Configuring NTFS Permissions Create a file server permissions policy that clearly defines your permissions management process. Use Active Directory groups everywhere. Don't assign NTFS permissions to individuals, even if you have to create hundreds of groups. It's far easier to manage 200 groups than 2,000 one-off permissions. Configure NTFS permissions for the assets, assign roles to those permissions, and assign people to roles. For example, suppose you have a share named HR on fileserver1 . Do the following: For this share, create the following domain local groups in your AD with the permissions shown: fileserver1_HR_read (Read-only) fileserver1_HR_modify (Read and Modify) fileserver1_HR_fullcontrol (Full Control) Use these groups to set NTFS permissions to the appropriate user rights. Create a global group in AD named HR for your HR people. Add this global group to the domain local group fileserver1_HR_read , and...