Network share, naming convenction

Hi Gurus,
our networks is a Windows environment and the share have been growing a lot, their structure is not following anymore the structure we would like to have. My plan is to reorganize the network folders, if possible following the department's structure we have.
In my mind the top of the organigram sholud have a full read/write access to all the department's share, and the component of the singular departments should read and modify only the related share, with no browsing rights to go up in the tree...  i belive this should be a common setup... or do you have any suggestion? Any suggestion also on how to manage rights in this kind of setup?
A part of the task is also to adopt a new naming convenction for files/folders, so to easily identify some key informations directly while browsing the folders structure.
Do you have any suggestion on this, or have any study, or information related?
Thanks a lot!

ps: we already use software like Spaceguard to control the space used by users...
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


In cases like this I always have a root folder where everyone can browse to, but cannot write to (otherwise people start saving things to the root folder, rather than their appropriate department's share). You can use NTFS permissions for this, setting the 'Authenticated Users' group to have 'Traverse Folder' rights for 'This folder only'. Doing it this way means you don't need to block inheritance on each department's subfolder.

Then, on the department folders, the Authenticated users group should not be listed since it does not apply to that particular folder (so keep inheritance ticked), and you can now just add the appropriate department security group with the control they require over their departmental folder.

By keeping inheritance enabled, I particularly like this since you can later go and add, for example, Domain Admins with permission to access the share.

If you have multiple file servers, you would want to consider making use of a domain-based DFS namespace, and then mounting each department's share in the namespace. This means you would end-up with a common \\domain\Shared share, within which all your departments are listed, but it does not matter on which server the departmental folders are situated, since DFS handles all the requests and passes them to the appropriate server automatically.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What i had done is installed ABE (Access Based Enumeration) if you are not famaliar with this it basically hides all files/folders which users are not permissioned to. from there well use the following file heirarchy;

-->General Company Information
-->Information Technology Department
---->IT Manager

And so on, on the Root level what i did was add Everyone with Read Permissions. Next I had a security group created called All Employees, adding this SG to the General Company folder and giving them Modify rights and allowed inheritance on the folder so all files get the same permissions. On IT I added IT Staff Security along with IT Managers Security allowed all Modify Permissions along with Domain Admins and Administrators will full permissions. Under the IT manager i broke the inheritance and took away IT Staff Security, this being said with ABE none of the users in the IT Stagg Security are able to see the IT Manager folder even though it is under the IT Dept. folder. I did this for numerous folders and it seems to work great.

If you have any other questions on how i implamented this please let me know. When i came to my current company this was not done and it took me about a week and a half to implament with all SG's and users who go in those groups.

Hope this helps.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.