Thanks for the advice. I've been looking for some best practices documents but can't find any. Even my various AD DS/Windows 2008 books don't do justice to the complexity of this.
>>> Ben Scott <mailvor...@gmail.com> 5/20/2009 11:02 AM >>> On Tue, May 19, 2009 at 4:36 PM, Tom Miller <tmil...@hnncsb.org> wrote: > - set share perms to "change, read" for authenticated users and admins have > full control FWIW and FYI, it's generally considered a best practice to set share permissions to Everybody/Full Control, and manage permissions using NTFS. Setting only admins to have "Full Control" isn't too bad, but if you ever end up in the situation where you need to grant a sub-group of people Full Control on a sub-branch (e.g., so a department can manage their own folder's permissions), you'll have to remember to change this in the future. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~