Improve company productivity with a Business Account.Sign Up

x
?
Solved

How to apply file access permission set on one account to other account ?

Posted on 2004-04-23
4
Medium Priority
?
286 Views
Last Modified: 2013-12-04
I got a problem. Every time there is new staff, I have to set file access permission on the file server for that new staff to be the same as existing user.

File access permission means what files/folders can this person access/edit on the file server.

So i want to know is there any way that i can create the new user account with file access permission to be the same as one existing user without the need for me to set that permission manually on each file and folder ?

Thanks,

0
Comment
Question by:mrpc_cambodia
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10899158
Well you can create a group instead and assign all those rights and permissions to the group.

Then when you get a new person, create a new user and make them a member of that group. They inherit all the permissions assigned to that group as long as they are in it.
0
 

Author Comment

by:mrpc_cambodia
ID: 10905590
Is there any other alternatives ?

currently i am not using group. instead i assign the permission to individual account. and now there are quite many accounts.

so without using group, is there any other way to deal with my situation ?

Thanks,


0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10907331
Not really as this was the intended use of the groups.
0
 
LVL 86

Accepted Solution

by:
oBdA earned 150 total points
ID: 10913688
Redesign your permissions; you're not doing it correctly, which is why you have problems. About the only time you give permissions to a dedicated user is for the home directory. For any other permissions, there's the AGLP rule:
*A*ccounts go into *G*lobal groups. Global groups go into *L*ocal groups (on the server that hosts the share). *P*ermissions are assigned to the local groups.
On W2k AD running in native mode, you can use domain local groups instead of "real" local groups.
Always add the local Administrators group and the System account with Full Access to every resource where you change the permissions.
Try not to work with "Deny"s.
As for the group design, that's mostly up to you and your organisation structure. One common way is to create several local groups for a resource to reflect the necessary permissions.
Let's say you have two users, A from department C, B from department D. You have a shared folder "Documents" where users from department C needs change permissions, users from department D may only have read access.
You create two global groups in your domain: GDepC (*G*lobal group *Dep*artment *C*) and GDepD.
You make user A member of GDepC, user B member of GDepD.
You create two local groups on your file server: LACLDocs-C (*L*ocal group *ACL* *Doc*ument folder, *C*hange access) and LACLDocs-R.
You set the following NTFS permissions on the "Documents" folder: Local Administrators and System: Full Access; LACLDocs-C: Change; LACLDocs-R: Read access.
You make GDepA member of LACLDocs-C, and GDepB member of LACLDocs-R.

That's a one-time effort. When a new user joins department B, all you need to do is make him a member of GDepB to give him immediate access to all resources Department B needs. Invest some time into planning the group setup; it's worth it.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question