Quick NTFS share folder permission

  • Last Post 12 August 2017
manasrrp6 posted this 11 August 2017

Can any one help me , how can I quickly grant ntfs share folder permission to user, where there is no security group for a big size folder. It takes too much time for every change in the time of granting to any user in AD.
With Warm Regards,
Manas Dash.
AD & Exchange Admin
+91 9437615424
+91 7400342191
Skype : manasrrp6
Plant a Tree & Save the Earth.

Order By: Standard | Newest | Votes
kurtbuff posted this 12 August 2017

To elaborare a bit on whatas already been said, here's what I do:

Create a group in AD that reflects the name of the directory that is
being shared, and the permissions that will be granted to the group. I
use something like USFS-DirectoryName-RO or USFS-DirectoryName-RW,
where US is the country, FS is a File Server, DirectoryName is the
Directory, and RO for readonly and RW for ReadWrite.

I put the group in the same OU as the machine to which it applies -
actually in a sub-OU called FS-Permissions.

Populate the group with the required accounts/groups.

Grant the permissions to the group on the directory.

Then grant everyone full control at the share.(assuming that's the
only directory under the share - otherwise you might need to follow
through with updating permissions on other directories underneath that
share, if they need different permissions.)


kebabfest posted this 11 August 2017

It is ntfs security permissions and not share permissions you need to add.Honestly you really should use this opportunity to set it up properly. E.g. work out who needs specifically to which folders etc. and add group permissions accordingly. Always remembering to a minimum removing the rights to change ownership and add other users. It can be a frustrating process, but when you are done you will understand your business much better and can confidently know there is no unsecured locations. When I go into businesses and they add people directly into shares etc. As quick fixes etc. they fail security audits and information has a habit of being 'accidently' moved deleted etc. Also if you are propagating rights and it is taking too long and maybe you should split it into multiple shares with different rights access and again improving security.