- Microsoft Azure (Virtual Machine,Domain Controller, Client one machine)
- Remote Desktop
- Active Directory Domain Services
- Shared Network Files
- Windows 10 (21H2)
Login to DC-1 as your domain admin account, in my case it is mydomain.com\kanza_admin) and create some file shares with various permissions.
login to Client-1 as a normal user (mydomain<someuser>)
On DC-1, go the c:\ drive and create four folders “read-access”, “write-access”, “no-access”, “accounting”
4. Set the following permissions, share the folder for the “Domain Users” group.
Folder: “read-access”, Group: “Domain Users”, Permission: “Read” and to do that right click>properties>sharing>share>type domain users and share.
Folder: “write-access”, Group: “Domain Users”, Permissions: “Read/Write”
Folder: “no-access”, Group: “Domain Admins”, “Permissions: “Read/Write”
Skip the accounting folder for now.
Now attempt to access file shares as the normal users.
On Client-1, navigate to the shared folder On to file explorer (start, run, \\dc-1)
Try to access the folder that you created, which folder that you can access? which folder you can create some stuff in?
Go to the DC-1, in Active Directory>right click mydomain.com>new>OU>_SECURITY_GROUPS and refresh mydomian.com.
Inside "Security Groups" create new group called “ACCOUNTANTS”.
Go to file explorer On the “accounting” folder you created earlier, set the following permissions: “Read/Write”
“accounting” Right click>properties>sharing>share>ACCOUNTANTS>CLICK add>read and write>share>done>close.
On client-1, try to access the Accounting folder. It will fail, then logout from client-1.
On DC-1 make the user the member of the Accountant Security group.
Login back as that user in Client-1 and try to access the Accounting share file in \DC-1.