Security Basics mailing list archives

Designing file server file/folder structure.

From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Mon, 6 Oct 2008 15:34:42 -0500

Hi,

I have a request for ideas about how to design the folder structure on a
Win2K3/NTFS share.
What we have inherited is a D:\ drive with a number of folders named
according to departments, each folder is then mapped to a drive letter
in a logon script.
Each department has access to their own drive in addition to a drive
everyone has access to.

Now about 10 years have passed and just about everyone has access to
just about all shares because at some point an individual needed access
to a file or two within a department drive where they don't initially
belong. Perhaps the file needed access to was too sensitive to be placed
on the company share.

So, after pushing for a long time I am finally making some headway in
acceptance of redoing the layout.

Ideally we end up with department folders accessible only to department
staff, but beyond this any layout I can think of doesn't scale well.
My though is to begin a folder structure where folders are named based
on who has access, like:
"DepartmentA - DepartmentB"
If permissions are set right you only get to see folders where you have
files related to what you do. However, with 20 departments or so, what
happens when seven'ish departments needs access to a file. Folder names
become quite long and I doubt this scales well should the company grow
significantly.

The server holds roughly 1.2TB of miscellaneous flat file data. Word
docs, excel spreadsheets, PDF's etc. etc. Nothing fancy. And we are a
Windows shop.

What works for others?
Do you at some point lean back and say I can't get permissions as
granular as I like without being a serious nuisance to the end users?

I feel this is rather trivial but I can't seem to come up with a
solution that is somewhat future proof.

Thank you

Nick

This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged,
confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby
notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in
reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please
notify the sender that this message was received in error and then delete this message.
Thank you.

Current thread:

Designing file server file/folder structure. Nick Vaernhoej (Oct 06)
- RE: Designing file server file/folder structure. Murda Mcloud (Oct 07)
- Re: Designing file server file/folder structure. Kurt Buff (Oct 07)
- RE: Designing file server file/folder structure. Nick Vaernhoej (Oct 21)