Adam's AD Admin

AGDLP It seems I have been mildly distracted away from the title of this blog site.   It does say AD Admin, but I seem to have been taken away by file system stuff.   I have to say, it has all been worthwhile, but it’s probably time I got back to the real heart of what I do. There are probably a million permission assigning advice pages, but I thought I would put another one out there after referring to AGDLP in my last post. So, what is this all about – AGDLP.   Well, it is something I learned in my MCSE 2003 studies and has become ingrained into my ideals since.   As a contractor, I get to move job often.   This enables me to forge opinions on how to configure things in a domain, and more importantly how NOT to configure things. AGDLP is definitely on the to do list…for anyone in any size domain or forest, as it follows some very basic principals.   I will explain these whilst I go through what AGDPL stands for. A A is for account.   It is the securit

get-NTFSExplicitPermissions As one of favourite time saving functions of late, I thought I'd continue my recent trend of blogging again by giving a bit of insight to it's background. One of the parts to my day job is looking after file servers.  I don't do day to day admin work on them, more look at managing space and migrating data to new servers / volumes if required. Now the problem with doing the data migrations and not being involved in the day to day admin work (ie assigning permissions creating shares etc) is that I have no control over how and where the permissions are assigned.  I learnt how to assign permissions to file systems years ago in Novell environments, which was soon followed with the MCSE taught A-G-D-L-P model. (AGDLP? now that sound like a reasonable blog post for an AD Admin blog site!) Anyway, I have since found that these early teaching on permission models are not implemented as thoroughly as I would like, where ever I seem to work