Solved

Windows 2003 single domain- Best practice user grouping for folder access

Posted on 2009-07-01
2
359 Views
Last Modified: 2012-05-07
I'm trying to get an easy and clean idea how to group users for folder access permission in Windows 2003 mixed mode single domain.

For example,
F:\(Data)
|-Accounting
       |-Client Billing Info
           |-Reports
           |-Client Scores
       |-Promotion
           |-Client Billing Info
|-Reservation
|-Management      

Let's say under Accounting folder, I want to give different access permissions for different sub folders.
I have;

UserA
UserB
UserC
UserD

I want to give UserA and UserB modify permission to Client Scores folder and Reports
I want to give UserC read permission to Client Report only
I want to give all read permission to Reservation
I want to deny all to Management.


0
Comment
Question by:crcsupport
  • 2
2 Comments
 
LVL 1

Author Comment

by:crcsupport
ID: 24755720
I can't add Global group to Global group or Local to Local, but only Global to Local, which makes difficult to group users in inheritance for access permissions.
I don't know it's because the functional level of the domain is windows 2000 mixed mode. I can raise the domain to native mode, but wonder how other big companies do user groupings with large mixed mode....
0
 
LVL 1

Accepted Solution

by:
crcsupport earned 0 total points
ID: 24757744

In Windows 2000 mixed mode, Global to Global is not allowed. Domain needs to be raised to Windows 2000 native or Windows 2003 native mode.

Windows 2000 mixed mode: AGDLP (Account to Global to Local to Permission)
Windows 2000/2003 native: AGGUUDLP(Account to Global, Global to Universal, Global/Universal to Local, Local to permission)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now