I have a folder to which several departments contribute files. I'd like to set up the permissions so that when a user creates a file in the folder, the other members of his or her department will be able to modify the file and everyone else will have read access. I already have a group set up for each department with the appropriate members. How do I set up the permissions?
You can use the Creator Group well-known security principal and the ability
to specify a primary group for each user to accomplish your goal. First, for
each user, you need to make sure that the departmental group is configured as
the primary group. To do this, open a user account in Active Directory Users
and Computers, select the Member Of tab, select the user's departmental group,
and click Primary.
Next, edit the permissions for the folder. Give the departmental groups File
Create and Read permissions. Finally, add an entry to the folder permissions
that grants the Creator Group Modify permission. Now when a user creates a file
in the folder and Windows propagates permissions from the folder to the new
file, Windows will replace Creator Group with the primary group of that user,
giving the departmental group Modify permission.
Register
