This project has moved. For the latest updates, please go here.

Setup All Users Temp Folder Manual Install SQL Install Next

Setup Folder Permissions

FineBuild can set permissions for the folders it has created, so that access is limited to only those accounts that need to use them.

Folder permissions can be applied by FineBuild, or enforced via a File and Folder GPO.

The configuration shown on this page relate to a Main Instance Server Build. A subset of these folders will have been created for other types of build.

FineBuild Folder Permissions Processing

Processing of Folder Permissions relates to Process Id 1G in the FineBuild1Preparation script, and is always performed.

FineBuild uses the following parameters to help setup the folder permissions:
Parameter Description
/GroupDBA: Windows group for DBAs that should have SQL Server sysadmin access
/GroupDBANonSA Windows group for DBAs that does not use sysadmin access

Top

Manual Setup Folder Permissions Processing

The following steps show what you would have to do to setup Folder Permissions manually. FineBuild does all of this work for you automatically.

The permissions shown below should be set:

Folder Permission User / Group
E:\DBAFiles Full Control DBA Sysadmin Group
DBA Non-Admin Group
(local) Administrators
Read (local) Users
E:\Program Files Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
F:\SQLFiles Full Control DBA Sysadmin Group
(local) Administrators
Read DBA Non-Admin Group
(local) Users
I:\SQLFiles Full Control DBA Sysadmin Group
(local) Administrators
Read DBA Non-Admin Group
(local) Users
J:\SQLFiles Full Control DBA Sysadmin Group
(local) Administrators
Read DBA Non-Admin Group
(local) Users
K:\SQLFiles Full Control DBA Sysadmin Group
(local) Administrators
Read DBA Non-Admin Group
(local) Users
T:\SQLFiles Full Control DBA Sysadmin Group
(local) Administrators
Read DBA Non-Admin Group
(local) Users
F:\SQLFiles\MSSQL.MSSQLSERVER.FTData Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
I:\SQLFiles\MSSQL.MSSQLSERVER.Backup Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
J:\SQLFiles\MSSQL.MSSQLSERVER.Log Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
K:\SQLFiles\MSSQL.MSSQLSERVER.Data Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
K:\SQLFiles\MSSQL.MSSQLSERVER.Log Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
T:\SQLFiles\MSSQL.MSSQLSERVER.Data Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
I:\SQLFiles\MSAS.MSSQLSERVER.Backup Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
J:\SQLFiles\MSAS.MSSQLSERVER.Log Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
K:\SQLFiles\MSAS.MSSQLSERVER.Data Full Control DBA Sysadmin Group
SQL Service Accounts
(local) Administrators
Read DBA Non-Admin Group
(local) Users
T:\Temp Full Control SYSTEM
NETWORK SERVICE
DBA Sysadmin Group
DBA Non-Admin Group
SQL Service Accounts
(local) Administrators
Modify (local) Users

Copyright © 2014 Edward Vassie. License and Acknowledgements
Previous Setup All Users Temp Folder Top SQL Install Next

Last edited Oct 8, 2014 at 10:12 AM by EdVassie, version 1