@tim_g said in Windows file server query:
This doesn't make sense.
If someone wants to see who has access to a given share, then you show open up the group that has access, which shows all the members.
When you start granularly adding users to this folder that file here and there, there's no way at all to manage or audit that. You'd have to manually go through each and every folder and file properties to see who has permissions. That's got to be horrible!
For example, if you have a folder named \server\Accounting\invoices:
Create two groups in Active Directory:
Assign ONLY those two groups with appropriate permissions to that "invoices" folder (in addition to the default permissions, admins group for example).
Then if your boss says, "hai who is permissions of invoices folder mang?"
Then you simply show the members of the above two groups. If someone new needs permissions, or needs permissions revoked, you simple add/remove them from one of those two groups.
Got that. I also wanted to implement it badly as changing NTFS permission means I have to wait for the propagation to finish which could take a while depending on the folder size. If part of a group, no waiting.
They, the directors, usually work late out at night, some weekends and holidays. At times, usually the one which I have stated (brother of my direct boss), checks who has access to which folder.
I have gone into saying I can install a program which he can list all users and members of each group but he stopped me saying it takes extra steps for a simple task of checking who has access to that folder.