- Microsoft Azure (Virtual Machine, Domain Controller, Client Machine)
- Remote Desktop
- Active Directory Domain Services
- Shared Network Files
- Windows 10 (21H2)
- Windows Server 2022
Log into DC-1 as your domain admins account. In my case, it's mydomain.com\jane_admin.
Log into Client-1 as a normal user.
Go back to DC-1, go to the C:\ drive, and create four folders "read-access", "write-access", "no-access", and "accounting".
Right-click the folder, click properties, and hit the sharing tab. Then set the following permissions for each folder.
"read-access": group: "domain users", permission: "read"
"write-access": group: "domain users", permission: "read/write"
"no-access": group: "domain admins", permission: "read/write"
Skip the accounting folder for now.
Go to Client-1, then file explorer and search "\\dc-1" which will lead you to the shared folders. As a standard user you not be allowed to open the "no-access", you can open the "read-access" folder but cannot make a text document. You will be able to read and write in the "write-access" folder.
Go to DC-1, Active Directory Users and Groups, right-click mydomain.com, new, organizational unit, and make the name _SECURITY_GROUPS.
Within the _SECURITY_GROUPS, add a new group called "ACCOUNTING"
Add your standard user as a member of the accounting group and then set the permissions to read/write.
Go to your "accounting" folder and give permissions to everybody in the accounting group. If you reload your Client-1 machine. Go into the shared folders (\\dc-1) and open the accounting folder you should be able to read/write in the folder. Hope you enjoy this project!