Folder Structure - Best practice???

[Guest John]

Can anyone share how they've setup their corporate folder structures?

I'm looking for ideas on how to simplify and reduce administrative

overhead. Userfolders, Departmental folders, shared areas, etc.

thanks in advance.

[Guest Lanwench [MVP - Exchange]]

Re: Folder Structure - Best practice???

 

John <roundsjr@gmail.com> wrote:

> Can anyone share how they've setup their corporate folder structures?

> I'm looking for ideas on how to simplify and reduce administrative

> overhead. Userfolders, Departmental folders, shared areas, etc.

> thanks in advance.

 

It's hard to say, given that companies have different needs. Some companies

want to all users to share/access everything - some want departments and

groups to have only their own folder.

 

As far as simplified administration is concerned, it's got more to do with

your AD group structure than the file/folder hierarchy on your server,

really. Do stuff with groups (not users) and keep things simple. You can

nest AD security groups within other groups, remember.

 

Here's an example ....

 

1. Home directories (\\server\home$\%username%)

2. Management folder (\\server\management$)

3. Accounting folder (\\server\accounting$)

4. General shared data folder (\\server\shared$)

5. Software images,drivers, etc (\\server\distrib$)

 

On the server, that might look like

 

E:\Data

|--Home

|--Management

|--Accounting

|--Shared

|--Distrib

 

Share security = everyone, full control

 

Folder-level security is via AD groups.

I disable inheritence on the E:\DATA folder so everything's customized per

folder.

Administrators & system have full rights to everything.

I don't use Domain Users for anything; I create Companyname Users for

general permissions, and Companyname Management, Companyname Accounting, as

security groups...and the most any of those ever get is Modify (and for the

distrib folder, read&execute only).

 

Your mileage may vary, but the above has worked for me, for years.

 

The only general piece of advice I can give is, don't set up shares/folders

that have different security requirements on their subfolders. E.g., don't

get into the business of denying access to S:\Subfolder1 and S:\Subfolder2

if the whole company has access to the S/parent drive. It can quickly become

a nightmare.

[Guest John]

Re: Folder Structure - Best practice???

 

On Jul 24, 3:56 pm, "Lanwench [MVP - Exchange]"

<lanwe...@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

> John <round...@gmail.com> wrote:

> > Can anyone share how they've setup their corporate folder structures?

> > I'm looking for ideas on how to simplify and reduce administrative

> > overhead. Userfolders, Departmental folders, shared areas, etc.

> > thanks in advance.

>

> It's hard to say, given that companies have different needs. Some companies

> want to all users to share/access everything - some want departments and

> groups to have only their own folder.

>

> As far as simplified administration is concerned, it's got more to do with

> your AD group structure than the file/folder hierarchy on your server,

> really. Do stuff with groups (not users) and keep things simple. You can

> nest AD security groups within other groups, remember.

>

> Here's an example ....

>

> 1. Home directories (\\server\home$\%username%)

> 2. Management folder (\\server\management$)

> 3. Accounting folder (\\server\accounting$)

> 4. General shared data folder (\\server\shared$)

> 5. Software images,drivers, etc (\\server\distrib$)

>

> On the server, that might look like

>

> E:\Data

> |--Home

> |--Management

> |--Accounting

> |--Shared

> |--Distrib

>

> Share security = everyone, full control

>

> Folder-level security is via AD groups.

> I disable inheritence on the E:\DATA folder so everything's customized per

> folder.

> Administrators & system have full rights to everything.

> I don't use Domain Users for anything; I create Companyname Users for

> general permissions, and Companyname Management, Companyname Accounting, as

> security groups...and the most any of those ever get is Modify (and for the

> distrib folder, read&execute only).

>

> Your mileage may vary, but the above has worked for me, for years.

>

> The only general piece of advice I can give is, don't set up shares/folders

> that have different security requirements on their subfolders. E.g., don't

> get into the business of denying access to S:\Subfolder1 and S:\Subfolder2

> if the whole company has access to the S/parent drive. It can quickly become

> a nightmare.

 

Great reply... thanks for your time!