none
Shared Folder Access only For Particular OU

    Question

  • Dear Team,

    How We can configure shared folder access through GPO? Also i need to set the permission to the shared folder only for a particular Organization Unit (OU).

    Regards

    Aghil


    • Edited by MS AGHILLAL Sunday, May 19, 2019 3:42 PM
    • Moved by nzpcmad1 Sunday, May 19, 2019 9:17 PM From ADFS
    Sunday, May 19, 2019 3:41 PM

Answers

  • Hello,

    Please follow the steps below to achive your question's answer.

    That setting is located under Computer Configuration | Windows Settings | Security Settings | File System

    Just choose what you need to give permission for and then apply that GPO for an OU.


    Mark it as answer if your question has solved. MCT Regional Lead. x2 MCSE-MCSA Exchange Server & Windows Server

    • Marked as answer by MS AGHILLAL Tuesday, May 21, 2019 1:23 PM
    Sunday, May 19, 2019 5:56 PM
  • we cant assign/grant permission for OU.Itm doesn't have sid.We can only grant permission to user/grup or computer only

    Darshana Jayathilake

    • Marked as answer by MS AGHILLAL Tuesday, May 21, 2019 1:23 PM
    Sunday, May 19, 2019 6:29 PM
  • Hi,

    Based on my experience, haven't heard a way to do this through GPO

    Here is a advice for you to complete your purpose:

    Add the users in the particular OU in to a security group, and set permission to the group when you configure the shared file.

    Best Regards,

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by MS AGHILLAL Tuesday, May 21, 2019 1:23 PM
    Monday, May 20, 2019 7:01 AM

All replies

  • Hello,

    Please follow the steps below to achive your question's answer.

    That setting is located under Computer Configuration | Windows Settings | Security Settings | File System

    Just choose what you need to give permission for and then apply that GPO for an OU.


    Mark it as answer if your question has solved. MCT Regional Lead. x2 MCSE-MCSA Exchange Server & Windows Server

    • Marked as answer by MS AGHILLAL Tuesday, May 21, 2019 1:23 PM
    Sunday, May 19, 2019 5:56 PM
  • we cant assign/grant permission for OU.Itm doesn't have sid.We can only grant permission to user/grup or computer only

    Darshana Jayathilake

    • Marked as answer by MS AGHILLAL Tuesday, May 21, 2019 1:23 PM
    Sunday, May 19, 2019 6:29 PM
  • If your file server and your domain controllers are running Windows Server 2012 you can use the users' attribute to give permissions on the file system.

    So if you have an OU structure for each services (or departments), you could use this information to give access to your users.

    You would have to:

    - Enable KDS claim support on the domain controllers

    - Enable client claim support on the file server

    - Create a claim type for the user class in the department attribute

    - Enable client claim support on the workstations (or enable transition protocol on the file server)

    This is described here: https://docs.microsoft.com/en-us/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview (note that this document describes way more than the concepts above, but you'll get the drift).


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, May 19, 2019 8:21 PM
  • Hi,

    Based on my experience, haven't heard a way to do this through GPO

    Here is a advice for you to complete your purpose:

    Add the users in the particular OU in to a security group, and set permission to the group when you configure the shared file.

    Best Regards,

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by MS AGHILLAL Tuesday, May 21, 2019 1:23 PM
    Monday, May 20, 2019 7:01 AM
  • So I see that the Dynamic Access Control via claims get no interest whereas it can actually do the job given you sort users in OU per department :)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, May 27, 2019 3:06 PM