Not really, since an OU cannot be added to the DACL in any way. The best way to set these permissions in Group Policy would be by giving a domain local group (e.g.. ModifySalesData group) the relevant access rights to the files or folders, then adding groups containing users (e.g. SalesManagers) to these 'access' groups. When you get a new starter you would add them to a relevant group or groups to give them the access you require.
Dig Deeper on Windows administration tools
Related Q&A from Jeremy Moskowitz
How can I restrict rights for a group of users on a specific OU of computers, but not on any compute
Expert Jeremy Moskowitz shows a reader how to use loopback policy processing to restrict rights for a group of users on a specific OU of computers. Continue Reading
Expert Jeremy Moskowitz explains how to use Group Policy for a Windows 2000 Server to apply proxy settings automatically on all the workstations in a... Continue Reading
Can I append Domain Groups to the local 'Admin' Group of Domain Computers without affecting the exis
Expert Jeremy Moskowitz explains what an admin would need to do to append Domain Groups to the local 'Admin' Group of Domain Computers without ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.