0

We have a server machine having Windows 2012 Server installed on it. Same machine is being used for Domain Controller, Active Directory, Organizational Unit, Groups and Group Policies.

Please check attached image here

For University, we created groups of Teacher and Student and created folders for every teacher and assigned rights to individual teachers/users for their own folders.

We created students folders under each teacher's folder and assigned individual rights to students for their own folders and can access teacher's "shared folder"

Here are my questions

  • Is that good practice to make individual user rights to achieve the hierarchy ?
  • In future if student's teacher is changed, how we will manage that structure ?
  • In future if new students are added, we will have to make more individual rights ?
  • How is that possible with Group policy ?

Please suggest me the solutions for these.

NREZ
  • 942
  • 9
  • 13
Farukh Zahoor
  • 157
  • 12

1 Answers1

0

Instead of assigning individual user permissions to the root (teacher) folders it might be better to assign groups.

For example:

-- Teachers (Group) -- Class A (Group) -- Class B (Group)

Assign individual users to each group, then if they change class you switch them to another group.

Create root folder for Teachers and Students:

-- Teacher Videos ---- Teacher A ---- Teacher B -- Student Videos ---- Student A ---- Student B ---- Student C

Now you can assign the following permissions:

-- Teacher RWDM to both Teacher and Student folders. -- Student R to both Teacher and Student folders. -- Individual user accounts RWDM to their own folders. -- Assign class groups to folders if necessary (if student access needs to be restricted to their class).

There's lots of ways around this.

Use a tool like the Directory Permissions Checker at http://www.directorypermissions.net to ensure there are no rogue permissions in the folder hierarchy, i.e. to check students only have delete access to their own folders.

pfeds
  • 2,183
  • 4
  • 32
  • 48