What you have now done is tied an asset to a permission, and the permissions to a role. Add this global group to the domain local group fileserver1_HR_read, and then add user accounts to the global group HR. Create a global group in AD named HR for your HR people.Use these groups to set NTFS permissions to the appropriate user rights.fileserver1_HR_fullcontrol (Full Control).fileserver1_HR_modify (Read and Modify).For this share, create the following domain local groups in your AD with the permissions shown:.For example, suppose you have a share named HR on fileserver1. Configure NTFS permissions for the assets, assign roles to those permissions, and assign people to roles.It's far easier to manage 200 groups than 2,000 one-off permissions. Don't assign NTFS permissions to individuals, even if you have to create hundreds of groups.
Create a file server permissions policy that clearly defines your permissions management process.NTFS Permissions Management Best Practices.
0 kommentar(er)
