-1

I am in the process of finding a suitable solution of the following. I have a Windows Server 2013 share with a set of shared folders. This share has a central folder (say Shares) and a set of subfolders, each of those should be shared to a specific department or group with entries already specified in AD.

What is a correct way of assigning permissions so that the folder structure could remain unchanged and survive accidental deletion and modification while users of corresponding departments could work in their subfolders without restrictions? So that Share is accessible by anyone but its subfolders cannot be modified (say, top-level and level 1 folders are unmodifiable), then everything inside its subfolders can be modified, so on.

I was thinking about removing inheritance in permissions, but then I need to specify over ~300 folder permissions (a number of departments and specific stuff) which is annoyng.

Is there any better way? Thank you!

Dim
  • 1

1 Answers1

1

I have a Windows Server 2013

I doubt this version number is correct, but NTFS permissions are the same on any windows, this doesn't matter that much.

What is a correct way of assigning permissions so that the folder structure could remain unchanged while users of corresponding departments could work in their subfolders without restrictions?

List only on shares, than full access to the subfolders.

I was thinking about removing inheritance in permissions

Give that your share permissions are 'full', keep in mind that NTFS permissions are additive. So, if group A has been granted NTFS 'list only' tho \shares, the same group can have 'full access' to \share\folderA.

I need to specify over ~300 folder permissions (a number of departments and specific stuff) which is annoying.

You will have to tell NTFS what it should be doing. If your organization needs 300 different ACLs, this is the way.

You can automate stuff like this sometimes, but that depends on your org's structure.

bjoster
  • 4,805
  • 5
  • 25
  • 33