power user depreciated , how to give non administrator user share folder permission in windows 10

samuel emi 1 Reputation point
2022-03-16T10:16:55.46+00:00

Hi

as you know in windows 10 and 11 Power Users is deprecated. In my company we have 9000 Microsoft Clients with are joined to active directory.In advance I added some domain users to power user groups in windows 7 who just wants to share folder permission without give them administrator right . However in windows 10 I am not able to give a user just share folder permission on their computer and i must add them to administrator groups in order to make share folder by domain users and is not practical solution for large company and some user with higher privilege might install application and make administration difficult.is there any way or solution to give just share folder permission to non administrator user on windows 10 or without add them to administrators group .

thanks in advance

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,776 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,411 Reputation points
    2022-03-22T17:34:45.817+00:00

    Hi @samuel emi

    You can set folder permissions per AD user group. All you need to do is create a security group within AD that has permissions to the folders in question and then add the required users to that AD group.

    --------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

  2. MotoX80 32,086 Reputation points
    2022-03-22T19:48:55.23+00:00

    For what it's worth.... At the large company that I used to work for, we did not permit end users to create data shares on workstations (desktops/laptops). There were several reasons.

    The first was education. We didn't want to have to teach accountants, engineers, and other non-IT employees the nuances of share permissions versus folder permissions, how groups should be used and how NTFS inheritance works. We had enough problems controlling LAN admins who would just grant "everyone full control" on a share and suddenly we had an exposure to ransomware encrypting the data on servers.

    The second was that we did not back up workstations. Users home folders were on servers, and they were instructed to put critical documents there. If a workstation crashed or got corrupted, we just rebuilt it, or gave them a new one. In addition to home folders, we had departmental shares on the servers. All servers were backed up and we did periodic disaster recovery tests.

    To manage share/folder permissions on the servers I built an ASP based web site that allowed LAN admins to create new department shares, and also manage permissions. The web site (IIS worker process) had Administrator rights on the servers. The end users, and desktop support users did not have admin rights. This was done back in the NT 4.0 days and enhanced over the years. Eventually the security portion was replaced by a more robust commercial product using AD groups and had a request/approval function.

    For the occasional user file transfer, we created a share on each server named PublicTemp. It was open to all users. If UserA had an Access DB that he needed to share with UserB, they could put it in PublicTemp. However, our policy was that PublicTemp was not backed up, and that we would purge files older than say 60 days. We made it clear to users to not put anything critical on that share.

    Sorry for the long reply, but to answer your question: don't do it. Even if you find a Power Users replacement solution, don't allow end users to create their own shares. That is a ransomware attack just waiting to happen.

    0 comments No comments