Solved

How to apply file access permission set on one account to other account ?

Posted on 2004-04-23
4
275 Views
Last Modified: 2013-12-04
I got a problem. Every time there is new staff, I have to set file access permission on the file server for that new staff to be the same as existing user.

File access permission means what files/folders can this person access/edit on the file server.

So i want to know is there any way that i can create the new user account with file access permission to be the same as one existing user without the need for me to set that permission manually on each file and folder ?

Thanks,

0
Comment
Question by:mrpc_cambodia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10899158
Well you can create a group instead and assign all those rights and permissions to the group.

Then when you get a new person, create a new user and make them a member of that group. They inherit all the permissions assigned to that group as long as they are in it.
0
 

Author Comment

by:mrpc_cambodia
ID: 10905590
Is there any other alternatives ?

currently i am not using group. instead i assign the permission to individual account. and now there are quite many accounts.

so without using group, is there any other way to deal with my situation ?

Thanks,


0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10907331
Not really as this was the intended use of the groups.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 50 total points
ID: 10913688
Redesign your permissions; you're not doing it correctly, which is why you have problems. About the only time you give permissions to a dedicated user is for the home directory. For any other permissions, there's the AGLP rule:
*A*ccounts go into *G*lobal groups. Global groups go into *L*ocal groups (on the server that hosts the share). *P*ermissions are assigned to the local groups.
On W2k AD running in native mode, you can use domain local groups instead of "real" local groups.
Always add the local Administrators group and the System account with Full Access to every resource where you change the permissions.
Try not to work with "Deny"s.
As for the group design, that's mostly up to you and your organisation structure. One common way is to create several local groups for a resource to reflect the necessary permissions.
Let's say you have two users, A from department C, B from department D. You have a shared folder "Documents" where users from department C needs change permissions, users from department D may only have read access.
You create two global groups in your domain: GDepC (*G*lobal group *Dep*artment *C*) and GDepD.
You make user A member of GDepC, user B member of GDepD.
You create two local groups on your file server: LACLDocs-C (*L*ocal group *ACL* *Doc*ument folder, *C*hange access) and LACLDocs-R.
You set the following NTFS permissions on the "Documents" folder: Local Administrators and System: Full Access; LACLDocs-C: Change; LACLDocs-R: Read access.
You make GDepA member of LACLDocs-C, and GDepB member of LACLDocs-R.

That's a one-time effort. When a new user joins department B, all you need to do is make him a member of GDepB to give him immediate access to all resources Department B needs. Invest some time into planning the group setup; it's worth it.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question