Simplified management of Windows Server file/folder permissions

I've set up a server that being used as a file server, and I'm handing over the management of file/folder permissions to local staff.  They're not server experts, but are IT literate, which is enough for managing most aspects of a file server.  The one exception is managing permissions, as these are very complex - each department has its own folder, which should be confidential to them, plus nested sub-folders for sub-groups of staff; there are also shared folders that should be read-only to all but certain staff, other folders that can be accessed by people attached to certain projects etc etc.  I've obviously set all of this up using groups (no individual permissions), but both the groups and the folders will change fairly frequently as projects change.

The problem is that the interface/console for managing 'security' (ie permissions) in Windows is extremely non-user friendly - particularly when you need to fiddle with the cascading and inheritance of permissions etc.  I've done a bit of training with these guys, but I can tell they're really struggling with the complexity of it...

So my question: is there a GUI or other user-friendly tool out there somewhere that simplifies the management of Windows permissions?  Eg graphically shows folders in a nested hierarchy, and uses colour codes to clearly show whether or not a group has permissions to each folder, so that you can easily see how far permissions cascade?  This stuff isn't rocket science, and it seems to me that someone must have found a way of presenting and managing it all in a much simpler way...

By the way, we're using Windows 2003, but will be switching to Windows 2008 in the near future (I'm not sure if that has a better interface/console).

Many thanks for any feedback you can give...

Cheers, Sam.
samueldjohnsonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hutnorCommented:
Why don't you do oine of these two options.

Make all folders for ever department shares. Then set share access. This way user can be given change or read. Simple for everyone then.

Other option if you want to use the security tab

Make up 2 groups for every folder that you need to add user permissions to. Make one group called change & other called read. Set these group so that the change group has change permission & read group only has read.
You can have a folder call sales
the groups can be called sales_change & sales_read

Now all the staff need to do is add new people to the groups they need to go in.

This will also give you a list of who has access to each folder & how just by looking at members of that group.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hutnorCommented:
i assume you have AD so this would make it much easier
0
samueldjohnsonAuthor Commented:

Thanks Htunor, that sounds like a useful technique for many situations.  It unfortunately still doesn't solve my problem, in that it still leaves the user to grapple with the complexity of how these rights cascade down etc.  What I'm really looking for is a *tool* that simplifies all of this (eg a graphical interface that shows security and how each right cascades etc).

I'm guessing from the lack of other responses that perhaps there simply *isn't* a tool out there that simplifies all of this?

Cheers, Sam.
0
hutnorCommented:
I am not sure if there are any tools & never looked for one - I am sure there would be for a cost. However I find AD with many groups on each share very easy to manage. Much better then trying to set the security tab up on every folder.

If you have folders in folders that all need different access you may want to draw up a chart to show them if someone has access to a folder here all folder below this one will also get access.
0
samueldjohnsonAuthor Commented:
Good suggestion, but not what I was looking for (a software tool).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.