Hello, this is more a "how do you deal with...." question than a technical question itself.
We have a FileServer in our company and want to delegate the administration of the permissions in it to an internal team here in the company.
The thing is that we do not want to assign the domain admin group to those users and we are figuring out what would be the best way to deal with this situation? At first we are thinking in creating an special AD Group like "FileServer_Administration" and give NTFS permissions in the shared resources for them to add/remove permissions in the different folders and subfolders. The only annoying thing would be entering in the different folders and subfolders in all the shared resources of the FileServer to add the new group in the Security tab (NTFS Perms) because as any file server there are lots of inheritance breakdown, the child folders frequently has its own perms different that the parent folders
If this would be the best option what NTFS "Special Permissions" should be granted?
Is there a best practice for this scenario? I believe it would be a very common scenario in most medium-size/big companies
Thks!!