Overview of Designing a Resource Authorization Strategy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

How you choose to give and manage appropriate access to individual users and groups of users is the key to your resource authorization strategy. Logging on does not automatically give users access to the resources they require. Users must be authorized to access specific resources, but only at the level of access they need. Moreover, many users have identical needs for access to a network resource. For example, all users in the accounting department might need access to a specific color printer, so you can easily manage access by putting every member of the accounting department into a security group that is authorized to access that printer.

Because security groups are so critical to efficiently controlling access, they form the main component of your authorization strategy. Consequently, you need to know what security group types are available and how they should be used. Before you design a resource authorization strategy, you also need to be familiar with trust relationships, domain and forest functional levels, and basic security principles. By applying this information appropriately for your organization, you can design a resource authorization strategy that is scalable, easy to maintain, and cost-effective.