How can I assure that a new user's file permissions are correctly configured?

Expert Jeremy Moskowitz shows a reader one of the best ways to set permissions for a new user in Group Policy.

Our office wants to use Group Policy to set file permissions on our server's shared folders. Is there a way to have different file permissions given to different OU's, such that if a new employee was hired we could drop them into an OU and be assured that his read/write file permissions to the server shared files are correctly configured?

Not really, since an OU cannot be added to the DACL in any way. The best way to set these permissions in Group

Policy would be by giving a domain local group (e.g.. ModifySalesData group) the relevant access rights to the files or folders, then adding groups containing users (e.g. SalesManagers) to these 'access' groups. When you get a new starter you would add them to a relevant group or groups to give them the access you require.

This was first published in September 2006

Dig deeper on Microsoft Active Directory Tools and Troubleshooting



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: