Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 281
  • Last Modified:

How to apply file access permission set on one account to other account ?

I got a problem. Every time there is new staff, I have to set file access permission on the file server for that new staff to be the same as existing user.

File access permission means what files/folders can this person access/edit on the file server.

So i want to know is there any way that i can create the new user account with file access permission to be the same as one existing user without the need for me to set that permission manually on each file and folder ?

Thanks,

0
mrpc_cambodia
Asked:
mrpc_cambodia
  • 2
1 Solution
 
Gareth GudgerCommented:
Well you can create a group instead and assign all those rights and permissions to the group.

Then when you get a new person, create a new user and make them a member of that group. They inherit all the permissions assigned to that group as long as they are in it.
0
 
mrpc_cambodiaAuthor Commented:
Is there any other alternatives ?

currently i am not using group. instead i assign the permission to individual account. and now there are quite many accounts.

so without using group, is there any other way to deal with my situation ?

Thanks,


0
 
Gareth GudgerCommented:
Not really as this was the intended use of the groups.
0
 
oBdACommented:
Redesign your permissions; you're not doing it correctly, which is why you have problems. About the only time you give permissions to a dedicated user is for the home directory. For any other permissions, there's the AGLP rule:
*A*ccounts go into *G*lobal groups. Global groups go into *L*ocal groups (on the server that hosts the share). *P*ermissions are assigned to the local groups.
On W2k AD running in native mode, you can use domain local groups instead of "real" local groups.
Always add the local Administrators group and the System account with Full Access to every resource where you change the permissions.
Try not to work with "Deny"s.
As for the group design, that's mostly up to you and your organisation structure. One common way is to create several local groups for a resource to reflect the necessary permissions.
Let's say you have two users, A from department C, B from department D. You have a shared folder "Documents" where users from department C needs change permissions, users from department D may only have read access.
You create two global groups in your domain: GDepC (*G*lobal group *Dep*artment *C*) and GDepD.
You make user A member of GDepC, user B member of GDepD.
You create two local groups on your file server: LACLDocs-C (*L*ocal group *ACL* *Doc*ument folder, *C*hange access) and LACLDocs-R.
You set the following NTFS permissions on the "Documents" folder: Local Administrators and System: Full Access; LACLDocs-C: Change; LACLDocs-R: Read access.
You make GDepA member of LACLDocs-C, and GDepB member of LACLDocs-R.

That's a one-time effort. When a new user joins department B, all you need to do is make him a member of GDepB to give him immediate access to all resources Department B needs. Invest some time into planning the group setup; it's worth it.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now