AGLP is a mnemonic to help windows network administrators remember that (A)ccounts are organized by placing them in (G)lobal groups… Continue reading to see the full explanation.

What is AGLP?

AGLP is the mantra for administering a Microsoft Windows NT enterprise-level network: user A ccounts are organized by placing them in G lobal groups, which are then placed into L ocal groups that have appropriate P ermissions and rights assigned to them.

How it works

In practice, these are the steps for administering a Windows NT enterprise-level network:

1. Create global user accounts for users in the account domains or master domains.
2. Create global groups in these domains to organize users according to function, location, or some other criteria (or use the Windows NT built-in groups if these suffice).
3. Assign global users to their respective global groups.
4. Determine who needs access to network resources in the resource domains.
5. Create local groups on domain controllers and member servers within the resource domains (or use the Windows NT built-in groups if these suffice).
6. Assign rights and permissions to each local group as desired to provide access to network resources.
7. Finally place global groups into local groups as desired to provide users with permissions to access resources.

On Windows 2000-based networks, the mantra is AGDLP since local (L) groups are referred to as domain local (DL) groups.