Advice Setting up File Server Shares and DFS Namespaces
Posted on 2014-08-06
Sorry for the long-winded post. I am looking for some advice and suggestions on structuring a new file server using Server 2012. Below is what I planned on using for my file server hierarchy.
- Applications (Folder for Shared Applications)
- Data - (Non-Shared Folder)
- Departments - (Shared Folder)
- Accounting - (Shared Folder)
- Accounts Payable - (Shared Folder)
- Accounts Receivable - (Shared Folder)
- Human Resources - (Shared Folder)
- Information Technology - (Shared Folder)
- Marketing - (Shared Folder)
- Production - (Shared Folder)
- Plant 1 - (Shared Folder)
- Plant 2 - (Shared Folder)
- Plant 3 - (Shared Folder)
- Plant 4 - (Shared Folder)
- Plant 5 - (Shared Folder)
- Projects - (Shared Folder)
- Project 1 - (Shared Folder)
- Project 2 - (Shared Folder)
- Public - (Shared Folder for users to share files with other users. Files will be removed after 5 days. )
- UserData - (Hidden Share to hold User’s Redirected Folders such as My Docs)
I envisioned simply mapping a drive letter to the Departments folder for all users. Using Access Based Enumeration, when I user went into the Departments folder they would only see the departments that they have access to. Each department is responsible for organizing and structuring the files within their share.
Due to the fact that we are a small company and most people where multiple hats, almost everyone will need at least some type of access to multiple department folders. For example, production will need to be able to drill down into the Engineering folder to open CAD drawings. Customer Service will need to drill down into the marketing folder and view PDF files of literature pieces. Customer Service will also need to drill down into the Engineering folder to view user manuals for our equipment. You get the idea.
Ideally, I would like for Customer Service to go into the Marketing folder and only see the folders that they have access to in order to retrieve literature pieces. For example, the Customer Service group is given read access to the Marketing\Division XYZ\Literature\Product ABC directory. As the Customer Service group traversed down to the Product ABC folder they would not be able to see any other folders or files along their way to get Product ABC directory. For example, they would not see the folder Marketing\Division XYZ\Images directory. However, I am not sure if this is possible or not.
I have read articles that state it is not a good idea to have nested shared folders due to the fact that it can become a nightmare for setting proper permissions. However, I am not sure how you could keep an organized folder structure without having nested shares. I suppose that I could break out Accounts Payable and Accounts Receivable from the Accounting folder and have them under Departments. However, if I broke out all of the subfolders for Accounting, Production, Quality Control and many other departments then I would have a very long list of shares under Departments.
Although we will only be running one file server at this time, according to my reading it seems that it would be best to setup DFS Namespaces at this point in time to help “future-proof” things in case we add additional file servers and so forth. It seems like putting in a little work upfront with DFS namespaces can save a lot of potential headaches down the road.
With all of that said, I am looking for comments, suggestions and opinions on how I am looking to setup our new file server.