none
Differenze tra i distribution group RRS feed

  • Domanda

  • Ciao a tutti.

    Mera didattica...ho ancora qualche dubbio sulla differenza tra:

    • Mail Universal Distribution Group
    • Mail Universal Security Group

    Da quello che ho letto il primo dovrebbe essere utilizzato solo per distribuire i messaggi, l'altro anche per gestire le autorizzazioni in AD. Solo che a livello pratico non ho capito cosa cambia... cioè, in che caso scelgo un gruppo piuttosto che un'altro?

    Grazie 1000.

    giovedì 16 febbraio 2012 09:40

Risposte

  • http://technet.microsoft.com/en-us/library/cc781446.aspx

    Distributions groups

    Distribution groups can be used only with e-mail applications (such as Exchange) to send e-mail to collections of users. Distribution groups are not security-enabled, which means that they cannot be listed in discretionary access control lists (DACLs). If you need a group for controlling access to shared resources, create a security group.

    Security groups

    Used with care, security groups provide an efficient way to assign access to resources on your network. Using security groups, you can:

    • Assign user rights to security groups in Active Directory

      User rights are assigned to security groups to determine what members of that group can do within the scope of a domain (or forest). User rights are automatically assigned to some security groups at the time Active Directory is installed to help administrators define a person's administrative role in the domain. For example, a user who is added to the Backup Operators group in Active Directory has the ability to backup and restore files and directories located on each domain controller in the domain.

      This is possible because by default, the user rights Back up files and directories and Restore files and directories are automatically assigned to the Backup Operators group. Therefore, members of this group inherit the user rights assigned to that group. For more information about user rights, see User rights. For more information about the user rights assigned to security groups, see Default groups.

      You can assign user rights to security groups, using Group Policy, to help delegate specific tasks. You should always use discretion when assigning delegated tasks because an untrained user assigned too many rights on a security group can potentially cause significant harm to your network. For more information, see Delegating administration. For more information about assigning user rights to groups, see Assign user rights to a group in Active Directory.

    • Assign permissions to security groups on resources

      Permissions should not be confused with user rights. Permissions are assigned to the security group on the shared resource. Permissions determine who can access the resource and the level of access, such as Full Control. Some permissions set on domain objects are automatically assigned to allow various levels of access to default security groups such as the Account Operators group or the Domain Admins group. For more information about permissions, see Access control in Active Directory.

      Security groups are listed in DACLs that define permissions on resources and objects. When assigning permissions for resources (file shares, printers, and so on), administrators should assign those permissions to a security group rather than to individual users. The permissions are assigned once to the group, instead of several times to each individual user. Each account added to a group receives the rights assigned to that group in Active Directory and the permissions defined for that group at the resource.


    Peppacci - MVP - Microsoft Exchange Server Microsoft MCP - MCTS - MCITP http://blogs.sysadmin.it/peppacci/Default.aspx

    • Contrassegnato come risposta _Luca giovedì 16 febbraio 2012 10:12
    giovedì 16 febbraio 2012 10:06
    Moderatore

Tutte le risposte

  • http://technet.microsoft.com/en-us/library/cc781446.aspx

    Distributions groups

    Distribution groups can be used only with e-mail applications (such as Exchange) to send e-mail to collections of users. Distribution groups are not security-enabled, which means that they cannot be listed in discretionary access control lists (DACLs). If you need a group for controlling access to shared resources, create a security group.

    Security groups

    Used with care, security groups provide an efficient way to assign access to resources on your network. Using security groups, you can:

    • Assign user rights to security groups in Active Directory

      User rights are assigned to security groups to determine what members of that group can do within the scope of a domain (or forest). User rights are automatically assigned to some security groups at the time Active Directory is installed to help administrators define a person's administrative role in the domain. For example, a user who is added to the Backup Operators group in Active Directory has the ability to backup and restore files and directories located on each domain controller in the domain.

      This is possible because by default, the user rights Back up files and directories and Restore files and directories are automatically assigned to the Backup Operators group. Therefore, members of this group inherit the user rights assigned to that group. For more information about user rights, see User rights. For more information about the user rights assigned to security groups, see Default groups.

      You can assign user rights to security groups, using Group Policy, to help delegate specific tasks. You should always use discretion when assigning delegated tasks because an untrained user assigned too many rights on a security group can potentially cause significant harm to your network. For more information, see Delegating administration. For more information about assigning user rights to groups, see Assign user rights to a group in Active Directory.

    • Assign permissions to security groups on resources

      Permissions should not be confused with user rights. Permissions are assigned to the security group on the shared resource. Permissions determine who can access the resource and the level of access, such as Full Control. Some permissions set on domain objects are automatically assigned to allow various levels of access to default security groups such as the Account Operators group or the Domain Admins group. For more information about permissions, see Access control in Active Directory.

      Security groups are listed in DACLs that define permissions on resources and objects. When assigning permissions for resources (file shares, printers, and so on), administrators should assign those permissions to a security group rather than to individual users. The permissions are assigned once to the group, instead of several times to each individual user. Each account added to a group receives the rights assigned to that group in Active Directory and the permissions defined for that group at the resource.


    Peppacci - MVP - Microsoft Exchange Server Microsoft MCP - MCTS - MCITP http://blogs.sysadmin.it/peppacci/Default.aspx

    • Contrassegnato come risposta _Luca giovedì 16 febbraio 2012 10:12
    giovedì 16 febbraio 2012 10:06
    Moderatore
  • Perfetto... grazie.
    giovedì 16 febbraio 2012 10:12