Network share, naming convenction

Posted on 2008-11-18
Medium Priority
Last Modified: 2013-12-02
Hi Gurus,
our networks is a Windows environment and the share have been growing a lot, their structure is not following anymore the structure we would like to have. My plan is to reorganize the network folders, if possible following the department's structure we have.
In my mind the top of the organigram sholud have a full read/write access to all the department's share, and the component of the singular departments should read and modify only the related share, with no browsing rights to go up in the tree...  i belive this should be a common setup... or do you have any suggestion? Any suggestion also on how to manage rights in this kind of setup?
A part of the task is also to adopt a new naming convenction for files/folders, so to easily identify some key informations directly while browsing the folders structure.
Do you have any suggestion on this, or have any study, or information related?
Thanks a lot!

ps: we already use software like Spaceguard to control the space used by users...
Question by:candrea71
LVL 58

Accepted Solution

tigermatt earned 1000 total points
ID: 22992258

In cases like this I always have a root folder where everyone can browse to, but cannot write to (otherwise people start saving things to the root folder, rather than their appropriate department's share). You can use NTFS permissions for this, setting the 'Authenticated Users' group to have 'Traverse Folder' rights for 'This folder only'. Doing it this way means you don't need to block inheritance on each department's subfolder.

Then, on the department folders, the Authenticated users group should not be listed since it does not apply to that particular folder (so keep inheritance ticked), and you can now just add the appropriate department security group with the control they require over their departmental folder.

By keeping inheritance enabled, I particularly like this since you can later go and add, for example, Domain Admins with permission to access the share.

If you have multiple file servers, you would want to consider making use of a domain-based DFS namespace, and then mounting each department's share in the namespace. This means you would end-up with a common \\domain\Shared share, within which all your departments are listed, but it does not matter on which server the departmental folders are situated, since DFS handles all the requests and passes them to the appropriate server automatically.


Assisted Solution

marin2214 earned 1000 total points
ID: 23616708
What i had done is installed ABE (Access Based Enumeration) if you are not famaliar with this it basically hides all files/folders which users are not permissioned to. from there well use the following file heirarchy;

-->General Company Information
-->Information Technology Department
---->IT Manager

And so on, on the Root level what i did was add Everyone with Read Permissions. Next I had a security group created called All Employees, adding this SG to the General Company folder and giving them Modify rights and allowed inheritance on the folder so all files get the same permissions. On IT I added IT Staff Security along with IT Managers Security allowed all Modify Permissions along with Domain Admins and Administrators will full permissions. Under the IT manager i broke the inheritance and took away IT Staff Security, this being said with ABE none of the users in the IT Stagg Security are able to see the IT Manager folder even though it is under the IT Dept. folder. I did this for numerous folders and it seems to work great.

If you have any other questions on how i implamented this please let me know. When i came to my current company this was not done and it took me about a week and a half to implament with all SG's and users who go in those groups.

Hope this helps.


Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question