User\Department Storage

Looking for best practices.!!!

I have been tasked to redesign our Department and User home shares.  Here is our current setup:

Server
 |
 |____ Users Volume (each user folder is secure to the individual user)
 |          |_ User1
 |          |_ User2 ...
 |
 |____ Department Volume
            |_ Department1 (each folder under department inherits permissions allowing all dept. users access)
            |_ Department2 ...

We map drive (U:) to each individual home folder and map (T:) to the department they belong.  Pretty straight forward.  

The users volume has not been an issue since we have applied quotas on that volume which restrict the users home directories to 500MB.  Where I have to really re-think is the department shares.  Here is my problem:

If I have a department called DEPT1 with 200 users, each user will get the mapping of T:.  Within that mapping all users have modify rights which allows pretty much everything (-permission change).  We have users creating folders all over the place and are saving, let's say "non-business" related files.  They do this because they have quotas on their user folders and they also need to share files with others.  Now, granted, we have created some folders for them and restricted it to a specific groups so others within the department can't access.  So all in all, a real mess.  I need to clean this up and put into place policies of how this department storage is managed.  

My thoughts are this:

1. Restrict folder creation at the root (T:) level
 - this will be done by our support staff via support request

2. Place quotas on newly created folders (3rd part application)
 - each newly created folder will have an allocated quota

3. Create a standard folder naming convention
 - each folder will have a consistant naming convention that will make managing the folder much easier

4. Alerts
 - setup alerts on each folder so users can receive notifications when their space is filling up

5. Security
 - each folder will be secured.  if the folder is not to be shared within the department, specific security groups will be created  and applied to the folder

6. Create a new folder at the root for cross department shaing
 - a new folder will reside at the root of T:, which will be mapped (S:) to goups that need to share across departments
 - all above policies apply to newly created folder within this shared department folder
 - all folders within this cross department share will be secure via group membership

Please take a look at my senerio and comment.  I really value the imput from the experts from this site.  

Thanks
Mark
mchristo63Asked:
Who is Participating?
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I would suggest offloading the issue to the users.  For example, designate one user (or have the department head designate the user) who will monitor usage.  If they see "suspect" files, make them responsible for policing.

Now, you can generate scripts that locate "bad" files, such as mp3s and the like and generate a report.  You can further script things to indicate who the owner of such files are and "report" the owner to their department head.

I think if you are going to try to manage folder creation for users, you're going to have a nightmare of a time doing it.

If you're able to use a third party application for quotas, then do so and assign quotas to groups too.  When a group complains of a lack of disk space, the first thing you do is validate their files.  THEN you increase their space.  
0
 
mchristo63Author Commented:
good suggestions.

Not sure if designating a department user to police the activity will work.  Most likely it will fall upon myself.  
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I use to manage a similar situation.  Another thing, you can run reports of how much usage each group does and contact the department heads of the groups using "too much" space.  I used to manage this at a lab environment - very difficult to manage.  We allocated xGB to each lab and those that exceeded it (no actual quota software used on the group end) were asked to purchase their own space - or had to pay more in annual IT costs.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Because you also have to think about backup, and how much space they are going to need there - typically NIGHTLY.
0
 
mchristo63Author Commented:
Backup is covered.  
0
 
DABOMBCommented:
Have you thought of automatic restriction of certain file types, eg: mp3. I've made it on my servers so that as soon as any media file is written (*.mp3, *.avi, *.mov), they are instantly deleted. (My users hate me mind you and have gotten pretty clever with encrypted zips... oh wait, if I cant read it... buh bye!) lol

-D
0
 
mchristo63Author Commented:
Yes.  I can do that with the 3rd party quota app we will use.
0
 
DABOMBCommented:
Mind if I ask which quota app that is? I had to write a file scanner for my linux server... bbut I'd like to do the same on my windows machines.
0
 
mchristo63Author Commented:
Veritas StorageCentral
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Do you have any policies in place??  What I mean is are there any acceptable use policies or guidelines in place?  For example, I created a policy that says that only user specific files may be kept in the User folders and only Work related in the departmental directories.  We also have a policy about loading up software that is not provided by the company and about what is acceptable use of the PC's, like No Games or Downloads from the Internet.

I believe in the Kiss Method.  Wouldn't it be better to stop or prevent the users from loading things where they should not be by having them take the responsibility?

Create some good general policies and have the higher Up's buy into it.  Make sure the consequencies are spelled out as well.  Just one license violation can cost the company over $300,000 or $400,000 in fines if they are caught and prosecuted.  Then implement the policy and you should have users starting to police themselves.  If they don't then there is action that can be taken against the offenders.

I like your points 1,3,5 and 6 and use them as well.  I don't use quota's on departmental directories as the policies take care of that hassle, so any low space alerts aren't needed for me.

0
 
mchristo63Author Commented:
So, in your experience, how does it work for you restricting the creation of folders in a Department share.  I have about 1200 users, and all reside in different department.  Restricting folder creation is a great idea, but I am worried about the overhead and the possible "I need a folder now" senerio from top brass.  

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.