Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Assigning user rights:

  • 19-11-2007 5:15pm
    #1
    Closed Accounts Posts: 21


    Hey,

    I hope some one can help me with a few suggestions about what rights i should assign to my network through Active Directory. I was hoping that there might be a "standard" or "template" i could follow. (forgive my terminology)


    Any ideas
    I'm Stuck

    Thanks
    Burdon

    PS: i am an IT JNR so i am still learning :P


Comments

  • Registered Users, Registered Users 2 Posts: 1,772 ✭✭✭woolymammoth


    that depends entirely on the situation, how many users do you have, how many shared resources, who needs access to what.

    If you've many users, and they all need to access certain folders, then it's best to create one or more groups for each folder, with varying permissions as needed, then just add people to those groups.

    there's more to it, but in simple terms, that's it.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,552 Mod ✭✭✭✭Capt'n Midnight


    you could change everyone to "authenticated users"

    for each shared folder create a group of the same name
    members of that group get read-write access,

    general rules
    that which is not expressly permitted is denied - ie. if someone doesn' have a reason to see something they shouldn't see it.
    if they don't need to edit files then the folder should be read only

    lots of gotchas - my pet hate is the way permissions are inherited from higher folders


    oops just saw you said AD not folders
    user permissions or pc permissions ?
    there is no reason for end users to have admin permissions - is a good starting point

    normally it would be used for settings rather than rights but depends on your specific needs


  • Closed Accounts Posts: 21 burdon


    the network is about 30 people at the moment but it is growing fast enough.

    I know the question i asked was a very broad question. But thanks for your input lads.

    Will get stuck into a few online articles about AD and see what happens.


  • Registered Users, Registered Users 2 Posts: 598 ✭✭✭DannyBuoy


    One little tip is to create a group for IT Support use and add yourself and whoever else needs to be added. Then when building new pcs or laptops add this group to the local admin group, this means you have admin rights to each pc on the network or when you log in to it, very useful when looking after a bunch of machines.


Advertisement