Hi Everyone,
Currently in my organization we have a file share that is totally unrestricted. Critical files are stored here with no security whatsoever. Obviously users have turned this into a disaster. Stale data is everywhere and anyone can access anything. I need to change this. I reorganized users in AD to mirror our organizations departments and made security groups for each. I made a new share called S. I set the share permissions to full control so I can use NTFS permissions to lock it down.
I'd like the files to be structured as follows:
S:\
Accounting
Administration
HR
Other Departments
Each department has a security group. As I understand NTFS uses the strictest permission. I want to deny all users the right to write to the root of S:\. That requires I turn off all inheritance from parent for all departmental folders. Isn't this a bad practice? Is there another way? I'd also like to make it so that all other departments are denied access to accounting. Would I have to set deny permissions for all other departments on that folder?
I have done a fair share of reading on NTFS file permissions but I haven't seen first hand the applications of best practices. I am a relatively inexperienced IT professional in an organization that is somewhat unorganized.
- DylanDaInfidel
