Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to apply file access permission set on one account to other account ?

Posted on 2004-04-23
4
Medium Priority
?
278 Views
Last Modified: 2013-12-04
I got a problem. Every time there is new staff, I have to set file access permission on the file server for that new staff to be the same as existing user.

File access permission means what files/folders can this person access/edit on the file server.

So i want to know is there any way that i can create the new user account with file access permission to be the same as one existing user without the need for me to set that permission manually on each file and folder ?

Thanks,

0
Comment
Question by:mrpc_cambodia
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10899158
Well you can create a group instead and assign all those rights and permissions to the group.

Then when you get a new person, create a new user and make them a member of that group. They inherit all the permissions assigned to that group as long as they are in it.
0
 

Author Comment

by:mrpc_cambodia
ID: 10905590
Is there any other alternatives ?

currently i am not using group. instead i assign the permission to individual account. and now there are quite many accounts.

so without using group, is there any other way to deal with my situation ?

Thanks,


0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10907331
Not really as this was the intended use of the groups.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 150 total points
ID: 10913688
Redesign your permissions; you're not doing it correctly, which is why you have problems. About the only time you give permissions to a dedicated user is for the home directory. For any other permissions, there's the AGLP rule:
*A*ccounts go into *G*lobal groups. Global groups go into *L*ocal groups (on the server that hosts the share). *P*ermissions are assigned to the local groups.
On W2k AD running in native mode, you can use domain local groups instead of "real" local groups.
Always add the local Administrators group and the System account with Full Access to every resource where you change the permissions.
Try not to work with "Deny"s.
As for the group design, that's mostly up to you and your organisation structure. One common way is to create several local groups for a resource to reflect the necessary permissions.
Let's say you have two users, A from department C, B from department D. You have a shared folder "Documents" where users from department C needs change permissions, users from department D may only have read access.
You create two global groups in your domain: GDepC (*G*lobal group *Dep*artment *C*) and GDepD.
You make user A member of GDepC, user B member of GDepD.
You create two local groups on your file server: LACLDocs-C (*L*ocal group *ACL* *Doc*ument folder, *C*hange access) and LACLDocs-R.
You set the following NTFS permissions on the "Documents" folder: Local Administrators and System: Full Access; LACLDocs-C: Change; LACLDocs-R: Read access.
You make GDepA member of LACLDocs-C, and GDepB member of LACLDocs-R.

That's a one-time effort. When a new user joins department B, all you need to do is make him a member of GDepB to give him immediate access to all resources Department B needs. Invest some time into planning the group setup; it's worth it.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question