Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to apply file access permission set on one account to other account ?

Posted on 2004-04-23
4
Medium Priority
?
276 Views
Last Modified: 2013-12-04
I got a problem. Every time there is new staff, I have to set file access permission on the file server for that new staff to be the same as existing user.

File access permission means what files/folders can this person access/edit on the file server.

So i want to know is there any way that i can create the new user account with file access permission to be the same as one existing user without the need for me to set that permission manually on each file and folder ?

Thanks,

0
Comment
Question by:mrpc_cambodia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10899158
Well you can create a group instead and assign all those rights and permissions to the group.

Then when you get a new person, create a new user and make them a member of that group. They inherit all the permissions assigned to that group as long as they are in it.
0
 

Author Comment

by:mrpc_cambodia
ID: 10905590
Is there any other alternatives ?

currently i am not using group. instead i assign the permission to individual account. and now there are quite many accounts.

so without using group, is there any other way to deal with my situation ?

Thanks,


0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10907331
Not really as this was the intended use of the groups.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 150 total points
ID: 10913688
Redesign your permissions; you're not doing it correctly, which is why you have problems. About the only time you give permissions to a dedicated user is for the home directory. For any other permissions, there's the AGLP rule:
*A*ccounts go into *G*lobal groups. Global groups go into *L*ocal groups (on the server that hosts the share). *P*ermissions are assigned to the local groups.
On W2k AD running in native mode, you can use domain local groups instead of "real" local groups.
Always add the local Administrators group and the System account with Full Access to every resource where you change the permissions.
Try not to work with "Deny"s.
As for the group design, that's mostly up to you and your organisation structure. One common way is to create several local groups for a resource to reflect the necessary permissions.
Let's say you have two users, A from department C, B from department D. You have a shared folder "Documents" where users from department C needs change permissions, users from department D may only have read access.
You create two global groups in your domain: GDepC (*G*lobal group *Dep*artment *C*) and GDepD.
You make user A member of GDepC, user B member of GDepD.
You create two local groups on your file server: LACLDocs-C (*L*ocal group *ACL* *Doc*ument folder, *C*hange access) and LACLDocs-R.
You set the following NTFS permissions on the "Documents" folder: Local Administrators and System: Full Access; LACLDocs-C: Change; LACLDocs-R: Read access.
You make GDepA member of LACLDocs-C, and GDepB member of LACLDocs-R.

That's a one-time effort. When a new user joins department B, all you need to do is make him a member of GDepB to give him immediate access to all resources Department B needs. Invest some time into planning the group setup; it's worth it.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question