- Grant the user access directly.
- Create a group that the user is a member of, and then grant that group access.
I recommend data protection method two because it allows you to grant other users on your Microsoft network access by simply making them a member of the appropriate group. To achieve this, select the folder that you want to share, right click on it and bring up the properties. Select the Security Tab and assign the permissions as follows (and shown in figure one):
Figure 1: Assign permissions in Microsoft networks
- Domain Admins (or the local administrators group if you want to use local groups for permissions) -- Full Control
This allows domain admins to have access. If for some reason they do not need that, don't grant it -- but keep in mind that as a domain access, it's a trivial process to gain access to the folder and files.
- Group that the user is a member of or the user himself -- If the user only needs read access, check Read and Execute in the Allow column. If the user needs to be able to make changes, check Modify and/or Read and Execute in the Allow column.
This will grant the user access to the folder and files. In my example, I created a group named FS-Test-CX (File System-Directory-Permissions) and granted the group Change access. I would then make the user a member of that group.
- Remove any other groups from the list. Do not grant the "deny access" group to any groups. While this may seem like a good idea, if the user you want to have access is in a member of any of those groups, then the deny will supersede any other access the user has.
Dig Deeper on User passwords and network permissions
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.