Windows Server Permissions - Group vs. Individual
Posted on 2014-01-29
I am having a real problem with going to a totally group based permission structure. All folder permissions had been assigned to individuals only. I started replacing them by putting the relevant users into groups - but I am finding that I am going to have more groups than users in order to give everyone the permissions they need.
We only have 35 users, but it seems that I will end up with 70 groups. It almost seems it is going to be much harder to assign group permissions than just adding the individuals where I can instantly see their permissions than having to remember everyone in each group. But, i see and have benefited with the group structure by just adding a person to a group and they then have permissions to multiple folders instantly. But, then again I am constantly getting hit where someone needs permission to a folder, but they don't need to belong to the assigned group, so I sometimes have to make a new group up for a single individual or maybe just two users.
I have it set where the domain\administrator is the owner of all folders and no one gets full control, but we have so many subfolders that it is hard to have one set of top folder level groups/permissions that carry through to all subfolders.
Is there any documentation on how to effectively restructure a sprawling file system structure?
Another problem I have is with assigning Read and Write access, but not modify in that the newly created folders can't be renamed. You can create a folder, but not change its name from New Folder. And, if you add a file to an existing folder, it creates 2 tmp txt files for every 1 file saved. Do I have to do special permissions through the advanced section in all of these Non-modify situations. I don't understand the Write function since it seems so limited.