Scan to Folder
Creating appropriate users/permissions to allow a device to write to a network share, most commonly for copier scanning functions.
- Open Active Directory Users and Computers and under your domain create a new Organizational Unit called "Service Accounts"
- In the new OU create a new User for your device. For this example we'll use "Copier".
- Under Users create a new Group called "Access to Scans Folder (M)" and add the members/groups you want to have access. Using a name that describes the purpose and permissions makes life easier for everyone.
- Make sure to use a password that is long/complex and set it to not expire.
- Create a "Scans" folder on the target computer.
- Right-click on the folder > Properties > Sharing tab > Advanced Sharing > check Share this folder > click Permissions and for the Everyone user check Allow next to Full Control. OK > OK
- Switch to the Security tab > Advanced > Change Permissions
- Windows 7: Uncheck "Include inheritable permissions from the object's parent" and click Add
- Windows 8/10: Click "Disable Inheritance" and then "Convert inherited permissions into explicit permissions on this object"
- Remove any entries that reference "Users" but leave System and Administrators in place or backups may fail.
- Add > Select a principal > Type or find your device account (Copier) > OK
- Check to allow Full control then uncheck "Change permissions" and "Take ownership". (Windows 8/10: click "Show advanced permissions" to see them) > OK
- Add > Select a principal > Type or find your security group (Access to Scans Folder (M)) > OK
- Check to allow Full control then uncheck "Change permissions" and "Take ownership". (Windows 8/10: click "Show advanced permissions" to see them) > OK
- Check "Replace all child object permission entries with inheritable permission entries from this object" > OK > OK. Done!
If you have problems, make sure the network location type is Home/Work/Private not Public and File & Printer Sharing is turned on. If you need to change a Windows 8/10 network to Private you can use this PowerShell command, just replace "Ethernet" with the name of your network adapter:
Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Private