Looking for best practices.!!!
I have been tasked to redesign our Department and User home shares. Here is our current setup:
|____ Users Volume (each user folder is secure to the individual user)
| |_ User1
| |_ User2 ...
|____ Department Volume
|_ Department1 (each folder under department inherits permissions allowing all dept. users access)
|_ Department2 ...
We map drive (U:) to each individual home folder and map (T:) to the department they belong. Pretty straight forward.
The users volume has not been an issue since we have applied quotas on that volume which restrict the users home directories to 500MB. Where I have to really re-think is the department shares. Here is my problem:
If I have a department called DEPT1 with 200 users, each user will get the mapping of T:. Within that mapping all users have modify rights which allows pretty much everything (-permission change). We have users creating folders all over the place and are saving, let's say "non-business" related files. They do this because they have quotas on their user folders and they also need to share files with others. Now, granted, we have created some folders for them and restricted it to a specific groups so others within the department can't access. So all in all, a real mess. I need to clean this up and put into place policies of how this department storage is managed.
My thoughts are this:
1. Restrict folder creation at the root (T:) level
- this will be done by our support staff via support request
2. Place quotas on newly created folders (3rd part application)
- each newly created folder will have an allocated quota
3. Create a standard folder naming convention
- each folder will have a consistant naming convention that will make managing the folder much easier
- setup alerts on each folder so users can receive notifications when their space is filling up
- each folder will be secured. if the folder is not to be shared within the department, specific security groups will be created and applied to the folder
6. Create a new folder at the root for cross department shaing
- a new folder will reside at the root of T:, which will be mapped (S:) to goups that need to share across departments
- all above policies apply to newly created folder within this shared department folder
- all folders within this cross department share will be secure via group membership
Please take a look at my senerio and comment. I really value the imput from the experts from this site.