NTFS permissions in windows server 2012

how to enable permissions in following way:
Main folder name: Thecompany ............ everybody should have access
subfolders as depts like : Finance--------------everybody should have access for listing
HR --------------------everybody should have access for listing
IT---------------------everybody should have access for listing
and inside subfolders there are some other subfolders example in Finance dept folder

Finance
aaaa -----------this folder should have access for everybody including fullcontrol
bbbb------------only finance people have access on this folder including fullcontrol
and so on....

how can i achieve this.



don't give anyone full control since they can change the permissions to allow other members
thecompany - domain users read/write/modify
thecompanyfinance domain users/read/write/modify
thecompanyfinancepublic domain users/read/
tjhecompanyfinanceprivate members of the finance group read/write/modify
members of the executive group read
thecompanyit-departmentpublic domain users read/write/modify
thecompanyit-departmentprivate it-staff group read/write/modify

and so forth don't forget to disable inheritance at the more secure levels



don't give anyone full control since they can change the permissions to allow other members
thecompany - domain users read/write/modify
thecompanyfinance domain users/read/write/modify
thecompanyfinancepublic domain users/read/
tjhecompanyfinanceprivate members of the finance group read/write/modify
members of the executive group read
thecompanyit-departmentpublic domain users read/write/modify
thecompanyit-departmentprivate it-staff group read/write/modify

and so forth don't forget to disable inheritance at the more secure levels



...and remember: it's not only NTFS permissions, what this is about, but also share permissions. At the share level, use everyone:modify and nothing else.



If it must be that way, it must be that way, but I strongly encourage you to reconsider the layout. In general, a SHARE should have all the same permissions - it's MUCH, MUCH easier to manage that way.

Don't create a single share called "thecompany". Create several shares - IT-Department, HR, Finance, etc. If you need some things to be public, fine, but not the whole thing - the public stuff, share in "Common" or something. In my experience, it's much easier to handle things like permissions resets when you can simply right click a folder and apply rather than worry how all the sub folders might have changed.



Right. And to "re-collect" the shares, one should use DFS.



Share this

Related Posts

There was an error in this gadget