ZDriveTemp

Zdrivetemp has been created to allow a folder structure to be used to restrict access to areas based off group and branch. For example, the IT Team have access to an IT folder under business services but can't access any other group folder or any other branch under Business_services.

Firstly, a drive was created on the windows file server pbr-fs-b1 and the share was made to match the following permissions and inheritance disabled:

Once set the server share needed to be set so access-based enumeration is disabled. This will allow for traverse permission to be assigned to the server share:

Once the drive was created a DFS path was created in DFS management pointing to the share on pbr-fs-b1:

Go to AD and create a security group for traverse access to the zdrivetemp:

Once the DFS path has been created and the AD security group created for Traverse access, go to the Zdrivetemp and make sure the below groups are set. For traverse NTFS permissions these AD groups will always be set to apply to "This folder only" and have the same 4 permissions selected (see second and third image below).

Create other folders under the zdrive temp as show below:

For all folders apart from 4.Board, 5.CEO and Data_to_be_Copied, there will need to have 2 AD groups assigned in the NTFS permissions. One Traverse group (allows group members to view folders) and one Modify group. Create these groups as presented below in AD:

AD groups for ZdriveTemp access

All the groups below are used to permissions user to the Z drive