Identify Active Directory Shared Folder Permissions

Active Directory shared folder permissions can be controlled in several ways. Some common methods are to control user access at the folder level or to use Group Policies for a more efficient way to manage employee permissions.

To set the desired share permissions for a folder through Active Directory, admins can also create a new folder within an AD container, go to Properties and Sharing, and change Permissions. Using this method, admins are typically assigned default ownership of AD folders, as well as Read/Write permissions. For Sharing settings, it’s common to assign Everyone a Read or Read/Write status for a folder. Doing so also changes sharing permissions for any folders contained within the chosen folder. Objects with the same security requirements should be located within the same folder.

It’s important to note that Sharing and Security permissions are not the same. While Sharing permissions can give users the ability to access a folder (for either Read or Read/Write), Security permissions give users the right to make content changes to said shared folder. Admins will typically only want to give access permission to Domain Users or another restricted category, rather than Everyone. If access policies come into conflict, AD will grant access based on the more restrictive settings.

However, often the best person to manage shared folder access is the data owner—not an IT admin. Using SolarWinds ARM, IT admins can configure roles so that data owners can grant access rights to specific resources. Depending on the security needs of an organization, ARM allows you to delegate different roles and responsibilities related to data ownership based on configurable organizational categories. The categories can also be aligned to specific approval workflows that can include as many steps as required.

Those seeking access to shared resources from data owners will then use the web-based, self-service portal integrated in Access Rights Manager to make their request.