In this lecture, I am going to be showing you how to create a network share or a project drive for different user groups and how you can map them for those user groups automatically.

We are also going to be restricting access between the different user groups so that group A cannot access the shared drive of group B and vice versa.

We are starting this lecture creating the user groups and then we are going to add users to the groups.

Open Server Manager > Tools > Active Directory Users and Computers.

Select the Domain Groups OU, right-click and choose New > Group

For demonstration purposes, we will call our group Group A, but in your organization might be called Sales, IT, Security, etc. It will be a Security Group and Global Group. Click OK.

Follow the same steps to create a second group and this time named it Group B.

Now we need to add users to these groups.

I am going to add paull.hill to Group A. Double click on Group A to open the properties.

Under the Members tab click on Add button and search for paul.hill and click on Check Names button and OK to add the user.

Now click on the Apply  and OK button to close the Group properties window.

Since we just have one user, we will create another user account. Right-click Domain Users and select New > User.

We will name it Robert Hill and click Next.

We uncheck User must change the password at the next logon and enter a password. Click Next to continue.

Repeat the steps like with Paul’s user account and add robert.hill to the group Group B.

Now, we need to create a shared folder for each of these user groups.

Open Server Manager and click File and Storage Services.

Click Shares, and just like we have done before we right-click and select New Share.

Select SMB Share - Quick from the New Share Wizard window and click Next.

Select E:\ drive and click Next.

We Specify a Share Name of Group A and click on Next.

We can leave all the defaults for the next screen and click on the Next button.

We click on Customize permissions...

First, we need to click on Disable inheritance.

From the pop up window we choose Convert inherited permissions into explicit permissions on this object. Basically, we are setting the same permissions, but we are now able to modify them.

We remove the Users group from the list and we click Add.

Click on Select a principal link.

Type Group A and click on the Check Names to resolve the name and click OK.

We are leaving all the options as default but we are adding Write permissions by clicking on the checkbox.

Now we click on Apply and OK.

Click Next to continue the wizard.

Click on Create and create the folder.

Now we click Close to close the wizard.

Now, we need to repeat the steps for Group B.

We should have the two shares created.

We need to test that the File Shares are working.

The way we are going to do that is by login to a Domain Joined workstation or a server like in our case as the users.

Once we login as Paul Hill user account, which is a member of Group A, we are going to make sure we can access the Group A folder and create files and folders on that directory.

Now open File Explorer and type \\IPDC01 in the address bar.

If we double click on Group B network shared folder for example, we see we don’t have permissions to access the folder.