Share administrators will be asked to add members of their department that require access to their folder to either a “Read” group or “RW” group. Members added to the folder’s “Read” group will have permission to read files and subfolders from the parent folder. Members added to the “RW” group, or read-write group, will have the ability to read and edit files and subfolders from the parent folder. The process of adding Active Directory (AD) accounts to and removing Active Directory accounts from fileshares will be conducted by each folder’s designated Share Administrator. The ITS Service Desk will also have the ability to make these changes.
Each folder will have three groups added to it by default. As an example, for the fileshare listed as isi_storageadmins, the following groups will be created and added to that folder with the related permissions and security:
Each group has permission to the share corresponding to how they are named. A designated Active Directory account will be added to isi_storageadmins-Share-Admin group. The Share Admin has access to modify the isi_storageadmins-Share-RW and isi_storageadmins-Share-Read groups. In order to add someone to the group, use the command (from a cmd.exe window) from a Windows-based computer.
A few additional groups on the security of the isi_storageadmins share will be added by Information Technology Services to provide backup (CelBkup), provide assistance (CelAdmin), and for compliance reasons (ITSecurity). Please DO NOT delete these groups from your fileshare.
Accessing the Windows Command (cmd.exe) window
1) Click on Start button at your computer desktop.
2) Locate “Command Prompt” under the Accessories menu.
3) This will initiate the following Command Window:
Adding Active Directory (AD) account names to an Active Directory group
Using isi_storageadmins fileshare as an example, to add the Active Directory account r.pierce to the RW group, type the following: net group /domain isi_storageadmins-Share-RW /add r.pierce <ENTER>
A successful addition should display the following:
Listing Active Directory account names to an Active Directory group
Using isi_storageadmins fileshare as an example, you can view the members of the RW group by typing the following: net group /domain isi_storageadmins-Share-RW <ENTER>
The output should look similar to this:
Removing Active Directory account names from an Active Directory group
Using isi_storageadmins fileshare as an example, to delete the Active Directory account r.pierce from the RW group, type the following: net group /domain isi_storageadmins-Share-RW /delete r.pierce <ENTER>
A successful deletion should display the following: