Not really, since an OU cannot be added to the DACL in any way. The best way to set these permissions in Group Policy would be by giving a domain local group (e.g.. ModifySalesData group) the relevant access rights to the files or folders, then adding groups containing users (e.g. SalesManagers) to these 'access' groups. When you get a new starter you would add them to a relevant group or groups to give them the access you require.
Dig Deeper on Windows administration tools
Related Q&A from Jeremy Moskowitz
How can I restrict rights for a group of users on a specific OU of computers, but not on any compute
Expert Jeremy Moskowitz shows a reader how to use loopback policy processing to restrict rights for a group of users on a specific OU of computers. Continue Reading
Expert Jeremy Moskowitz explains how to use Group Policy for a Windows 2000 Server to apply proxy settings automatically on all the workstations in a... Continue Reading
Expert Jeremy Moskowitz explains to a reader what is required when making changes to a registry key in Group Policy. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.