Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

Network drives for security groups

I have a client who wants the following drives mapped:
Z - for all staff
P - Users mydocs
X - accounts staff
Y - Engineering staff

I was thining of creating a security group for accounts and engineering, then creating a new GPO, then in Security filtering adding the security group required so it will only apply to members of that group, then a simple bat file to run at logon for that GPO.

The question is, is there a better way?

This is on a SBS server so I didnt really want to create OU for each department, unless you think its a better idea, if so why?
0
NOSIT
Asked:
NOSIT
  • 4
  • 3
1 Solution
 
Don S.Commented:
I have always used something like the ifmember.exe tool from the server 2003 resource kit to test for group membership inside the login script.  You can get the resource kit here: http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Much cleaner and self documenting than messing around with filters on group policies.
 
0
 
NOSITAuthor Commented:
I have never used that tool, how would it be set up?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Have you considered having them use SBS the way it is designed instead?

No need for P=Users My Docs.  Instead, run the "Configure My Documents Redirection" wizard in the Server Management Console.  This make their local "My Documents" folder redirect to their user share (\\SBSSERVER\Users\%Username%\My Documents) no matter what comptuer they log into.  They just need to open "My Documents"  instead of "P".

As for Z=All Staff, X=Accounts, Y=Engineering... consider having them use SharePoint document Libraries.  By default, if you joined the workstations to the domain using the SBS Method of http://<servername>/connectcomputer, they already have a link in "My Network Places" for "General Documents on Companyweb".  This is a Windows Explorer view of the SharePoint Companyweb Document Library which is also accessible by going to http://companyweb in IE and clicking on the "General Documents" link in the left column.

There is a great file import tool in the SBS Server Management Console > Standard Management > Internal Web Site snap-in.

If you do go the route of GPO/OU's then using Security Groups is exactly how it's done on SBS.  Because you don't generally want to muck with the default AD structure.  (Although technically you can add additional user OU's under MyBusiness\Users\ at the same level as the default SBSUsers OU.

Jeff
TechSoEasy
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
NOSITAuthor Commented:
Jeff,

They dont want to use sharepoing as they are using confluence already and dont like the idea, I have done about 5 demo's of it, but they wont budge.

They also want the My docs as a network drive just cause thats what theya re used to, but they will be redirected to the server.

Woudl you reccomend creating OU under the mybuisiness OU, or using security groups?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I already recommended that you go with Security Groups if you are going to map the drives.

But did you realize you can map a drive to a SharePoint Document Library?  Give them the best of both worlds?

Jeff
TechSoEasy

0
 
NOSITAuthor Commented:
No I didnt, can they then use sharepoint or browse the drive like normall folders?

Also how flexible are the permissions in sharepoint?
0
 
NOSITAuthor Commented:
Also Jeff was the process I had for using GPO and security groups ok?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
"No I didnt, can they then use sharepoint or browse the drive like normall folders?"
Yep

"Also how flexible are the permissions in sharepoint?"
SharePoint v2.0 is a bit less flexible, but should be no problem with your needs.  Permissions are set at the document library level, not on the document level.

"was the process I had for using GPO and security groups ok"
Essentially.  You might want to consider creating specific User Templates that are already members of the Security Groups you are creating so that new users can be put into the proper Security Group as needed.

Take a look at http://sbsurl.com/login for an example of a mapped drive login script.  But instead of putting the drive mappings in the SBS_LOGIN_SCRIPT.bat file, you can actually call specific mapping batch files for the specific security groups if you like.  Personally, one of the reasons I like SharePoint is that you don't have to mess with any of that... users can just go to their specific Document Library and don't have access to the others.

Jeff
TechSoEasy
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now