Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


User\Department Storage

Posted on 2004-10-21
Medium Priority
Last Modified: 2010-04-03
Looking for best practices.!!!

I have been tasked to redesign our Department and User home shares.  Here is our current setup:

 |____ Users Volume (each user folder is secure to the individual user)
 |          |_ User1
 |          |_ User2 ...
 |____ Department Volume
            |_ Department1 (each folder under department inherits permissions allowing all dept. users access)
            |_ Department2 ...

We map drive (U:) to each individual home folder and map (T:) to the department they belong.  Pretty straight forward.  

The users volume has not been an issue since we have applied quotas on that volume which restrict the users home directories to 500MB.  Where I have to really re-think is the department shares.  Here is my problem:

If I have a department called DEPT1 with 200 users, each user will get the mapping of T:.  Within that mapping all users have modify rights which allows pretty much everything (-permission change).  We have users creating folders all over the place and are saving, let's say "non-business" related files.  They do this because they have quotas on their user folders and they also need to share files with others.  Now, granted, we have created some folders for them and restricted it to a specific groups so others within the department can't access.  So all in all, a real mess.  I need to clean this up and put into place policies of how this department storage is managed.  

My thoughts are this:

1. Restrict folder creation at the root (T:) level
 - this will be done by our support staff via support request

2. Place quotas on newly created folders (3rd part application)
 - each newly created folder will have an allocated quota

3. Create a standard folder naming convention
 - each folder will have a consistant naming convention that will make managing the folder much easier

4. Alerts
 - setup alerts on each folder so users can receive notifications when their space is filling up

5. Security
 - each folder will be secured.  if the folder is not to be shared within the department, specific security groups will be created  and applied to the folder

6. Create a new folder at the root for cross department shaing
 - a new folder will reside at the root of T:, which will be mapped (S:) to goups that need to share across departments
 - all above policies apply to newly created folder within this shared department folder
 - all folders within this cross department share will be secure via group membership

Please take a look at my senerio and comment.  I really value the imput from the experts from this site.  

Question by:mchristo63
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
LVL 96

Accepted Solution

Lee W, MVP earned 1500 total points
ID: 12373670
I would suggest offloading the issue to the users.  For example, designate one user (or have the department head designate the user) who will monitor usage.  If they see "suspect" files, make them responsible for policing.

Now, you can generate scripts that locate "bad" files, such as mp3s and the like and generate a report.  You can further script things to indicate who the owner of such files are and "report" the owner to their department head.

I think if you are going to try to manage folder creation for users, you're going to have a nightmare of a time doing it.

If you're able to use a third party application for quotas, then do so and assign quotas to groups too.  When a group complains of a lack of disk space, the first thing you do is validate their files.  THEN you increase their space.  

Author Comment

ID: 12373711
good suggestions.

Not sure if designating a department user to police the activity will work.  Most likely it will fall upon myself.  
LVL 96

Expert Comment

by:Lee W, MVP
ID: 12373737
I use to manage a similar situation.  Another thing, you can run reports of how much usage each group does and contact the department heads of the groups using "too much" space.  I used to manage this at a lab environment - very difficult to manage.  We allocated xGB to each lab and those that exceeded it (no actual quota software used on the group end) were asked to purchase their own space - or had to pay more in annual IT costs.
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

LVL 96

Expert Comment

by:Lee W, MVP
ID: 12373744
Because you also have to think about backup, and how much space they are going to need there - typically NIGHTLY.

Author Comment

ID: 12373776
Backup is covered.  

Expert Comment

ID: 12374306
Have you thought of automatic restriction of certain file types, eg: mp3. I've made it on my servers so that as soon as any media file is written (*.mp3, *.avi, *.mov), they are instantly deleted. (My users hate me mind you and have gotten pretty clever with encrypted zips... oh wait, if I cant read it... buh bye!) lol


Author Comment

ID: 12374336
Yes.  I can do that with the 3rd party quota app we will use.

Expert Comment

ID: 12374541
Mind if I ask which quota app that is? I had to write a file scanner for my linux server... bbut I'd like to do the same on my windows machines.

Author Comment

ID: 12374565
Veritas StorageCentral
LVL 17
ID: 12393696
Do you have any policies in place??  What I mean is are there any acceptable use policies or guidelines in place?  For example, I created a policy that says that only user specific files may be kept in the User folders and only Work related in the departmental directories.  We also have a policy about loading up software that is not provided by the company and about what is acceptable use of the PC's, like No Games or Downloads from the Internet.

I believe in the Kiss Method.  Wouldn't it be better to stop or prevent the users from loading things where they should not be by having them take the responsibility?

Create some good general policies and have the higher Up's buy into it.  Make sure the consequencies are spelled out as well.  Just one license violation can cost the company over $300,000 or $400,000 in fines if they are caught and prosecuted.  Then implement the policy and you should have users starting to police themselves.  If they don't then there is action that can be taken against the offenders.

I like your points 1,3,5 and 6 and use them as well.  I don't use quota's on departmental directories as the policies take care of that hassle, so any low space alerts aren't needed for me.


Author Comment

ID: 12399796
So, in your experience, how does it work for you restricting the creation of folders in a Department share.  I have about 1200 users, and all reside in different department.  Restricting folder creation is a great idea, but I am worried about the overhead and the possible "I need a folder now" senerio from top brass.  


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lets start to have a small explanation what is VAAI(vStorage API for Array Integration ) and what are the benefits using it. VAAI is an API framework in VMware that enable some Storage tasks. It first presented in ESXi 4.1, but only after 5.x sup…
A look at what happened in the Verizon cloud breach.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question