• Microsoft Azure (Virtual Machine,Domain Controller, Client one machine)
• Remote Desktop
• Active Directory Domain Services
• Shared Network Files

• Windows 10 (21H2)

Login to DC-1 as your domain admin account, in my case it is mydomain.com\kanza_admin) and create some file shares with various permissions.

login to Client-1 as a normal user (mydomain<someuser>)

On DC-1, go the c:\ drive and create four folders “read-access”, “write-access”, “no-access”, “accounting”

4. Set the following permissions, share the folder for the “Domain Users” group.

Folder: “read-access”, Group: “Domain Users”, Permission: “Read” and to do that right click>properties>sharing>share>type domain users and share.

Folder: “write-access”, Group: “Domain Users”, Permissions: “Read/Write”

Folder: “no-access”, Group: “Domain Admins”, “Permissions: “Read/Write”

Skip the accounting folder for now.

Now attempt to access file shares as the normal users.

On Client-1, navigate to the shared folder On to file explorer (start, run, \\dc-1)

Try to access the folder that you created, which folder that you can access? which folder you can create some stuff in?

Go to the DC-1, in Active Directory>right click mydomain.com>new>OU>_SECURITY_GROUPS and refresh mydomian.com.

Inside "Security Groups" create new group called “ACCOUNTANTS”.

Go to file explorer On the “accounting” folder you created earlier, set the following permissions: “Read/Write”

“accounting” Right click>properties>sharing>share>ACCOUNTANTS>CLICK add>read and write>share>done>close.

On client-1, try to access the Accounting folder. It will fail, then logout from client-1.

On DC-1 make the user the member of the Accountant Security group.

Login back as that user in Client-1 and try to access the Accounting share file in \DC-1.