security group to a distribution group, all rights of the group members that still exist on file servers or within applications are removed. If all applications are still working, the now distribution group can be safely removed. When a problem occurs, change the distribution group back to a security group, and then resolve the issue at your leisure.
However, you can change a Security Group to a Distribution Group, which disables all access provided by the group, but does not modify the group's SID.
This allows you to test the results of disabling the permissions provided by a Security Group prior to deleting the group.
by John Dougherty
OutsideSys.com
Active Directory: disabling a security group
You may vote your opinion about this article:
Scripts and programming examples disclaimer
Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
