This project demonstrates how I implemented secure file sharing and access control using the AGDLP (Accounts → Global → Domain Local → Permissions) model across multiple industry-based scenarios - Engineering, Finance, Healthcare and Tech.
The goal is to enforce the principle of least privilege, reduce administrative overhead, and align permissions with organisational roles.
Active Directory (AD): This is a directory service developed by microsoft, that allows centralised control over users, groups, and shared resources.
File sharing in AD environments ensures that users only have access to what they need, based on their roles.
The AGDLP model structures access are:
Using AGDLP makes access scalable i.e when a new staff joins, you only need to add them to the appropriate global group.
ABE functions to hide folder(s) users don’t have access to. It’s a windows server feature that hides files and folders from users who don’t have NTFS permissions to access them.
It’s controlled by effective NTFS permissions (to decide what’s hidden or visible), not Share permission and only works at the share level, not per folder.
However, users will still see folders if they have “List folder contents” or “Read” permissions on the parent.
Also, ABE doesn’t override NTFS and Share permissions, it only reacts to them, by hiding the folders at the root of share.
Effective permission is the most restrictive permission when Share and NTFS permissions are used. The table below sheds more information about this concept.