Situatie
You can easily provide groups of users with unwanted access if you do not use descriptive security group names. For example, the accounting department just purchased a SaaS based accounting program. It can sync with Active Directory for single sign-on and permissions. The administrator created an Accounting_1 and Accounting_2 group to manage access to the software. Accounting_1 is full access and Accounting_2 is limited. Both groups are generic and have no description or documentation.
The accounting department also needs a shared folder setup so they can share and collaborate on some files. The administrator thinks, oh I’ve already got accounting groups configured, and therefore proceeds to use Accounting_1. Users are added to Accounting_1 to provide access to the NTFS share, but unfortunately this now grants users full access to the SaaS accounting program.
Bad Security Group Names
The groups below are examples of bad security group names because there is no description and are generic, telling the administrator nothing. You would have to scan the entire network to know where these groups are being used.
Good Security Group Names
In the examples below you can look at the group name and instantly know what it is used for and there is information in the description box.
Do not create generic security group names, instead be descriptive in their use and use the description field.
Leave A Comment?