AGLP is a mnemonic to help windows network administrators remember that (A)ccounts are organized by placing them in (G)lobal groups… Continue reading to see the full explanation.

What is AGLP?

AGLP is the mantra for administering a Microsoft Windows NT enterprise-level network: user A ccounts are organized by placing them in G lobal groups, which are then placed into L ocal groups that have appropriate P ermissions and rights assigned to them.

How it works

In practice, these are the steps for administering a Windows NT enterprise-level network:

  1. Create global user accounts for users in the account domains or master domains.
  2. Create global groups in these domains to organize users according to function, location, or some other criteria (or use the Windows NT built-in groups if these suffice).
  3. Assign global users to their respective global groups.
  4. Determine who needs access to network resources in the resource domains.
  5. Create local groups on domain controllers and member servers within the resource domains (or use the Windows NT built-in groups if these suffice).
  6. Assign rights and permissions to each local group as desired to provide access to network resources.
  7. Finally place global groups into local groups as desired to provide users with permissions to access resources.


On Windows 2000-based networks, the mantra is AGDLP since local (L) groups are referred to as domain local (DL) groups.


Articles posted after being checked by editors.

Recent Content

link to Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure, also known as PKI, is a set of services that support the use of public-key cryptography in a corporate or public setting. A public key infrastructure (PKI) enables key pairs to be generated, securely stored, and securely transmitted to users so that users can send encrypted transmissions and digital signatures over distrusted public networks such as the Internet.
link to Digital Signature

Digital Signature

Digital Signature is an electronic signature that you can use to sign a document being transmitted by electronic means such as e-mail. Digital signatures validate the identity of the sender and ensure that the document they are attached to has not been altered by unauthorized parties during the transmission.