File Servers 101
Let’s Get Organized: File Server Basics | Eric B. Rux | WinITPro InstantDoc #95354
This article starts out with this statement, “Although a file server is one of the most basic services in the server room, I’ve been surprised at how disorganized many organizations’ file servers are.” Allow me to second that opinion. Most people don’t put any thought into their file structure or permissions on a file server, normally it seems as if they have grown organically and poorly managed with a “make it work mentality”. Rux lays out some simple steps to planning and implementing file server permissions and then introduces a gem of a tool.
First, determine your structure. Whether your files are organized by roles, departments, or location. Plan your work, work your plan. Ask a few questions:
“Do you have any sub-departments or teams?
Is your work separated geographically, or do you all work together?
Does your department include different levels of security access?
If you had to print out all of this data, how would you organize it in a filing cabinet?”
Then create your share and NTFS structure. Remember that the least restrictive permission to takes precedence. I suggest allowing [Everyone – Full Control] on the share permissions, and then use NTFS permission for controlled access. Also, use the least number of share permissions.
Example: If you need to create several user mapped drives, like a home folder mapped to a server by username, DON’T create user1 folder, user2 folder, user3 folder and then individual share them. DO create a parent folder named Users, share “Users” to everyone, create child folders for user1, user2, user3 and use NTFS permissions to only allow that user access.
The best thing from the article is his introduction of ABE
“your users also see all of the subfolders in your file structure, regardless of whether they have permissions for them. Until recently, this exposed view was necessary… Fortunately, Microsoft has finally remedied the problem (for Windows Server 2003 only) by supplying a small add-on called Windows Server 2003 Access-based Enumeration (ABE). According to Microsoft, ABE “makes visible only those files or folders that the user has the rights to access.”
Wow, very cool. That is worth the cost subscription to WinITPro alone. Check out his full article. Thanks Rux