How to setup NTFS ACL with Acces Based Enumeration
- by Patrick Pellegrino
We're in the process of migrating from Novell Netware to Windows 2K8 R2 infrastructure (AD, File server, print server... etc)
My question is about ACL. While Netware and Windows are totally different, I want to be sure my thnking is good before screwing everything up!
There's a scenario :
F:
|
+-- DATA <= Shared as DATA with Access based enumeration
|
+-- Folder 1
+-- Team 1's Folder
+-- Team 2's Folder
...
In that case, by default, rights are herited from the F: to the deepest folders.
What we want :
Administrators group have full control top - down.
From DATA, ABE list only folders that users have access. (ex. : I'm in group Team 2, I see Team 2's Folder).
From what I understand, at DATA I remove all NTFS ACL to be herited (ex. Users Group), be sure to keep Administrators Group and SYSTEM user.
After that, grant Full control (or any right needed) on each folder to Groups or Users that have to have access.
Does I'm wrong ? Anything I should take care of ?
Any help to my understanding will be very appreciated.
Regards.