You need to ensure that all users in the Marketing department can add files to and modify files in the shared Brochures folder. Only Managers in the Marketing department should be able to delete files from the Brochures folder. Managers should also be able to change permissions on the folder if necessary. Only members of the Marketing department should have permission to access files in the Brochures folder.
How should you configure file system permissions?
1. Create a group named Marketing and add all user accounts in the marketing department to that group. Grant the group Modify permission to the Brochures folder. Create a group named MktgManagers and add all managers in the marketing department to that group. Grant the group Full Control permission to the Brochures folder. Remove the Everyone group from the permissions list.
2. >>Create a group named Marketing and add all user accounts in the marketing department to that group. Grant the group Modify permission to the Brochures folder. Create a group named MktgManagers and add all managers in the marketing department to that group. Grant the group Full Control permission to the Brochures folder. Deny Everyone the group Full Control permission to the Brochures folder.
3. Grant the user account for each member of the Marketing department the Modify permission. Grant the user account for each member of the Marketing department who is a manager the Delete permission.
4. Add the users in the marketing department to the Power Users group. Add the managers in the marketing department to the Administrators group. Remove the Everyone group from the permissions list.
Explanation : The best way to manage permissions is by creating groups, granting permissions to those groups, and then adding user accounts to the groups as required. In this case, the members of the Marketing department who are not managers require a different set of permissions than those who are managers. Therefore, you should create two groups: Marketing and MktgManagers. You can then grant the Marketing group Modify permission to the Brochures folder, which will allow users to add, read, and modify files in the folder. You can grant the MktgManagers group Full Control, which allows the MktgManagers to be able to delete files and subfolders and to change permissions on the folder. If you do not want MktgManagers to be able to change permissions, you could assign them the Delete Subfolders and Files permission discretely. Because managers belong to both groups, they would have the accumulated permissions: Modify and Delete Subfolders and Files. Finally, because the default permissions grant the Everyone group the Full Control permission, you will need to remove the Everyone group from the permissions list.
You should avoid assigning permissions to individual user accounts. Doing so will make the permissions list more difficult to maintain. Consider the situation where a file server has several shares used by members of the Marketing department. If you use groups to assign permissions, when a new user joins the Marketing department, you only need to add that user to the Marketing group instead of assigning permissions to individual folders.
You should not deny the Everyone group Full Control to the Brochures folder. All users who have been authenticated belong to the Everyone group. Because Deny takes precedence over Allow, by denying the Everyone group Full Control, you prevent all users from accessing the folder.
You should not add the users in the Marketing department to the Power Users group. Doing so will not grant them any permissions on the folder. You should not add the managers to the Administrators group. Doing so will give them unnecessary permissions on the file server. You should never grant more permissions than necessary.
