Audit dept request

Discussion in 'Active Directory' started by Darren, Oct 5, 2007.

  1. Darren

    Darren Guest

    Hi All

    Audit dept has requested, I remove a particular group access from a number
    of sub folders but this group will need to retain access at the higher
    (root )level .

    I was wondering what would be the best way to do this.. Should I deny
    access or remove the group ? Removing the group can get trick in my opinion
    since I would have to uncheck inherit . As far as I know, it's worse to mess
    around with turning off inheriting

    Any feedback would certainly be appreciated.

    TIA
     
    Darren, Oct 5, 2007
    #1
    1. Advertisements

  2. Hello Darren,

    Which groups has what rights on the top folder level?

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
     
    Meinolf Weber, Oct 5, 2007
    #2
    1. Advertisements

  3. Darren

    Jorge Silva Guest

    Hi
    At root level remove the Group, this will remove the group from all
    subfolder and files.
    At Root level re-add the Group and use the Advanced tab to choose the option
    Applies to "This Folder Only", this action will give the security group
    permissions only in the root folder.

    --

    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Oct 5, 2007
    #3
  4. Darren

    Darren Guest

    The group in question has access to the top folder and need to retain access
    at this level and sub folders with the exception of a few sub folders.

    TIA
     
    Darren, Oct 5, 2007
    #4
  5. Darren

    Ryan Hanisco Guest

    Darren,

    If you need to rely on the inheritance for some folders but would like to
    restrict for others, your best option is to use an explicit deny on the sub
    folders. You may find that you have to break the inheritance if the group is
    explicitly defined upstream, but you really don't have much of a choice.

    You may also consider creating a new security group for these users and
    denying privileges downstream for this group. The group membership on the
    explicit deny will override the permit that is inherited.
    --
    Ryan Hanisco
    MCSE, MCTS: SQL 2005, Project+
    http://www.techsterity.com
    Chicago, IL

    Remember: Marking helpful answers helps everyone find the info they need
    quickly.
     
    Ryan Hanisco, Oct 6, 2007
    #5
  6. Darren

    Darren Guest

    Jorge,Ryan and Meinolf I just wanted to thank you guys for the excellent
    feedback.

    Darren
     
    Darren, Oct 6, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.