Guide to managing departmental shared drives In order to create folders on your departmental shared drives eg. the i: m: p: drives, you need to be assigned administrator permissions. If you believe you are the one responsible for managing your departments shared drive, but cannot create new folders or change the relevant permission settings, then please log a call with the Service Desk on x2000. 2015.v2.0 P a g e 1
Table of Contents Overview... 3 Changing the default (inherited) permissions on a folder... 3 Breaking the inheritance... 3 Adding or Removing Users... 6 Adding New Users or Groups... 6 Removing Users/Groups... 9 Default Permissions... 10 Changing Permissions... 11 Notes:... 11 2015.v2.0 P a g e 2
Overview Below are the basic steps required to manage your departments shared drive. 1. Create a new folder or edit an existing one. 2. Add/remove users and/or groups 3. Set permissions for access 4. Document all changes. Changing the default (inherited) permissions on a folder If you need to change the default viewing/editing permissions for a folder, follow these steps; Right click on the relevant folder and select Properties, and then select the Security tab. If when clicking on the Edit button you find that you can t edit any of the permissions as they are greyed out, then you will need to break the inheritance, as this folder is inheriting permissions from the folder it was created in. Breaking the inheritance To break the inheritance, click Advanced. 2015.v2.0 P a g e 3
On the Advanced Security Settings screen Click on Change Permissions Then Un-tick Include inheritable permissions from this object s parent The following Windows Security dialog box will appear: *** IMPORTANT *** Make sure you select Add as this will copy all previous entries back onto the folder. If you click Remove, it may result in everyone including yourself losing access to that folder. If you have already done this, then please log a call with on x2000. NB. Using Add means you keep the important Administrator accounts such as SYSTEM, CREATOR OWNER and Administrators which are required for Server backups etc. 2015.v2.0 P a g e 4
Now that you have removed inherited permissions, click OK to close the Change Permissions screen. Click OK again to close the Advanced Security Settings screen. 2015.v2.0 P a g e 5
Adding or Removing Users Adding New Users or Groups To add new Users or Groups click on Edit at the Properties screen. Then click on Add on the Security screen. 2015.v2.0 P a g e 6
Type in the IN number of the user you are adding, and then click on Check Names to find the user. If you are searching for a group, type the first few letters such as its in the example above and then click on Check Names, this Multiple Names Found box will appear. Select the Group you wish to add then click on OK. NB. We recommend using groups where possible, as an easier way of setting permissions on folders for large groups of users, as Adding and Removing members from a group is easier than updating all folders when a user joins or leaves the group. Eg. ITS SMT group for the Senior Management Team. If the group does not appear in the search list, then you may need a new group creating, please call the Service Desk on x2000 for advice, as it is not always practical to create a group for only 2 members of staff. You can still add specific users to a folder if that s all you need to do. 2015.v2.0 P a g e 7
Click on OK again to return to the Properties screen. If finished, click OK to save these changes, or click Apply if you need to now remove users. 2015.v2.0 P a g e 8
Removing Users/Groups Use the Remove button to remove any users or groups you don t want accessing this folder. NB. Again, make sure that CREATOR OWNER, SYSTEM and Administrators accounts are left untouched. Once removed click OK to save the changes for that folder. *** IMPORTANT *** It is recommended that the Deny options are NEVER used. This can cause complications and confusion with permission settings, which can cause unforeseen errors if not properly controlled. 2015.v2.0 P a g e 9
Default Permissions The Default Permissions applied when adding new users or groups to a folder will be Read & Execute access which includes the List folder contents and Read options to be ticked. This is ideally used if you only want members of that group, team or department to read documents within this folder, useful for departmental policy procedures such as sickness reporting. 2015.v2.0 P a g e 10
Changing Permissions If you want people within the group to be able to make changes within the folder, such as create new folders, documents or edit existing ones, then put a tick against the Modify permission (this will also select the Write permission). Again it is recommended that the Deny option is NEVER used, as this can cause complications and confusion with permission settings and can cause unforeseen errors if not properly controlled. Notes: We also recommended that you document and plan which users or groups require access to certain folders and the relevant permissions they need such as Read & Execute or Modify. This will make it easier to manage and keep track which staff have access to which folders. Only Administrators of the shared drive and folders need Full Control access, in order to change and set permissions on the folders. (We recommend at least 2 for each department). Potential Data Loss There is no auto recovery of items deleted by accident; however will perform best endeavours to retrieve business critical files and directories. If you find yourself locked out your shared drive folders as you may have removed your own access unintentionally, then please log a call with the Service Desk on x2000. 2015.v2.0 P a g e 11