Network share, naming convenction

Posted on 2008-11-18
Last Modified: 2013-12-02
Hi Gurus,
our networks is a Windows environment and the share have been growing a lot, their structure is not following anymore the structure we would like to have. My plan is to reorganize the network folders, if possible following the department's structure we have.
In my mind the top of the organigram sholud have a full read/write access to all the department's share, and the component of the singular departments should read and modify only the related share, with no browsing rights to go up in the tree...  i belive this should be a common setup... or do you have any suggestion? Any suggestion also on how to manage rights in this kind of setup?
A part of the task is also to adopt a new naming convenction for files/folders, so to easily identify some key informations directly while browsing the folders structure.
Do you have any suggestion on this, or have any study, or information related?
Thanks a lot!

ps: we already use software like Spaceguard to control the space used by users...
Question by:candrea71
    LVL 58

    Accepted Solution


    In cases like this I always have a root folder where everyone can browse to, but cannot write to (otherwise people start saving things to the root folder, rather than their appropriate department's share). You can use NTFS permissions for this, setting the 'Authenticated Users' group to have 'Traverse Folder' rights for 'This folder only'. Doing it this way means you don't need to block inheritance on each department's subfolder.

    Then, on the department folders, the Authenticated users group should not be listed since it does not apply to that particular folder (so keep inheritance ticked), and you can now just add the appropriate department security group with the control they require over their departmental folder.

    By keeping inheritance enabled, I particularly like this since you can later go and add, for example, Domain Admins with permission to access the share.

    If you have multiple file servers, you would want to consider making use of a domain-based DFS namespace, and then mounting each department's share in the namespace. This means you would end-up with a common \\domain\Shared share, within which all your departments are listed, but it does not matter on which server the departmental folders are situated, since DFS handles all the requests and passes them to the appropriate server automatically.

    LVL 2

    Assisted Solution

    What i had done is installed ABE (Access Based Enumeration) if you are not famaliar with this it basically hides all files/folders which users are not permissioned to. from there well use the following file heirarchy;

    -->General Company Information
    -->Information Technology Department
    ---->IT Manager

    And so on, on the Root level what i did was add Everyone with Read Permissions. Next I had a security group created called All Employees, adding this SG to the General Company folder and giving them Modify rights and allowed inheritance on the folder so all files get the same permissions. On IT I added IT Staff Security along with IT Managers Security allowed all Modify Permissions along with Domain Admins and Administrators will full permissions. Under the IT manager i broke the inheritance and took away IT Staff Security, this being said with ABE none of the users in the IT Stagg Security are able to see the IT Manager folder even though it is under the IT Dept. folder. I did this for numerous folders and it seems to work great.

    If you have any other questions on how i implamented this please let me know. When i came to my current company this was not done and it took me about a week and a half to implament with all SG's and users who go in those groups.

    Hope this helps.


    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now