1

We are setting up a new file server and was curious on the best practice of what group to make the folder owner. Should it be the local admin group or the domain admin group? I know it’s essentially the same since the local admin includes the domain group but was curious as to what people use. Also, for folder shares, do you give the permissions to the local admin group object or domain admin group object.

2 Spice ups
2

Don’t forget your share permissions are the key in the door and then the file permissions take over from that point.

At the root I have a read list folder contents say if it was for a

Common (SHARE)

—Communications

—Marketing

—HR

—Accoutning

Then on the sub folders I take off the inherit on the folder and put the group like Marketing_RW and add my user groups there

By default unless your specifically remove the administrator rights they should be copied in from the root. By default its been a while since I’ve done this from scratch, administrator/domain administrator should have access to all files on the box

3

We give domain admin’s group ownership. The share permissions is full access for ‘everyone’. Then NTFS manage the rest. I never give individual accounts permissions (with exception of users MyDocuments/Home folders), I always create security groups (even if it’s for 1 staff). This way if the staff were to leave or be replaced, I can just swap them into the security group. I don’t have to worry about staff XYZ had permission to this folder or that folder, just worry about what security groups their job title belong too.

I’m a huge fan of the access enumeration introduced in Server 2008 as well.

4

Scott and Steve have the right ideas here. Almost never assign rights by user; always assign rights by groups. Ownership becomes a little tricky if you are using quotas. If you do not use quotas, go with the domain admins group as owner.

Steve is completely right on the share permissions. I never place restrictions on the shares and always define access with the folder permissions.