Security Group Vs Distribution Group

Security Group Vs Distribution Group

Post by ZZZZ » Thu, 30 May 2002 10:36:46



This is regarding Exchange 2000. I'm sorry if this is not right site.

What is the exact difference between Security Group and Distribution Group.
What implications does it have in connection to Exchange 2000 ? Is this
design phase very critical ?

I came across one situation:

I have Engineering group. We initially created this is Global Security
Group. It has members on it. And it has e-mail address too.

So, when people send the mail it goes to all its members.

( I don't know , we should have done this as distribution group.  ???)

Now I have one guy who needs to be in this security group but he should not
be in this e-mail distribution.

The reason being simple, he needs to access some of the folders in file
server and some other reasons he needs to be in this group. But, when
management sends out e-mail to this engineering group, he should not get
that e-mail. He will have Exchange 2000 e-mail address thou....

Is two group with same name is required - like "Engineering" - security
group and "Engineering" Distribution group ? OR is this still lagging
technical refinements in Exchange 2000 ? I mean is there some sort of this
stuffs coming in Exchange 4000 ? Where you can simply exclude him as per
distribution of e-mail goes ?

How to handle this situation ?

 
 
 

Security Group Vs Distribution Group

Post by Ron Stewar » Fri, 31 May 2002 01:21:40


Security groups can be assigned permissions to network resources,
Distribution groups cannot. Both group types can be mail-enabled and
function as distribution lists in Exchange 2000.

In your situation, here's what I'd recommend. Use two groups; you'll need to
be in native mode for this to work, BTW, because you'll either need to use
group nesting or Universal groups. One group contains everyone EXCEPT the
guy who should NOT receive e-mails to the group (let's call him Joe, just to
be concise). Mail-enable this group; it should be a Global Security (NOT
Distribution--it needs permissions, albeit indirectly) group. You may want
to use the group you currently have set up for this (just remove Joe from
it).

Create another group. DO NOT mail-enable it; it should be either a Global
(if you have a single-domain forest) or Universal (multiple-domain forest)
Security group. Add Joe to it, and the other group (the mail-enabled one).
Grant permissions to this group by adding to the appropriate Domain Local
Groups.

--
Ron Stewart
B.Ed., MCSE+I, MCT
Senior Instructor/Consultant
triOS Training Centres
Mississauga, Ontario, Canada
(905) 542-7678
--


Quote:> This is regarding Exchange 2000. I'm sorry if this is not right site.

> What is the exact difference between Security Group and Distribution
Group.
> What implications does it have in connection to Exchange 2000 ? Is this
> design phase very critical ?

> I came across one situation:

> I have Engineering group. We initially created this is Global Security
> Group. It has members on it. And it has e-mail address too.

> So, when people send the mail it goes to all its members.

> ( I don't know , we should have done this as distribution group.  ???)

> Now I have one guy who needs to be in this security group but he should
not
> be in this e-mail distribution.

> The reason being simple, he needs to access some of the folders in file
> server and some other reasons he needs to be in this group. But, when
> management sends out e-mail to this engineering group, he should not get
> that e-mail. He will have Exchange 2000 e-mail address thou....

> Is two group with same name is required - like "Engineering" - security
> group and "Engineering" Distribution group ? OR is this still lagging
> technical refinements in Exchange 2000 ? I mean is there some sort of this
> stuffs coming in Exchange 4000 ? Where you can simply exclude him as per
> distribution of e-mail goes ?

> How to handle this situation ?


 
 
 

Security Group Vs Distribution Group

Post by Ron Stewar » Fri, 31 May 2002 01:34:38


Whoops, should have mentioned--if you're in a multiple-domain environment,
the first group--the distribution group--should also be a Universal Security
group.

--
Ron Stewart
B.Ed., MCSE+I, MCT
Senior Instructor/Consultant
triOS Training Centres
Mississauga, Ontario, Canada
(905) 542-7678
--


> Security groups can be assigned permissions to network resources,
> Distribution groups cannot. Both group types can be mail-enabled and
> function as distribution lists in Exchange 2000.

> In your situation, here's what I'd recommend. Use two groups; you'll need
to
> be in native mode for this to work, BTW, because you'll either need to use
> group nesting or Universal groups. One group contains everyone EXCEPT the
> guy who should NOT receive e-mails to the group (let's call him Joe, just
to
> be concise). Mail-enable this group; it should be a Global Security (NOT
> Distribution--it needs permissions, albeit indirectly) group. You may want
> to use the group you currently have set up for this (just remove Joe from
> it).

> Create another group. DO NOT mail-enable it; it should be either a Global
> (if you have a single-domain forest) or Universal (multiple-domain forest)
> Security group. Add Joe to it, and the other group (the mail-enabled one).
> Grant permissions to this group by adding to the appropriate Domain Local
> Groups.

> --
> Ron Stewart
> B.Ed., MCSE+I, MCT
> Senior Instructor/Consultant
> triOS Training Centres
> Mississauga, Ontario, Canada
> (905) 542-7678
> --



> > This is regarding Exchange 2000. I'm sorry if this is not right site.

> > What is the exact difference between Security Group and Distribution
> Group.
> > What implications does it have in connection to Exchange 2000 ? Is this
> > design phase very critical ?

> > I came across one situation:

> > I have Engineering group. We initially created this is Global Security
> > Group. It has members on it. And it has e-mail address too.

> > So, when people send the mail it goes to all its members.

> > ( I don't know , we should have done this as distribution group.  ???)

> > Now I have one guy who needs to be in this security group but he should
> not
> > be in this e-mail distribution.

> > The reason being simple, he needs to access some of the folders in file
> > server and some other reasons he needs to be in this group. But, when
> > management sends out e-mail to this engineering group, he should not get
> > that e-mail. He will have Exchange 2000 e-mail address thou....

> > Is two group with same name is required - like "Engineering" - security
> > group and "Engineering" Distribution group ? OR is this still lagging
> > technical refinements in Exchange 2000 ? I mean is there some sort of
this
> > stuffs coming in Exchange 4000 ? Where you can simply exclude him as per
> > distribution of e-mail goes ?

> > How to handle this situation ?