- 공유
- 폴더를 다른 사용자에게 공유하여 사용권한을 할당 할 수 있다.
- 보안
- 로컬 정책이라고 생각하면 된다. 이용자별로 권한을 설정하여 접근이나 제어를 컨트롤 할 수 있다.
- 만약 AAA라는 폴더에 user 라는 계정을 공유는 권한을 주고 보안으로 접근하지 못하게 하였을 경우에는 접근이 불가능하다.
- Departments
- Sales
- Master
- Teams
- IT
- Master
- Teams
- Market
- Master
- Teams
- 위와 같이 그룹을 설정하여 각 계정을 만들고, 각 부서를 그룹으로 관리
DSrm "OU=Departments,dc=network8,dc=msft" -noprompt -subtree
DSadd OU "OU=Departments,dc=network8,dc=msft"
DSadd OU "OU=Sales,OU=Departments,dc=network8,dc=msft"
DSadd OU "OU=IT,OU=Departments,dc=network8,dc=msft"
DSadd OU "OU=Market,OU=Departments,dc=network8,dc=msft"
DSadd User "CN=SalesMaster,OU=Sales,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=SalesTeam1,OU=Sales,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=SalesTeam2,OU=Sales,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=ITMaster,OU=IT,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=ITTeam1,OU=IT,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=ITTeam2,OU=IT,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=MarketMaster,OU=Market,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=MarketTeam1,OU=Market,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd User "CN=MarketTeam2,OU=Market,OU=Departments,dc=network8,dc=msft" -pwd P@ssw0rd1 -mustchpwd yes
DSadd group "CN=S_Users,OU=Sales,OU=Departments,dc=network8,dc=msft" -secgrp yes -scope G
DSadd group "CN=I_Users,OU=IT,OU=Departments,dc=network8,dc=msft" -secgrp yes -scope G
DSadd group "CN=M_Users,OU=Market,OU=Departments,dc=network8,dc=msft" -secgrp yes -scope G
dsmod group "CN=S_Users,OU=Sales,OU=Departments,dc=network8,dc=msft" -addmbr "CN=SalesTeam1,OU=Sales,OU=Departments,dc=network8,dc=msft" "CN=SalesTeam2,OU=Sales,OU=Departments,dc=network8,dc=msft" "CN=SalesMaster,OU=Sales,OU=Departments,dc=network8,dc=msft"
dsmod group "CN=I_Users,OU=IT,OU=Departments,dc=network8,dc=msft" -addmbr "CN=ITTeam1,OU=IT,OU=Departments,dc=network8,dc=msft" "CN=ITTeam2,OU=IT,OU=Departments,dc=network8,dc=msft" "CN=ITMaster,OU=IT,OU=Departments,dc=network8,dc=msft"
dsmod group "CN=M_Users,OU=Market,OU=Departments,dc=network8,dc=msft" -addmbr "CN=MarketTeam1,OU=Market,OU=Departments,dc=network8,dc=msft" "CN=MarketTeam2,OU=Market,OU=Departments,dc=network8,dc=msft" "CN=MarketMaster,OU=Market,OU=Departments,dc=network8,dc=msft"
- c:\
- fs
- sales
- master
- teams
- it
- master
- teams
- market
- master
- teams
위와 같이 폴더를 생성하고 이에 대한 권한 관리
Master 폴더는 master만 볼수 있음
mkdir c:\fs
mkdir c:\fs\Sales
mkdir c:\fs\IT
mkdir c:\fs\Market
mkdir c:\fs\Sales\Master
mkdir c:\fs\IT\Master
mkdir c:\fs\Market\Master
mkdir c:\fs\Sales\Teams
mkdir c:\fs\IT\Teams
mkdir c:\fs\Market\Teams
cacls c:\fs /T /G network8\administrator:f
cacls c:\fs\Sales\Master /T /E /G network8\SalesMaster:f
cacls c:\fs\Sales\Teams /T /E /G network8\S_Users:f
cacls c:\fs\IT\Master /T /E /G network8\ITMaster:f
cacls c:\fs\IT\Teams /T /E /G network8\I_Users:f
cacls c:\fs\Market\Master /T /E /G network8\MarketMaster:f
cacls c:\fs\Market\Teams /T /E /G network8\M_Users:f
