Solved

User\Department Storage

Posted on 2004-10-21
477 Views
Last Modified: 2010-04-03
Looking for best practices.!!!

I have been tasked to redesign our Department and User home shares.  Here is our current setup:

Server
 |
 |____ Users Volume (each user folder is secure to the individual user)
 |          |_ User1
 |          |_ User2 ...
 |
 |____ Department Volume
            |_ Department1 (each folder under department inherits permissions allowing all dept. users access)
            |_ Department2 ...

We map drive (U:) to each individual home folder and map (T:) to the department they belong.  Pretty straight forward.  

The users volume has not been an issue since we have applied quotas on that volume which restrict the users home directories to 500MB.  Where I have to really re-think is the department shares.  Here is my problem:

If I have a department called DEPT1 with 200 users, each user will get the mapping of T:.  Within that mapping all users have modify rights which allows pretty much everything (-permission change).  We have users creating folders all over the place and are saving, let's say "non-business" related files.  They do this because they have quotas on their user folders and they also need to share files with others.  Now, granted, we have created some folders for them and restricted it to a specific groups so others within the department can't access.  So all in all, a real mess.  I need to clean this up and put into place policies of how this department storage is managed.  

My thoughts are this:

1. Restrict folder creation at the root (T:) level
 - this will be done by our support staff via support request

2. Place quotas on newly created folders (3rd part application)
 - each newly created folder will have an allocated quota

3. Create a standard folder naming convention
 - each folder will have a consistant naming convention that will make managing the folder much easier

4. Alerts
 - setup alerts on each folder so users can receive notifications when their space is filling up

5. Security
 - each folder will be secured.  if the folder is not to be shared within the department, specific security groups will be created  and applied to the folder

6. Create a new folder at the root for cross department shaing
 - a new folder will reside at the root of T:, which will be mapped (S:) to goups that need to share across departments
 - all above policies apply to newly created folder within this shared department folder
 - all folders within this cross department share will be secure via group membership

Please take a look at my senerio and comment.  I really value the imput from the experts from this site.  

Thanks
Mark
0
Question by:mchristo63
    11 Comments
     
    LVL 95

    Accepted Solution

    by:
    I would suggest offloading the issue to the users.  For example, designate one user (or have the department head designate the user) who will monitor usage.  If they see "suspect" files, make them responsible for policing.

    Now, you can generate scripts that locate "bad" files, such as mp3s and the like and generate a report.  You can further script things to indicate who the owner of such files are and "report" the owner to their department head.

    I think if you are going to try to manage folder creation for users, you're going to have a nightmare of a time doing it.

    If you're able to use a third party application for quotas, then do so and assign quotas to groups too.  When a group complains of a lack of disk space, the first thing you do is validate their files.  THEN you increase their space.  
    0
     

    Author Comment

    by:mchristo63
    good suggestions.

    Not sure if designating a department user to police the activity will work.  Most likely it will fall upon myself.  
    0
     
    LVL 95

    Expert Comment

    by:Lee W, MVP
    I use to manage a similar situation.  Another thing, you can run reports of how much usage each group does and contact the department heads of the groups using "too much" space.  I used to manage this at a lab environment - very difficult to manage.  We allocated xGB to each lab and those that exceeded it (no actual quota software used on the group end) were asked to purchase their own space - or had to pay more in annual IT costs.
    0
     
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Because you also have to think about backup, and how much space they are going to need there - typically NIGHTLY.
    0
     

    Author Comment

    by:mchristo63
    Backup is covered.  
    0
     
    LVL 3

    Expert Comment

    by:DABOMB
    Have you thought of automatic restriction of certain file types, eg: mp3. I've made it on my servers so that as soon as any media file is written (*.mp3, *.avi, *.mov), they are instantly deleted. (My users hate me mind you and have gotten pretty clever with encrypted zips... oh wait, if I cant read it... buh bye!) lol

    -D
    0
     

    Author Comment

    by:mchristo63
    Yes.  I can do that with the 3rd party quota app we will use.
    0
     
    LVL 3

    Expert Comment

    by:DABOMB
    Mind if I ask which quota app that is? I had to write a file scanner for my linux server... bbut I'd like to do the same on my windows machines.
    0
     

    Author Comment

    by:mchristo63
    Veritas StorageCentral
    0
     
    LVL 16

    Expert Comment

    by:samccarthy
    Do you have any policies in place??  What I mean is are there any acceptable use policies or guidelines in place?  For example, I created a policy that says that only user specific files may be kept in the User folders and only Work related in the departmental directories.  We also have a policy about loading up software that is not provided by the company and about what is acceptable use of the PC's, like No Games or Downloads from the Internet.

    I believe in the Kiss Method.  Wouldn't it be better to stop or prevent the users from loading things where they should not be by having them take the responsibility?

    Create some good general policies and have the higher Up's buy into it.  Make sure the consequencies are spelled out as well.  Just one license violation can cost the company over $300,000 or $400,000 in fines if they are caught and prosecuted.  Then implement the policy and you should have users starting to police themselves.  If they don't then there is action that can be taken against the offenders.

    I like your points 1,3,5 and 6 and use them as well.  I don't use quota's on departmental directories as the policies take care of that hassle, so any low space alerts aren't needed for me.

    0
     

    Author Comment

    by:mchristo63
    So, in your experience, how does it work for you restricting the creation of folders in a Department share.  I have about 1200 users, and all reside in different department.  Restricting folder creation is a great idea, but I am worried about the overhead and the possible "I need a folder now" senerio from top brass.  

    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    A bootable USB key can be very handy now-a-days. My favorite USB key consists of our Windows 7 image, network card drivers (to connect up to a Ghost server), the latest BIOS updates for all of our PCs and CopyWipe (to erase a retired PC) Creating…
    AWS Glacier is Amazons cheapest storage option and is their answer to a ‘Cold’ storage service.  Customers primarily use this service for archival purposes and storage of infrastructure backups.  Its unlimited storage potential and low storage cost …
    This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
    This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now