Problem solve Get help with specific problems with your technologies, process and projects.

Data protection on Microsoft networks

For the sake of data protection, sometimes you want to allow folder access only to certain users. Learn how to manage folder permissions in Microsoft networks.

We have a small Microsoft network. I have information that one colleague needs, but I do not want others on the network to view it. How can I share this information with my colleague yet ensure solid data protection and hide it from others? Is it possible to apply a password to a specific folder?
Rather than applying a password to the specific folder, what you will want to do is to specify permissions so that only the user you want to have access is granted access and everyone else is denied access. You can practice this type of data protection by choosing from these two methods:

  1. Grant the user access directly.
  2. Create a group that the user is a member of, and then grant that group access.

I recommend data protection method two because it allows you to grant other users on your Microsoft network access by simply making them a member of the appropriate group. To achieve this, select the folder that you want to share, right click on it and bring up the properties. Select the Security Tab and assign the permissions as follows (and shown in figure one):

Figure 1: Assign permissions in Microsoft networks
  1. Domain Admins (or the local administrators group if you want to use local groups for permissions) -- Full Control

    This allows domain admins to have access. If for some reason they do not need that, don't grant it -- but keep in mind that as a domain access, it's a trivial process to gain access to the folder and files.

  2. Group that the user is a member of or the user himself -- If the user only needs read access, check Read and Execute in the Allow column. If the user needs to be able to make changes, check Modify and/or Read and Execute in the Allow column.

    This will grant the user access to the folder and files. In my example, I created a group named FS-Test-CX (File System-Directory-Permissions) and granted the group Change access. I would then make the user a member of that group.

  3. Remove any other groups from the list. Do not grant the "deny access" group to any groups. While this may seem like a good idea, if the user you want to have access is in a member of any of those groups, then the deny will supersede any other access the user has.

Dig Deeper on User passwords and network permissions

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.