I am looking for comments/gotchas/etc on the following permissions strategy. Here is how I set up rights/shares:
1) At the top level folder (not drive)
a) Uncheck allow inheritable permissions and select copy rights.
b) Add domain admins with full rights
c) Remove the generic Users group
d) Add rights to a company specific group (instead of the generic users group). I tend to create a group for each top level directory.
2) Now Share the folder and under share permissions
a) Add full rights to domain admins
b) Remove the generic Everyone group
c) Add the company specific group from 1d above.
3) If I want to restrict or remove rights to a subdirectory below the top level, I remove the company specific group from that subdirectory and add another directory-specific group for rights.
Comments, flaws, suggestions?
R.Sobelman
1) At the top level folder (not drive)
a) Uncheck allow inheritable permissions and select copy rights.
b) Add domain admins with full rights
c) Remove the generic Users group
d) Add rights to a company specific group (instead of the generic users group). I tend to create a group for each top level directory.
2) Now Share the folder and under share permissions
a) Add full rights to domain admins
b) Remove the generic Everyone group
c) Add the company specific group from 1d above.
3) If I want to restrict or remove rights to a subdirectory below the top level, I remove the company specific group from that subdirectory and add another directory-specific group for rights.
Comments, flaws, suggestions?
R.Sobelman
