Windows Thread, Standard Domain user needs folder permission rights in Technical; Hi,
I have one particular user that needs to be able to add/remove other domain users to a series of ...
2nd June 2008, 02:06 PM #1
Standard Domain user needs folder permission rights
I have one particular user that needs to be able to add/remove other domain users to a series of folders (these folders can all be within one dedicated folder). What is the best way of doing this? Obviously, I don't want that user to have domain admin rights. Can it be done?
2nd June 2008, 02:38 PM #2
Do you have exchange?
If so, create a universal security group. Give that group the rights you need and make the person the manager of the group and tick the box saying "manager can update membership"
When that person wants to update who has access to the folder they just go into Outlook address book and update the address list. Because it's also a security group they change the effective permissions on the folder.
This can be quite a nice way of working - you often have a situation where a group of people are working together - this gives you a group email and a group folder.
If you don't have Exchange then you can give the person full control over that folder and they can add/remove users but this is a nightmare to maintain
2nd June 2008, 02:39 PM #3
You can be very specific about who gets what for folders and files.
Right click on a folder and choose Properties. Click on Security tab then hit Advanced. Choose an entry (either user or group) and hit Edit. In here, you can allow them more (and very specific) control over what they can do, and the setting of permissions etc.
Test with a test account first perhaps, and be careful not to allow too many rights, just the ones they need.
@Steve: Interesting. Do you find this method of delegation works ok? Do people remember to update as and when req'd?
2nd June 2008, 02:43 PM #4
Yeah, shjould have looked before creating a topic. Already done it using 'advanced' in secuirty. Knew I had seen it somewhere.
Thanks - good idea with exchange too.
2nd June 2008, 03:35 PM #5
It's all they get :-)
Originally Posted by Ryan
We do get people who haven't got a clue; we have an intranet page with pictures of what to do which they can use. In general it works well and the biggest benefit is that you don't get "orphaned sids" (Joe Bloggs leaves and a folder still has their SID attached - there's no way of easily tracking down which folders Joe Bloggs was allowed to access).
it's also much easier to have people in groups - Joe Bloggs leaves and is replaced by Jenny Bloggs. All you have to do to make sure that Jenny has the same rights as Joe is to put her in the same groups as Joe - none of the "Oh, I think he used to be able to do xxxx" type stuff :-)
By NetworkGeezer in forum Coding
Last Post: 2nd September 2011, 05:10 PM
By edie209 in forum Windows
Last Post: 7th December 2007, 11:39 AM
By lemonstar in forum Network and Classroom Management
Last Post: 29th August 2007, 01:53 PM
By ArchersIT in forum Windows
Last Post: 24th July 2007, 09:02 AM
Last Post: 12th October 2006, 09:37 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)