1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Folder Permissions Help!

Discussion in 'General Microsoft Certifications' started by Methodman85, Feb 21, 2010.

  1. Methodman85

    Methodman85 Byte Poster

    Hey Guys,

    I was just wondering how some of you assign your NTFS permissions.
    Say you have a Marketing Department and a Marketing shared folder on a file server. Different people in the Marketing department require different permissions in the Marketing folder and sub folders, what would you do?

    Domain Local groups Marketing Read, Write, Modify, Full Assigned to the folder, then pop the appropiate users into each?

    Or go extremely granular, say a folder within the marketing folder has broken inheritance, would you create another set another set of Domain Local Read, Write, Modify etc for that folder and then assign the appropiate users? So pretty much a set of access groups for each folder with broken inheritance.

    Or would you create a marketing global group with all marketing employees in it, assign it to the Domain Local resource group Marketing write for instance, and then add users explicitly after that, like add the Marketing Manager to the Domain Local marketing Modify group.

    Thanks Everyone, I value your opinions!
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  2. craigie

    craigie Terabyte Poster

    In large organisations, the best way to think about this, is to make your life as easy as possible.

    Start with an Excel Spreadsheet with all your high level shares, then your sub folders which are blocking inheritance as they will have different permissions. Also think about naming conventions as you will probably have folders called Marketing & Sales in different locations so you might want to prefix shares with sites e.g. NY - Marketing Report 2008.

    Then create Security Groups based around the Shared Folder names rather than the Group they belong to.


    Shared Folded 'NY - Marketing Report 2008'

    Create the following Security Groups (if needed) and assign permissions.

    NY - Marketing Report 2008 - Read Only
    NY - Marketing Report 2008 - Modify

    Then add the users to these groups.
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. Methodman85

    Methodman85 Byte Poster

    So then what about each "NY - Marketing 2008" subfolder that requires broken inheritance, create another set of access groups for that folder?
    For instance if "Brochures" Was a sub folder, what would the naming convention be like? Just call it NY - Brochures Read, Write, etc.

    Also where would you recommend storing these groups in AD, perhaps within the Marketing Departments OU > Groups OU > File Share OU

    Thanks craigie!
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680

Share This Page