axmurderer
asked on
Employee User folders on Windows 2000 Server network share
What is a great scheme for setting up employee user folders? This answer is probably just a link to a public corporate policy. My main concern is security so that users are secure from one another and even the administrator.
Thanks...
Thanks...
Let me detail a little bit, considerint you are in MS environment.
1. Right-click a folder and select "share"
2. Give FULL permission to authenticated users
3. Set permissions locally on the folder - add the username you want to have access, and set permission rights
Note!
On 2, I said to give full permissions to authenticated users - THIS IS NOT A MISTAKE. You will restrict access at the local level (using local permissions - not share permissions)! This is the recommended way as when both share and local permissions are applied, the most restrictive ones take priority. Therefore, the actual local permissions set will be applied. Additionally, even if a user is able to login locally, he wont be able to access the specified folder as the permissions are defined locally!
Cheers.
1. Right-click a folder and select "share"
2. Give FULL permission to authenticated users
3. Set permissions locally on the folder - add the username you want to have access, and set permission rights
Note!
On 2, I said to give full permissions to authenticated users - THIS IS NOT A MISTAKE. You will restrict access at the local level (using local permissions - not share permissions)! This is the recommended way as when both share and local permissions are applied, the most restrictive ones take priority. Therefore, the actual local permissions set will be applied. Additionally, even if a user is able to login locally, he wont be able to access the specified folder as the permissions are defined locally!
Cheers.
ASKER
Sorry I had that originally and must've edited it out. It is Windows 2000 Server.
I came from a unix background and it seemed very clean the way the user folders were handled. The network user folder was linked to the root of the user folder (say My Documents) and it was very clean. The users all saw their documents and they behaved as if they were local. Generally, they had no idea where they were physically stored.
In our setup, we just have a shared drive letter with a folder called Users. we have to manually create and restrict each user account to block other users. Our employees still tend to want to use their My Documents folder out of convenience for not navigating to the network share. Revised policies can be set forbidding this, but I would prefer to solve it transparently.
Thanks for you response.
I came from a unix background and it seemed very clean the way the user folders were handled. The network user folder was linked to the root of the user folder (say My Documents) and it was very clean. The users all saw their documents and they behaved as if they were local. Generally, they had no idea where they were physically stored.
In our setup, we just have a shared drive letter with a folder called Users. we have to manually create and restrict each user account to block other users. Our employees still tend to want to use their My Documents folder out of convenience for not navigating to the network share. Revised policies can be set forbidding this, but I would prefer to solve it transparently.
Thanks for you response.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Let me clarify two points that are unclear when I re-read my post. The idea of the user folders is that My Documents would have a folder called "Network Share". Perhaps this is just a shortcut in windows to achieve nearly the same functionality?
I mean that we have to manually create and restrict each user folder on the shared drive.
regards,
I mean that we have to manually create and restrict each user folder on the shared drive.
regards,
"Our employees still tend to want to use their My Documents folder"
Have you considered re-directing their my documents folder to a folder on the server? This can easily be accomplished thru the use of group policy.
Have you considered re-directing their my documents folder to a folder on the server? This can easily be accomplished thru the use of group policy.
You may find this very useful:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/097e4d27-bdb4-4b4d-84dc-d7e57522f3fc.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/097e4d27-bdb4-4b4d-84dc-d7e57522f3fc.mspx
What network environment is this you are talking about - is this Ms?
If your answer is "Microsoft network" then I guess you should give us some more detail? What are you trying to achieve? Why isn't the standard way (using user's permissions - ACLs) a good method for you?
Cheers.