Link to home
Start Free TrialLog in
Avatar of csimmons1324
csimmons1324Flag for United States of America

asked on

Advice Setting up File Server Shares and DFS Namespaces

Sorry for the long-winded post.  I am looking for some advice and suggestions on structuring a new file server using Server 2012.  Below is what I planned on using for my file server hierarchy.  

- Applications (Folder for Shared Applications)
- Data - (Non-Shared Folder)
       - Departments - (Shared Folder)
               - Accounting - (Shared Folder)
                      - Accounts Payable - (Shared Folder)
                      - Accounts Receivable - (Shared Folder)
               - Human Resources - (Shared Folder)
               - Information Technology - (Shared Folder)
               - Marketing - (Shared Folder)
               - Production - (Shared Folder)
                     - Plant 1 - (Shared Folder)
                     - Plant 2 - (Shared Folder)
                     - Plant 3 - (Shared Folder)
                     - Plant 4 - (Shared Folder)
                     - Plant 5 - (Shared Folder)
               - Etc.
       - Projects - (Shared Folder)
               - Project 1 - (Shared Folder)
               - Project 2 - (Shared Folder)
               - Etc.
       - Public - (Shared Folder for users to share files with other users.  Files will be removed after 5 days. )
       - UserData - (Hidden Share to hold User’s Redirected Folders such as My Docs)

I envisioned simply mapping a drive letter to the Departments folder for all users.  Using Access Based Enumeration, when I user went into the Departments folder they would only see the departments that they have access to.  Each department is responsible for organizing and structuring the files within their share.  

Due to the fact that we are a small company and most people where multiple hats, almost everyone will need at least some type of access to multiple department folders.  For example, production will need to be able to drill down into the Engineering folder to open CAD drawings.  Customer Service will need to drill down into the marketing folder and view PDF files of literature pieces.  Customer Service will also need to drill down into the Engineering folder to view user manuals for our equipment.  You get the idea.  

Ideally, I would like for Customer Service to go into the Marketing folder and only see the folders that they have access to in order to retrieve literature pieces.  For example, the Customer Service group is given read access to the Marketing\Division XYZ\Literature\Product ABC directory.  As the Customer Service group traversed down to the Product ABC folder they would not be able to see any other folders or files along their way to get Product ABC directory.  For example, they would not see the folder Marketing\Division XYZ\Images directory.  However, I am not sure if this is possible or not.    

I have read articles that state it is not a good idea to have nested shared folders due to the fact that it can become a nightmare for setting proper permissions.  However, I am not sure how you could keep an organized folder structure without having nested shares.  I suppose that I could break out Accounts Payable and Accounts Receivable from the Accounting folder and have them under Departments.  However, if I broke out all of the subfolders for Accounting, Production, Quality Control and many other departments then I would have a very long list of shares under Departments.  

Although we will only be running one file server at this time, according to my reading it seems that it would be best to setup DFS Namespaces at this point in time to help “future-proof” things in case we add additional file servers and so forth.  It seems like putting in a little work upfront with DFS namespaces can save a lot of potential headaches down the road.  

With all of that said, I am looking for comments, suggestions and opinions on how I am looking to setup our new file server.
Avatar of Matt V
Matt V
Flag of Canada image

We use a similar folder structure, and are just now implementing access based enumeration.  I can confirm that having shares mapped at multiple levels is a nightmare.

We are using a share at each department level, and then access based enumeration to control what users see.
Avatar of csimmons1324

ASKER

mattvmotas,

Do you have users from one department that need to access folders / files in another departments folder?  If so, then I am assuming you have nested shares so that you can set permissions on the subfolder(s) for those people that need specific access to only that subfolder.
ASKER CERTIFIED SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also DFS name space would be useful only if you have multiple file servers so that you can get benefited by redundancy for name space and can setup DFS replica.
DFS replica can be treated as DR solution