How to remember Windows 2003 Server Groups
To remember everything you need to know about Windows 2003 Server groups, you only need to remember two things:
- Groups are named after the location that permissions are assigned. Domain Local groups can assign permissions to objects in the local domain. Global groups can assign permissions to objects in all domains. The membership is the opposite. Universal groups can have members from any domain and can be used to assign permissions to objects in any domain, but Universal groups have a high WAN or GC requirement.
- AGUDLP:
Accounts are placed in
Global Groups, which are placed in
Universal Groups, which placed in (Optional)
Domain Local groups and
Permissions are assigned to the Domain Local group
An easy way to remember the AGUDLP acronym is: A Good User DownLoads Patches