Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD and OU design for folder/file permission strategy

Status
Not open for further replies.
UnknownEntity

UnknownEntity

Technical User
Jun 15, 2006
75
GB
Hi. This maybe simple, but cant see it, heres problem

I need to setup various levels of access to Folders or Files that will exist on a new domain to be used by various members of department.

Im trying to see if there is a way to create a set of groups for example Level 1 that has specific abilties set by a pre-defined criteria. EG Level 1 has write and read Level 8 has Modify ETC.

By doing so, I can assign the appropriate Levels of access to those nominated groups or users within my AD design and build GPOs around it. Is there a way this can be done. ?????
I am struggling:(

THX.

Drakul.
 
Sort by date Sort by votes
Yes. You create a group. Then on the specific folders or files, you assign that group the permissions you want them to have (read-only). Then you create another group, and set the security that you want for that group (read, modify, etc).

There is no such thing as a security group that globally allows access to everything outside of the Domain Administrators group. You will need to set permissions on each share/folder individually.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCTS:Hyper-V
MCTS:System Center Virtual Machine Manager
MCSE:Security 2003
MCITP:Enterprise Administrator
 
Upvote 0 Downvote
To double check this >

In ADUC, I have a 2 users SaleUser1 and SaleUser2 with no specific rights assigned. I would make them members of SalesGroup(Global group). Then create a Domain Locals group for SalesGroup called SalesGroupDomainLocal. I would assign the Read Only permissions for this domain local group on the files or folders.

I would then create a Level5SecurityDomainLocalGroup, set security in ADUC and make SalesGroupDomainLocal a member of this group. And in the Folder/File where share Read permissions are assigned from SalesGroupDomainLocal, I also add Level5SecurityDomainLocalGroup with security settings that propagate from pre-defined settings I set in ADUC.

So the least restrictive permissions will apply. Is this correct?

Thx.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
604
suncit
suncit
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
470
gbaughma
gbaughma
sburgess73
  • Locked
  • Question
MSIPCCache Folder
Replies
0
Views
144
sburgess73
sburgess73
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
248
DrB0b
DrB0b
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
403
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top