ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Active Directory Objects

AD Group object properties – Security tab

The security tab of the group properties window is of high importance because it allows you to configure access permissions on the group object.

AD Group object properties Security tab

The security tab allows you to grant or deny permissions to other groups and users over the group object.

  • In the “group or user names” section you can choose the group or the user to whom you would like to deny or allow permission.
  • You can use the check boxes available in the “permissions” section to configure (allow or deny) the permissions the other users and groups will have over the group object.

Advanced button (security tab)

Clicking on the advanced tab opens another window with the following tabs

  • Permissions – using this tab you can view the other permissions that were assigned to the group by inheritance and also permissions that are allowed or denied to be inherited by child objects. This tab also allows you add permissions or edit existing permissions.
  • Auditing – using this tab you can view and configure the types of object accesses to be audited(or in other words for what types of accesses a log has to be maintained)
  • Owner – using this tab you can view and configure ownership rights over the group object
  • Effective permissions – This tab displays a list of permissions, each permission has a check box to its left indicating whether it’s effective or not.

Inheritance

All the members of a group inherit the permissions assigned to a group; the same applies to nested groups. Note: If permission conflicts occur due to user’s membership in multiple groups, deny permissions always take precedence over allow permissions.

Related posts
Active Directory Objects

Active Directory User properties – General tab

Active Directory Objects

Active Directory (AD) Computer Object

Active Directory Objects

Active Directory Computer Objects Tabs

Active Directory Objects

Active Directory Computer Object Management

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.