File Share in Windows Domain

ntfs network-share window-server-2012

Solution 1:

My understanding is that you assign a user to a (security) group and then add that group to the NTFS permissions. However, we have a number of folders where we need to give a specific user access to the folder, but not the users in that group.

That's the general rule, but if you need to assign permissions to only a single user you can certainly do that.

Another option would be to create a Security Group, add this lone user account to the group and assign permissions to that group. That way if you need to grant other users access to the folder you can simply add them to the group.

Solution 2:

A general rule of thumb is if the folder is for a specific user, i.e. a Home drive folder or a specific confidential scanned document share, then set the permissions for the individual user.

If the folder is for a department or a program/application, then create a security group for the specific use and add the user(s) to the group and assign permissions to the group.

This method allows for expansion down the road when they decide they want additional people to have access and if you ever need to do maintenance in the future or re-create a share it will be straight forward to the people managing as to who should have access.

Related

How can I properly licence an office? [duplicate]
USB drive changes name from /dev/sdb to /dev/sdc (and back again) when copying?
Role name versus person's name for email accounts
crontab ifconfig outputting nothing
Can a server have two "names"?
Multiple Outlook users on a Single PST file?
Need HAproxy + Varnish + nginx setup suggestions
Best virtualization server core [closed]
How Can I monitor internet usage within my lan
All virtualhosts serving Apache default files
openwrt: Use rdate with NTP servers?
How do I use RPM to install GCC from my CentOS distribution media?