مشاركة: مساعدة بسوال في 290
الجواب على درايتي صحيح
لانه انت ما تقدر تستخدم الـ universal group في تحديد الصلاحيات
" طبعا يفضل إستخدام Domain Local Group في عملية تحديد الصلاحيات "
وايضا ما تستطيع استخدام الـ Universal Group لانه الـ Domain شغالة على native mode
فالبتالي الإجابة b هي الصحيحة
تستخدم Global Group وتحدد الـ Domain User من كل Domain ومن ثم تضيف هذه الـ Group على الـ Domain Local Group في كل shared folders
ولك التحية
مشاركة: مساعدة بسوال في 290
اقتباس:
المشاركة الأصلية كتبت بواسطة منديل
الجواب على درايتي صحيح
لانه انت ما تقدر تستخدم الـ universal group في تحديد الصلاحيات
" طبعا يفضل إستخدام Domain Local Group في عملية تحديد الصلاحيات "
وايضا ما تستطيع استخدام الـ Universal Group لانه الـ Domain شغالة على native mode
فالبتالي الإجابة b هي الصحيحة
تستخدم Global Group وتحدد الـ Domain User من كل Domain ومن ثم تضيف هذه الـ Group على الـ Domain Local Group في كل shared folders
ولك التحية
الاجوبه الاربعة تقريبا صحيحة وانا بحاول الاتصال بـ Microsoft Help لان الجواب b صحيح اذا كان DL مخلوق في الـ admin وليس الـ Staff لان الـ share Folder هناك. ايضا الجواب c صحيح لكن لايفضل سحب الـ Users من عدة Domain ويفضل استخدم الـ Global Groups كما تفضلت
للعلم فان Universal Group يستخدم في الـ Native لكن لا في الـ Mixed (H)
مع الشكر
مشاركة: مساعدة بسوال في 290
اقتباس:
للعلم فان Universal Group يستخدم في الـ Native لكن لا في الـ Mixed
هفوة
مشاركة: مساعدة بسوال في 290
Al salamo 3alekoh
the answer B is the only correct answer because you can't add the clerk users to the domain local because the domail local is seen only by it's domain & can't be seen by any other from other domains for the best security concept you can add the users to a global & put all globals in a bomain local group, Also you can't use the universal group due to the 2000 native mode not 2003 native
w allah a3lam
koxkox
مشاركة: مساعدة بسوال في 290
You can add any user or group from any domain in the tree to the DL but the permission is limited to the domain scope
مشاركة: مساعدة بسوال في 290
B is the correct answer,
microsoft use this procedure to grant access to a ressource from multi. domain. (Account -->Global-->Domain local-->Permission).
add account to a global grp, add global grp to a domain local grp.Grant permission to a local grp.
If you have 3 or more domains and need to grant permission for users form these domains to a different ressource in the three domains can you use this procedure (Account -->Global-->Universal-->Domain local-->Permission).
but you should remember that when you use universal grp you will get more traffic in the network because universal grp exist in global catalog.
مشاركة: مساعدة بسوال في 290
Thanks for the deceleration
I usually understand DL as you can add users from domains for a local resourse
and global you add users from same domain to resourse in differnet domain
Is it right?
In DL, you cant see that group from another domain as opposite to G?
مشاركة: مساعدة بسوال في 290
Domain Local Groups
Domain local groups are used primarily to assign access permissions to global groups for local domain resources. Domain local groups:
■ Exist in all mixed, interim and native functional level domains and forests.
■ Are available domainwide only in Windows 2000 native or Windows Server 2003 domain functional level domains. Domain local groups function as a local group on the domain controllers while the domain is in mixed functional level.
■ Can include members from any domain in the forest, from trusted domains in other forests, and from trusted down-level domains.
■ Have domainwide scope in Windows 2000 native and Windows Server 2003 domain functional level domains, and can be used to grant resource permission on any Windows Server 2003 computer within, but not beyond, the domain in which the group exists.
Global Groups
Global groups are used primarily to provide categorized membership in domain local groups for individual security principals or for direct permission assignment (particularly in the case of a mixed or interim domain functional level domain). Often, global groups are used to collect users or computers in the same domain and share the same job, role, or function. Global groups:
■ Exist in all mixed, interim, and native functional level domains and forests
■ Can only include members from within their domain
■ Can be made a member of machine local or domain local group
■ Can be granted permission in any domain (including trusted domains in other forests and pre–Windows 2003 domains)
■ Can contain other global groups (Windows 2000 native or Windows Server 2003 domain functional level only)
Universal Groups
Universal groups are used primarily to grant access to resources in all trusted domains, but universal groups can only be used as a security principal (security group type) in a Windows 2000 native or Windows Server 2003 domain functional level domain.
■ Universal groups can include members from any domain in the forest.
■ In Windows 2000 native or Windows Server 2003 domain functional level, universal groups can be granted permissions in any domain, including domains in other forests with which a trust exists.
Tip Universal groups can help you represent and consolidate groups that span domains, and perform common functions across the enterprise. A useful guideline is to designate widely used groups that seldom change as universal groups.