This is how file-level security works

Control access rights with group policies

File system security

The security of the file system is handled by the folder File system processed in parallel with the restricted groups. The folder is empty by default. However, some of the security templates contain specifications such as the file setup security.infwith which the security settings can be restored at the time of installation (Illus. 2). As a rule, however, one will not proceed in such a differentiated manner. The template defines permissions for individual files, but in practice you will work more at the folder level.

When configuring such authorizations, Add file First a file has to be selected from the local file system. This is also where the greatest challenge lies: All systems for which authorizations are set in the file system must have the same drive and directory structures. This can be very complicated if you try to cover all systems with only one group policy. However, if you work with a large number of group policies, as described in the previous article, this is usually not a problem, since you will always find comparable directory structures, for example on servers with the same area of ‚Äč‚Äčapplication or on clients.

After defining the authorizations for which the standard dialog is displayed, the most important dialog appears (Illus. 3). This specifies how the authorizations are implemented, whether inheritance is used or whether the authorizations in subfolders and files are overwritten. You can also specify that security settings must not be changed.

What at first looks like considerable effort is relatively easy to implement in practice. Apart from the configuration of security settings for the most important system folders, for which one can orientate oneself to the predefined security guidelines, one only has to modify the few local application and data folders. In most cases, you can set permissions at the highest level and work with inheritance from this point on.

Special folders like Own files are usually unproblematic because sensible and strict access authorizations are already configured in the system and therefore no adjustments at all have to be made.