File Share in Windows Domain
Solution 1:
My understanding is that you assign a user to a (security) group and then add that group to the NTFS permissions. However, we have a number of folders where we need to give a specific user access to the folder, but not the users in that group.
That's the general rule, but if you need to assign permissions to only a single user you can certainly do that.
Another option would be to create a Security Group, add this lone user account to the group and assign permissions to that group. That way if you need to grant other users access to the folder you can simply add them to the group.
Solution 2:
A general rule of thumb is if the folder is for a specific user, i.e. a Home drive folder or a specific confidential scanned document share, then set the permissions for the individual user.
If the folder is for a department or a program/application, then create a security group for the specific use and add the user(s) to the group and assign permissions to the group.
This method allows for expansion down the road when they decide they want additional people to have access and if you ever need to do maintenance in the future or re-create a share it will be straight forward to the people managing as to who should have access.