none
How to map security groups to folders on a file server

    Question

  • I’m the server admin for a large organization.  I inherited a domain with a mess of security groups on the domain controller which are used to permission hundreds of files and folders on the domain file server.  My admins cannot make sense of this schema so they just add individual users to each folder which is impossible to manage as users come and go.  I need to clean this mess up and build security groups that make sense and apply to files/folders on the file server.

    My question is how do I associate security groups with corresponding folders/files on the file server.  Or if it’s easier, how can I gen a report on the file server showing each folder/file and security group(s) that are applied?

    Any help will be greatly appreciated.

    Friday, March 15, 2013 8:55 AM

Answers

  • Hi,

    Its a part of setting NTFS permissions.Instead of adding single user, add security group in security tab of a folder.

    Path will be right click the Folder>properties>security> edit>add security groups to folder.


    Regards, Ravikumar P

    Friday, March 15, 2013 11:43 AM
  • Hmmm, maybe something like this from powershell:

    get-childitem -recurse "C:\<shared folder>" | get-acl | fl | out-file "C:\temp\perms.txt" <-Will get you a full list of every file and folder's security settings and put it into a text file. 

    As for setting the permissions, it might be easier to set a top level share folder, give it the opermissions that you want and force inheritance on down.  If this is not an option you can use set-acl to set permissions on a file and script it to set on files in batches.

    http://technet.microsoft.com/en-us/library/hh849810.aspx

    Hope that helps.  This kind of thing can be a huge pain.

    Friday, March 15, 2013 4:48 PM

All replies

  • Hi,

    Its a part of setting NTFS permissions.Instead of adding single user, add security group in security tab of a folder.

    Path will be right click the Folder>properties>security> edit>add security groups to folder.


    Regards, Ravikumar P

    Friday, March 15, 2013 11:43 AM
  • Hmmm, maybe something like this from powershell:

    get-childitem -recurse "C:\<shared folder>" | get-acl | fl | out-file "C:\temp\perms.txt" <-Will get you a full list of every file and folder's security settings and put it into a text file. 

    As for setting the permissions, it might be easier to set a top level share folder, give it the opermissions that you want and force inheritance on down.  If this is not an option you can use set-acl to set permissions on a file and script it to set on files in batches.

    http://technet.microsoft.com/en-us/library/hh849810.aspx

    Hope that helps.  This kind of thing can be a huge pain.

    Friday, March 15, 2013 4:48 PM