[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1894
  • Last Modified:

Network Share folder structure suggestions

I am in the process of developing and implementing a new network shared folder structure. The current is way out dated, and all over the place. This will do two things, structure the folders themselves, and straighten out the permissions.

I have the groups laid out and permissions will not be a problem. My question is regarding best practices or best starting layout for a network shared folder. Here is what is currently planned.

Drive H = User home folders (not a problem)
Drive P = General Network Share

Accounting
Executive
HR
IT
Sales
Service
All
   Accounting
   Executive
   HR
   IT
   Sales
   Service

Root department folders will be accessible only by their respective departments. Departments under ALL will have folders visible and/or editable to all as well as folders visible and/or editable to some. There will be more miscellaneous folders under all for groups that need them. My question is: Is this a good way to structure the folder. Is there a better base structure to use? This is simply what I have been used to, but have not found any decent resources regarding a good best practice for setting up the folder structure.

Thanks for any input you may have
0
BHForum
Asked:
BHForum
  • 2
  • 2
1 Solution
 
JavedtariqCommented:
I would suggest to use the following approach which we have at work.
This will make it easier for your support staff and new starters to understand it quickly .

All our security groups in AD start with specific letters according to the function of the group . for example
For distribution groups we use   "_three letters for department and then distribution list name " e.g. for customer services distribution list it will be         _CSD_All_Agents

For Permissions to Folder all the group start with SH (shares) e.g. access group to a share  will be called SH-CSD-TECHNICAL-INFO-RW
SH - CSD - Technical Info - RW
SH shows that this is a share
CSD shows the department
next bit shows folder name
RW shows what kind of permissions they are.
We also have access groups with permissions to applications and internet resources they start with
AC like AC-INTERNET
Now as far as the folder structure is concerned this group naming style also applies on folders too.
Your root folders can be named on the name of the department but any sub folders should be created with three letter conventions e.g.

Accounting/ACC-Annual-Reports
Accounting/ACC-Staff-Performance
There are actual two groups we have for every root folder one with read only permissions and one with read and write permissions

_CSD_xxxxxxxx
_CSD_xxxxxxxx
_CSD_xxxxxxxx
This is the format for Distribution list

SH-CSD-TECHNICAL-INFO-RW
SH-CSD-xxxxxxxxxx-RW
SH-CSD-xxxxxxxxxx-RW
SH-CSD-xxxxxxxxxx-RW
This is the format for shares

AC-INTERNET
AC-Application name
AC-Application name
AC-Application name
Access Groups



Then we have a script, which according to their OU maps there root folders for them.
So when creating a new user all we have to do is put them in right OU which is their department name and they get the right drives .

I hope this will help you a little bit if not exactly what you are looking for .
0
 
BHForumAuthor Commented:
Thanks, Javedtarig. I was probably not very clear on my needs. I have the permissions and groups setup without a problem. It is the folder structure itself that I am looking at. Primarily, the folder tree structure for department only shares, and for departments to share with all others. In other words, should I have the structure that I listed above:

Accounting
Executive
HR
IT
Sales
Service
All
   Accounting
   Executive
   HR
   IT
   Sales
   Service

Or something more like this:

Accounting
   Acct-Only
   Shared
Executive
   Exec-Only
   Shared
HR
   HR-Only
   Shared

Etc.

Hope that clarifies.

Thanks
0
 
JavedtariqCommented:
Couple of things. Your folder structure will highly rely on the process of approving request for sharing folders/adding people in permissions groups and delete users from security groups.
Now if you have freedom of drafting the procedure for Permissions requests then it will be easy for you to do the following

Now what we do is, for each security group for a root folder we have one person (Group Manager)in that department who approves request for giving access to folders. you can select that person’s name in the Security Group Properties Tab in AD.

The reason for explaining this is because if you create the structure you suggested above like
Executive
   Exec-Only
   Shared
HR
   HR-Only
   Shared
Then you are going to have problem of data duplication for example if you got a team folder in Executive/Exec-only/Sickness Report and somebody from another department needs to have a look at this folder like HR . Then you either have to give HR Permissions to that Folder or Copy it over to "shared" folder and give them access to "SHARED". This will create a lot of duplication of work.


Best thing I would recommend is

Create Following Folders
Accounting
Executive
HR
IT
Sales
Service
All

Each Folder needs to have groups FolderName-RW    and FolderName-R
The concerning department should be added in the RW group other people can have Read only group.
In case someone needs write access to a file or sub folder and the log a call with you .
then you have to contact the group manager for that department to approve the request.

This procedure has lots of benefits.
Its secure so HR or any other department will know all the time who has access to their folder.
They can do the file keeping according to their needs.
In case of New Starters and Leavers you can easily manage access.
in the end if you group manager can volunteer to take one extra task He/She can manage the access list from the front end by them self as being the manager of the folder.

In the End again its up to you which ever way you want to go i would suggest the above file structure with procedure.
0
 
BHForumAuthor Commented:
Javedtarig, your recommendation is pretty much what I had in mind. The structure of:
Executive
   Exec-Only
   Shared
HR
   HR-Only
   Shared

was more for illustration. It was a structure different than the previous, where the department only area was on the root level, then a folder called ALL would have the department folders containing shared information. I think a single level of folders will make for easier navigation without making administration more difficult. Folders to be shared outside of the department will be removed from inherited permissions, therefore allowing any new folders created to be deparment viewable only until IT changes those permissions explicitly.

Thanks for helping me air out and get things more clear.

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now