There are lots of video tutorials out there that show the basic details of setting up a very simple windows active directory domain system, that provides a very simple admin and standard user structure that allows users to login and maybe receive home drives. This tutorial from ProTechTutorials shows how NTFS permissions should be configured, how share permissions should be configured, it shows how policies should be applied to users and how to manage active directory efficiently via the use of Organisational Units (OUs).
NTFS permissions is the users’ ability to see files on the local server itself, so on the storage medium connected to the server, be it a hard drive, RAID, or SSD storage. This video tutorial explains how to set this up effectively so that admins can see everything, and standard users can only see their home drives, and shared drives that administrator users have decided to share to them. Standard users should only be able to see their own home drive too, not the home drive of other standard users. This video shows how to configure the NTFS security permissions effectively so that this can be achieved.
Share Permissions is the users’ ability to see files on their client, whether it is a laptop, desktop, or even Apple MacOS powered, these permissions are what the user will receive at the client. They are very similar to NTFS permissions, but some need to be configured slightly differently so that users can see their home drives for example, this is clearly detailed in the video below.
GPOs (Group Policy Objects):
GPOs are policies set on the server that allow standard users and administrators to see/do certain things, or to limit changes to the operating system, useful for a school or office environment. Some of them include setting a universal desktop wallpaper that all computers use, that cannot be changed by a standard user, which is very useful for offices where they want to keep the look of the computers uniform and corporate-like. The basic ones are covered in the video tutorial.
OUs are basically folders inside active directory that allow management and a professional layout of all the users and computers on your network, so you don’t lose track, useful for school and office use where you may have over 100 PCs and 1000s of users. These link to GPOs so you can link specific GPOs to specific people, for example having a different wallpaper for admins and standard users, and this is also how the admin and student home drives go to different places, watch to find out more.