How do you control user access to networks folders?

chris3334 · 2009-08-14T00:48:30.000Z

Do you use certain piece of software? or is a manual process of changing each users access individually on each folder?

mike4357189 · 2009-08-14T01:05:58.000Z

The usual (our what I assume to be usual :-/) method of setting up an AD group, assign users to the group, assign access to the folder to the group. Any changes - change members of the group.

rune3280 · 2009-08-14T01:25:07.000Z

I set up groups and handle the groups access manually.

Then I update users to the groups as they are hired/quit.

renejung4933 · 2009-08-14T01:33:04.000Z

Like Mike said: Normally it works with groups.

I’m just using NTFS Permissions with AD groups, so I can put every user just in a group if needed.

Also very important is a group which is named like “abuse” or something like that. Its on every permission with deny, so I can put easily a worker in it, if company leader got in trouble with someone and wants immediate to stop all access.

Groups are much easier to handle instead of every user on its own.

Example:

Folder1 → Group called “Folder1”, maybe you need to make Groupnames with much more information like “Folder1-Servername-Accessright” for example: “office-filesrv-write”, so its very easy to handle it!

And dont forget: Everytime you have a folder to share make all your groups and set the ntfs permissions! Maybe you dont need it now, but maybe later and everything is set right. For example: You need a share named “projects” on the server “filesrv”, so you make the groups “projects-filesrv-read”, “projects-filesrv-write”, “projects-filesrv-deny” and so on… you never have to touch the permissions again!

gregor4955 · 2009-08-14T03:33:58.000Z

I have a network that was set-up with users accessing the files directly, no groups in the middle, this has been a nightmare, I am starting to solve, but taking a lot of time. This was an upgrade of an upgrade of an NT4 network. I am still living with this legacy. Every time something changes it takes almost a day to work it all through.

as everyone else says insure it is only dedicated groups that access the folders / files. I have found a good setup is Users - Group (Distribution) - Group (Security) - Permissions. This is slowly making things easier, but the changes are very slow going. You then only need to think what does Sales need access to, not what does Bob from sales need access to.

chris3334 · 2009-08-14T03:41:51.000Z

Thanks for your input guys. I am using groups but not to the same level as you. I was concerned that I was handling rights differently from the norm.

Thanks Again

scottalanmiller · 2009-08-14T03:46:03.000Z

We don’t generally need to make changes as our base hierarchy is already set up. What changes do you usually need to make?

curtisnewman · 2009-08-14T07:10:37.000Z

Agreed create security groups and drop the user into that group, becareful of hierarchy in the folder chain.

mari2883 · 2009-08-14T08:03:47.000Z

I agree with the rest of the crew. The recommended method by Microsoft is to assign permissions to groups, and add the various users to that group.

As far as I know, there is not really an effective piece of software to do the job of rights managment.

curtisnewman · 2009-08-14T08:16:01.000Z

mkivsip wrote:

I agree with the rest of the crew. The recommended method by Microsoft is to assign permissions to groups, and add the various users to that group.

As far as I know, there is not really an effective piece of software to do the job of rights managment.

Actually there is a peice of software I used for a client NOT running Win Server.

I’ll dig it up, it was free.

Crap it was Microsoft Private Folder