<div>
If you handled NTFS permissions using groups, it would be pretty easy using classic NTFS permissions. For example, I would create domain local groups called &quot;Project 1-RO&quot; and &quot;Project 1-RW&quot;. Give one group read permissions on Project 1, and the other group modify permissions to that folder. Then populate the groups with the correct AD membership using other AD groups or users.
</div>


If you handled NTFS permissions using groups, it would be pretty easy using classic NTFS permissions. For example, I would create domain local groups called "Project 1-RO" and "Project 1-RW". Give one group read permissions on Project 1, and the other group modify permissions to that folder. Then populate the groups with the correct AD membership using other AD groups or users.

<div>
<div class="content wysiwyg-content">
Hi Guys,<br />
<br />
I've not used DAC yet but I'm wondering if someone could just clarify something for me. We work in an environment where the labour turnover is higher as we use a lot of freelancers, they all however need accounts. <br />
<br />
At the minute it's a nightmare providing NTFS permissions to users as they need them so regularly. What I was wondering about DAC is whether we could control access to folders based on AD Attributes?<br />
<br />
E.g. If Freelancer 1 had a custom attribute of &quot;Project 1&quot; I could provide access to a folder which says each person with the AD custom attribute &quot;Project 1&quot; can access that folder? <br />
<br />
This would help as our HR system will populate these fields when they start.
</div>
</div>


Hi Guys,

I've not used DAC yet but I'm wondering if someone could just clarify something for me. We work in an environment where the labour turnover is higher as we use a lot of freelancers, they all however need accounts. 

At the minute it's a nightmare providing NTFS permissions to users as they need them so regularly. What I was wondering about DAC is whether we could control access to folders based on AD Attributes?

E.g. If Freelancer 1 had a custom attribute of "Project 1" I could provide access to a folder which says each person with the AD custom attribute "Project 1" can access that folder? 

This would help as our HR system will populate these fields when they start.

Dynamic Access Control

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.

Microsoft Server OS

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.