|
|
#1
21-Feb-2010, 02:58 AM
|
|||||
|
|||||
|
Folder Permissions Help!
I was just wondering how some of you assign your NTFS permissions. Say you have a Marketing Department and a Marketing shared folder on a file server. Different people in the Marketing department require different permissions in the Marketing folder and sub folders, what would you do? Domain Local groups Marketing Read, Write, Modify, Full Assigned to the folder, then pop the appropiate users into each? Or go extremely granular, say a folder within the marketing folder has broken inheritance, would you create another set another set of Domain Local Read, Write, Modify etc for that folder and then assign the appropiate users? So pretty much a set of access groups for each folder with broken inheritance. Or would you create a marketing global group with all marketing employees in it, assign it to the Domain Local resource group Marketing write for instance, and then add users explicitly after that, like add the Marketing Manager to the Domain Local marketing Modify group. Thanks Everyone, I value your opinions!
|
|
#2
21-Feb-2010, 09:15 AM
|
|||||
|
|||||
|
In large organisations, the best way to think about this, is to make your life as easy as possible.
Start with an Excel Spreadsheet with all your high level shares, then your sub folders which are blocking inheritance as they will have different permissions. Also think about naming conventions as you will probably have folders called Marketing & Sales in different locations so you might want to prefix shares with sites e.g. NY - Marketing Report 2008. Then create Security Groups based around the Shared Folder names rather than the Group they belong to. e.g. Shared Folded 'NY - Marketing Report 2008' Create the following Security Groups (if needed) and assign permissions. NY - Marketing Report 2008 - Read Only NY - Marketing Report 2008 - Modify Then add the users to these groups.  CCA | CCENT | CCNA | ITILv3 | MCP | MCDST | MCTS:Vista | MCTS:Exch '07 | MCSA | MCSA:M | MCSE 1Y0-A05 | 640-816 | 640-822 | 70-236 | 70-271 | 70-272 | 70-284 | 70-290 | 70-291 | 70-293 | 70-294 | 70-297 | 70-620 | 70-647 | 71-685 70-236 Feb '10 Passed 12th Feb '10 70-647 May '10 Passed 20th May '10 70-649 Jul '10
|
|
#3
21-Feb-2010, 06:24 PM
|
|||||
|
|||||
|
So then what about each "NY - Marketing 2008" subfolder that requires broken inheritance, create another set of access groups for that folder?
For instance if "Brochures" Was a sub folder, what would the naming convention be like? Just call it NY - Brochures Read, Write, etc. Also where would you recommend storing these groups in AD, perhaps within the Marketing Departments OU > Groups OU > File Share OU ? Thanks craigie!
|
 |
|
||||||
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Explantation of Permissions in detail | becks4eva | MCDST | 1 | 17-Jan-2010 02:57 PM |
| Exchange and Folder Assistant | Leehaa | Software | 4 | 01-Oct-2008 07:58 PM |
| ntfs folder permissions are bum | derkit | MCDST | 31 | 30-Sep-2007 02:09 PM |
| Shared folder permissions | kat731 | Networking | 6 | 02-Aug-2007 01:07 PM |
| 2 Quick Q's RE: NTFS Change Permission & Shared folder perms. | mjtibbs | General | 3 | 05-Oct-2006 01:07 PM |
Linear Mode
