Security Basics mailing list archives
Designing file server file/folder structure.
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Mon, 6 Oct 2008 15:34:42 -0500
Hi, I have a request for ideas about how to design the folder structure on a Win2K3/NTFS share. What we have inherited is a D:\ drive with a number of folders named according to departments, each folder is then mapped to a drive letter in a logon script. Each department has access to their own drive in addition to a drive everyone has access to. Now about 10 years have passed and just about everyone has access to just about all shares because at some point an individual needed access to a file or two within a department drive where they don't initially belong. Perhaps the file needed access to was too sensitive to be placed on the company share. So, after pushing for a long time I am finally making some headway in acceptance of redoing the layout. Ideally we end up with department folders accessible only to department staff, but beyond this any layout I can think of doesn't scale well. My though is to begin a folder structure where folders are named based on who has access, like: "DepartmentA - DepartmentB" If permissions are set right you only get to see folders where you have files related to what you do. However, with 20 departments or so, what happens when seven'ish departments needs access to a file. Folder names become quite long and I doubt this scales well should the company grow significantly. The server holds roughly 1.2TB of miscellaneous flat file data. Word docs, excel spreadsheets, PDF's etc. etc. Nothing fancy. And we are a Windows shop. What works for others? Do you at some point lean back and say I can't get permissions as granular as I like without being a serious nuisance to the end users? I feel this is rather trivial but I can't seem to come up with a solution that is somewhat future proof. Thank you Nick This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- Designing file server file/folder structure. Nick Vaernhoej (Oct 06)
- RE: Designing file server file/folder structure. Murda Mcloud (Oct 07)
- Re: Designing file server file/folder structure. Kurt Buff (Oct 07)
- RE: Designing file server file/folder structure. Nick Vaernhoej (Oct 21)