Another advantage of having a client-server model is centralizing storage. Instead of having data dispersed among multiple hard drives on different client machines, we can store the all mission critical data on a central hard drive on the server. Using Active Directory, we can assign permission to different global groups to access files belonging to the group. In this way, privacy of data is also preserved.
Using file manager on the Windows 2012 server, on the local disk, navigate to drive C. Create a folder name DATA. Under the DATA folder, create three more folders named HR, Sales, and EGR. In each folder create a blank text document with the same name as the folder, i.e. Hr.txt, Sales.txt, and Egr.txt
For assigning permissions, the best practice is to give full control permission to the top folder (DATA folder). Each subfolder (EGR/HR/Sales) should have NTFS full control for the corresponding global group. All rights for other groups should be removed.
Right Click the EGR subfolder and select properties.
Select the security tab. Click Users and select Advanced. In the Settings, click Disable inheritance. In the Block Inheritance Window, select Convert inherited permissions into explicit permissions on this object.
Remove the default built in user group Users with Read & execute access. Select Apply and OK.
Now we need to add Full Control NTFS permission to global group EGR only. Click Edit…, Select Add…, type Egr Global Group and Check Names, click OK.
Now, select Allow Full control check box, click Apply and OK.
Finally, from the client machine, log in as another user, i.e. Sales3. From the Run command type \\server5\DATA.
The result should be that we cannot access the EGR subfolder as user Sales3.
To Become Microsoft Certified please Check out This Link;
Also published on Medium.