I have some folders on a company share that supervisors have requested certain people have access and only one person can approve changes.
We have a handful of people in IT that can give users rights. Many times rights are based on similar job roles.
I thought about making new groups that would indicate higher security is enforced. (ex: Approved_Access_Support_Dept)
Anyone know of any way to alert IT staff that a folder has more restrictions than others? We do try to check with a folder owner however much of the decision is based on department or role. We are also not interested in adding any additional software on the server. Readme files only work if you go into each folder/subfolder to see if any are there.
They do not want to change the name of the folders. Thanks
Create a New AD Universal security group. Example DRIVE_SuportDesk
Use exchange to set this as a Mail enabled security group.
Now modify the share itself so that this group is the principle security permission on it instead of users
In the EMC edit the new Distribution groups properties and set the Manager as the person who authorises access to the share.
This user "Manager" can now use outlook to add/remove members of the distribution group and therefore give/take away rights to the share.
We also create a DRIVE_SuportDesk_RO group for Read Only members access to the folder.
If you need any further explanations feel free and ask.