Not really, since an OU cannot be added to the DACL in any way. The best way to set these permissions in Group
Policy would be by giving a domain local group (e.g.. ModifySalesData group) the relevant access rights to the files or folders, then adding groups containing users (e.g. SalesManagers) to these 'access' groups. When you get a new starter you would add them to a relevant group or groups to give them the access you require.
Dig deeper on Microsoft Active Directory Tools and Troubleshooting
Related Q&A from Jeremy Moskowitz
Expert Jeremy Moskowitz explains to a reader what is required when making changes to a registry key in Group Policy.continue reading
Can I append Domain Groups to the local 'Admin' Group of Domain Computers without affecting the exis
Expert Jeremy Moskowitz explains what an admin would need to do to append Domain Groups to the local 'Admin' Group of Domain Computers without ...continue reading
How can I restrict rights for a group of users on a specific OU of computers, but not on any compute
Expert Jeremy Moskowitz shows a reader how to use loopback policy processing to restrict rights for a group of users on a specific OU of computers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.