The best practice is to control access to VUspace folders and files by creating groups.  Assigning individual users permissions to files and folders can quickly grow into an administrative burden and potentially create security problems.

To create groups with specific permissions, follow these steps:

1) If you do not already have one for your department, get an OU (https://sitemason.vanderbilt.edu/form/be2OkM) and join departmental computers to the domain (http://its.vanderbilt.edu/adsinfo/addacomputer.php).

2) Log on to the AD as an OU administrator

3) Open the Active Directory Users & Computers MMC from the Windows 2003 Admin Support Tools.(http://www.microsoft.com/downloads/details.aspx?FamilyID=e487f885-f0c7-436a-a392-25793a25bad7&DisplayLang=en)

4) Browse to your OU.

5) Right-click the OU in which you want to create a new global group, select "New" > "Group," and enter a descriptive name for the group. Click "Next."

6) Double-click or right-click the group and select "Properties".

7) Enter a description for the group in the "Description" field and click "OK."

 8) Click the "Members" tab and then the "Add" button.

 9) Add users by entering their VUnetIDs in the "Enter the object names to select" field and clicking "OK." If you’re adding multiple users, separate the names with either a semi-colon or a carriage return (as shown in the two screencaps below).

Note: Different groups may have different levels of access for the same folder. If any VUnetID is a member of two or more groups, that VUnetID will have cumulative access permissions of all the groups it is a member of unless the NO ACCESS permission is assigned to one of the groups. In that case, no access is allowed to the folder. 

Here’s an example: VUnetID1 is a member of two groups: VUspace-Group1 and VUspace-Group2. VUspace-Group1 has "Read" and "List Contents" permissions to a folder. VUspace-Group2 has "Modify" and "Write" permissions to the same folder. VUnetID1 therefore has "List Contents," "Read," "Write" and "Modify" permissions to that folder.

10) Click the "Start" button, select "Run," and navigate to the appropriate VUspace folder using an administrative account for that folder (an account on which you can set permissions).

11) Now you will associate the new group with the VUspace folder(s) which group members will have access to. Right-click the appropriate folder and select "Properties."

12) The "common Properties" dialog displays. Click the "Security" tab and then the "Add" button.

13) The "Select Users, Computers, or Groups" dialog displays. Enter the name of the group for which you are setting permissions and click "OK."

 14) Set the appropriate permission level for the group by clicking to select checkboxes in the Allow column.

Note: To access additional permission settings, click  "Advanced."

15) Have a member of the new group access VUspace and test the new permission setting(s).