Correct way to assign Folder and File permission in Windows 2019 Domain
We have moved to a new Windows 2019 Domain Environment. I would like to set up Folder and file permissions for users thru File Servers / Share / DFS-N. I am looking for a step by step guide to configure and implement this in a production environment from A to Z. Any advice from Experts will be appreciated.
ASKER
appreciate your quick reply Arnold. Thanks.
I have already tested DFS and Storage Replica (Replacement of DFS-R) in a Test environment and it works okay.
Now I need a Step-by-step guide to setup permissions correctly on the File servers. there are many available and I am getting confused.
we migrating from Novell Trustees eDirectory to Windows NTFS.
Utimately we will be using Azure File Sync too later on should this On-Prem setup work out well; therefore asking for an authentic step by step File permission guide. Thanks
I have already tested DFS and Storage Replica (Replacement of DFS-R) in a Test environment and it works okay.
Now I need a Step-by-step guide to setup permissions correctly on the File servers. there are many available and I am getting confused.
we migrating from Novell Trustees eDirectory to Windows NTFS.
Utimately we will be using Azure File Sync too later on should this On-Prem setup work out well; therefore asking for an authentic step by step File permission guide. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
very well explained Arnold! much appreciated.
my task is to architecture the File Share/ user permissions. do you know any step by step link or guide ? Thanks
my task is to architecture the File Share/ user permissions. do you know any step by step link or guide ? Thanks
You would use DOMAIN based security objects security groups
which should simplify your management as it would require the user to whom access is granted to be a member of the correct security group.
Do not use or attempt individual user allocations as it will become unmanageable in short order.
The above merely amended by
creating Security groups in the AD for the example above
Billing
Finance
Manufacturing
management
if you could provide a sample, context to the type of file system level structure, share organization, and department, sub group, etc. you are considering it might be simpler.
The common documents you no doubt went through are too general and abstract.
which should simplify your management as it would require the user to whom access is granted to be a member of the correct security group.
Do not use or attempt individual user allocations as it will become unmanageable in short order.
The above merely amended by
creating Security groups in the AD for the example above
Billing
Finance
Manufacturing
management
if you could provide a sample, context to the type of file system level structure, share organization, and department, sub group, etc. you are considering it might be simpler.
The common documents you no doubt went through are too general and abstract.
At every step when using DFS, Replication or publishing. you have access to the properties of the underlying TARGETS
Share permissions deal with share level security and security settings dealing with filesystem level security. Note that the enforcement is based on the stricter model. if you do not grant write persmission on the share permissions, the shares will read-only.
You always have the option of configuring the Filesystem security settings directly on the Targets (servers with the underlying data) and then when grouping the targets under DFS-R or DFS you can accept the settings as they exist on the respective servers.
I think you are skilled so a simple test is all that you need.
GO through a step setting up a test DFS replication group between two servers. Then publish this group share.
IMHO, if you already have an existing SHARE, server based, that you would like to migrate/.convert to a DFS
setup a DFS replication group with the existing share (Server 2003R2 and newer) this will handle the replication of the data from the existing share to the new location with their existing filesystem level security settings. note you should make sure to preconfigure the security settings on the 2019 server before hand to avoid subsequent changes triggering DFS-replication events.
MAKE SURE TO USE THE EXSITING Server/SHARE as the REFERENCE server/instance.