Simplified management of Windows Server file/folder permissions

I've set up a server that being used as a file server, and I'm handing over the management of file/folder permissions to local staff.  They're not server experts, but are IT literate, which is enough for managing most aspects of a file server.  The one exception is managing permissions, as these are very complex - each department has its own folder, which should be confidential to them, plus nested sub-folders for sub-groups of staff; there are also shared folders that should be read-only to all but certain staff, other folders that can be accessed by people attached to certain projects etc etc.  I've obviously set all of this up using groups (no individual permissions), but both the groups and the folders will change fairly frequently as projects change.

The problem is that the interface/console for managing 'security' (ie permissions) in Windows is extremely non-user friendly - particularly when you need to fiddle with the cascading and inheritance of permissions etc.  I've done a bit of training with these guys, but I can tell they're really struggling with the complexity of it...

So my question: is there a GUI or other user-friendly tool out there somewhere that simplifies the management of Windows permissions?  Eg graphically shows folders in a nested hierarchy, and uses colour codes to clearly show whether or not a group has permissions to each folder, so that you can easily see how far permissions cascade?  This stuff isn't rocket science, and it seems to me that someone must have found a way of presenting and managing it all in a much simpler way...

By the way, we're using Windows 2003, but will be switching to Windows 2008 in the near future (I'm not sure if that has a better interface/console).

Many thanks for any feedback you can give...

Cheers, Sam.
samueldjohnsonAsked:
Who is Participating?
 
hutnorCommented:
Why don't you do oine of these two options.

Make all folders for ever department shares. Then set share access. This way user can be given change or read. Simple for everyone then.

Other option if you want to use the security tab

Make up 2 groups for every folder that you need to add user permissions to. Make one group called change & other called read. Set these group so that the change group has change permission & read group only has read.
You can have a folder call sales
the groups can be called sales_change & sales_read

Now all the staff need to do is add new people to the groups they need to go in.

This will also give you a list of who has access to each folder & how just by looking at members of that group.
0
 
hutnorCommented:
i assume you have AD so this would make it much easier
0
 
samueldjohnsonAuthor Commented:

Thanks Htunor, that sounds like a useful technique for many situations.  It unfortunately still doesn't solve my problem, in that it still leaves the user to grapple with the complexity of how these rights cascade down etc.  What I'm really looking for is a *tool* that simplifies all of this (eg a graphical interface that shows security and how each right cascades etc).

I'm guessing from the lack of other responses that perhaps there simply *isn't* a tool out there that simplifies all of this?

Cheers, Sam.
0
 
hutnorCommented:
I am not sure if there are any tools & never looked for one - I am sure there would be for a cost. However I find AD with many groups on each share very easy to manage. Much better then trying to set the security tab up on every folder.

If you have folders in folders that all need different access you may want to draw up a chart to show them if someone has access to a folder here all folder below this one will also get access.
0
 
samueldjohnsonAuthor Commented:
Good suggestion, but not what I was looking for (a software tool).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.