Scan to Folder

Creating appropriate users/permissions to allow a device to write to a network share, most commonly for copier scanning functions.

  1. Open Active Directory Users and Computers and under your domain create a new Organizational Unit called “Service Accounts”
  2. In the new OU create a new User for your device. For this example we'll use “Copier”.
  3. Under Users create a new Group called “Access to Scans Folder (M)” and add the members/groups you want to have access. Using a name that describes the purpose and permissions makes life easier for everyone.
  4. Make sure to use a password that is long/complex and set it to not expire.
  5. Create a “Scans” folder on the target computer.
  6. Right-click on the folder > Properties > Sharing tab > Advanced Sharing > check Share this folder > click Permissions and for the Everyone user check Allow next to Full Control. OK > OK
  7. Switch to the Security tab > Advanced > Change Permissions
  8. Windows 7: Uncheck “Include inheritable permissions from the object's parent” and click Add
  9. Windows 8/10: Click “Disable Inheritance” and then “Convert inherited permissions into explicit permissions on this object”
  10. Remove any entries that reference “Users” but leave System and Administrators in place or backups may fail.
  11. Add > Select a principal > Type or find your device account (Copier) > OK
  12. Check to allow Full control then uncheck “Change permissions” and “Take ownership”. (Windows 8/10: click “Show advanced permissions” to see them) > OK
  13. Add > Select a principal > Type or find your security group (Access to Scans Folder (M)) > OK
  14. Check to allow Full control then uncheck “Change permissions” and “Take ownership”. (Windows 8/10: click “Show advanced permissions” to see them) > OK
  15. Check “Replace all child object permission entries with inheritable permission entries from this object” > OK > OK. Done!

If you have problems, make sure the network location type is Home/Work/Private not Public and File & Printer Sharing is turned on. If you need to change a Windows 8/10 network to Private you can use this PowerShell command, just replace “Ethernet” with the name of your network adapter:

Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Private