minimum permissions to manage file shares on a DC

  • Thread starter Thread starter arm123
  • Start date Start date
A

arm123

I am looking to setup a DC in a remote office and want to give the branch
manager the ability to manage file shares on the DC without making him a
Domain Admin. Is this possible? And, if so, how would I do this?

Thanks in advance.
 
The most intelligent and safest way to do this is to create a single
share on that server and then give the branch manager access to that
share so that he/she can create folders and assign permissions to them.

Do not, under any circumstances, give the person local interactive logon
rights to the domain controller.



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Thanks for the response! What tool would the branch manager use to create
folders and assign permissions? Just Windows Explorer? Because that does not
give the ability to create additional shares or assign share permissions,
only NTFS permissions.

Perhaps that would be sufficient for our need but I just want to make sure I
fully understand what you are recommending.

Thanks!
 
All users would access their particular folder through the single share you
created. Your branch manager can then create folders within that one share
and assign permissions.

Denny
 
Yep explorer, reread what I said... A SINGLE SHARE.

You don't normally want to be mucking around with share level
permissions anyways, most people get immensely confused when trying to
work through share level permissions combined with NTFS permissions.

I would set the share with Everyone FC and then do all of the lockdowns
on the NTFS level. This is a design I have been using very successfully
in Fortune 5 and smaller companies since the mid-90's. It works great.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top