Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 2007

Let’s Get Organized: File Server Basics

Follow this plan for an organized, no-hassle file server
From the May 2007 Edition
of Windows IT Pro
Eric B. Rux
Feature
InstantDoc #95354
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints
Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Selling Role-Based Security

Although a file server is one of the most basic services in the server room, I've been surprised at how disorganized many organizations' file servers are. After helping several companies reorganize their file servers, I decided to share some of the common problems that I've seen and introduce you to some ways to fix them by using Windows 2003 built-in features, free add-ons, or new business processes. Come on—let's get organized!

Scattered Data
One company I worked with had fewer than 100 employees but had eight file servers and hundreds of shares. The administrator had a hard time finding the files he needed, and users' desktops were a sea of shortcuts. For this company, consolidating servers and shares onto one large file server made sense. Depending on the service level agreement (SLA) that your IT department has, you might want to consider a cluster or other technology to reduce the risk of putting all of your eggs in one basket. Regardless of your choice, the important thing is to keep your file server structure as easy as possible for users.

For companies that have data scattered all over creation, I recommend a complete reorganization. This option isn't as difficult as it sounds if you carefully plan and communicate well with the rest of the organization. You can gauge the level of file server organization by learning how content or frustrated users are. If the problem isn't that bad (i.e., users can generally get to the information they need), then a simple housecleaning might be in order. Regardless of the scope of your reorganization, I can't over-emphasize the importance of ensuring that the cleanup is a company objective and not just an IT project. You need the support of your company's decision makers.

My ideal file server has just one share that contains multiple parent subfolders. This structure is clean, simple, and provides one-stop shopping for users. Every company is different, but the structure typically looks something like the example that Figure 1 shows. As you can see, the file server has an appropriate name, the share describes the file server's contents, and the subfolders are logically laid out. What about the subfolders that are in the parent folders? Each department should organize its own folders, but you can provide some guidance. I typically ask users leading questions such as the following:

  • Do you have any sub-departments or teams? If so, you might create subfolders to further segregate the data. A large IT department might create subfolders such as Infrastructure, Development, Project Management, and Quality Assurance.
  • Is your work separated geographically, or do you all work together? If multiple locations daily share data, it wouldn't make sense to create Seattle, Portland, and New York subfolders for each location. If the business divisions work independently, a single folder wouldn't be efficient. This example shows why this project can't be just an IT project; the business needs to own the plan.
  • Does your department include different levels of security access? Securing individual files is time-consuming and leads to mistakes. These "one-offs" are easy to forget about, and the security is easy to overwrite if security settings are pushed down from the parent folder to the files. If the department has security boundaries, help department members create their subfolders to mirror those boundaries.
  • If you had to print out all of this data, how would you organize it in a filing cabinet? This question helps users stop thinking about data as bits on a screen and start thinking in terms of documents. Help users organize the file structure as they would organize manila folders in metal drawers.

Once you've set up and secured a basic file-server structure, each department can start to move its data to the new structure. (We'll cover more information about security permissions in a moment.) Be sure to teach users the difference between moving and copying. Moving the data provides a clean break from the old way of storing documents and lets users handle their own data. A good practice is to give users a "due date" when all of the files must be moved.

"Simplify Your Life: Role-Based Security
Now that you have a fresh folder structure, you need a simple way to secure it. In every company that I've consulted with, I've found at least one user account in the Security tab of a file or folder. These rogue accounts typically appear because an administrator or Help desk technician was in a hurry and wanted to close a trouble ticket quickly. Unfortunately, this practice can cause headaches down the road if the user you've given special privileges to changes departments.

For example, one company I worked with regularly moves its temporary accounting help to a full-time position on the operations floor. If a user has permissions to access accounting files and moves to a new position, it can be a real challenge to find all of the places that user had permissions. Finding the permissions is so difficult that often the user would transfer to a new position with the old accounting permissions still intact.

In such a case, the answer is to use security groups. Groups have been around since the early days of LAN Manager. Although most organizations have security groups, many aren't using groups to their full potential. In my consulting work, I typically call security groups "roles." When combined with official roles in the company, security groups are a powerful security solution. So instead of using obscure security group names that only IT understands, roles let managers control the data their employees can access. Imagine a list of security group roles for the accounting department that looks like this:

  • Role Accounting VP
  • Role Accounting Manager
  • Role Accounting AP
  • Role Accounting AR
  • Role Accounting Temp
  • Role Accounting All

Only these roles have access to your new folder structure. Now when a new accounting employee is hired, it's easy for the manager to explain to the Help desk exactly what security groups the user should belong to.

When you add roles to the security of the folder, you can use the naming convention I show above and the additions will be a snap. Find the folder for which you want to configure security. Right-click the folder, and choose Properties. Click the Security tab and click Add. Type the word Role in the Enter the object names to select field, as Figure 2 shows, and you'll get a list of the roles that are in your Active Directory (AD).

   Previous  [1]  2  3  Next 


Reader Comments
Good artical, but in the printer frendly version Figure 6 is cut off!!

norris.norman.c2@edumail.vic.gov.au May 24, 2007 (Article Rating: )

"Be sure to teach users the difference between moving and copying" - good point. However its worth noting the technical issue that a file/folder move from one folder to another on the same server will also bring the existing NTFS permissions and potentially undo all your good set up work, wherea a copy will leave these behind. Perhaps users should be encouraged to move files/folders to a structure that is used as a staging area and then IT staff peform a copy & delete to the final destination to cleanse unwanted permissions.

duncan_priest June 08, 2007 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
VMware and the Future of Virtualization

What's next for virtualization and business IT? Windows IT Pro senior editor Jeff James speaks with VMware President and CEO Diane Greene on the future of virtualization technology. ...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

Common .pst File Questions

Sue Mosher addresses some of the inevitable questions that Outlook users eventually ask about Personal Folders (.pst) files. ...
Security Whitepapers Anti-Virus Is Dead: The Advent of the Graylist Approach to Computer Protection

Getting the Job Done: Comparing Approaches for Desktop Software Lockdown

Instant Messaging, VoIP, P2P, and games in the workplace: How to take back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.


ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Critical Challenges of ESI & Email Retention
Are you storing too much electronic information? Get expert legal advice and better understanding of what you are required to do as an IT professional.

Become a fan of Windows IT Pro on Facebook!
Join us on Facebook and be a fan of Windows IT Pro!

Sustainable Compliance: Are You Having a Resource Crisis?
Read this white paper to examine trends in compliance and security management and review approaches to reducing the cost and operational burden of compliance.

Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro provides trusted IT content with an enhanced new look and functionality! Get comprehensive coverage of industry topics, expert advice, and real-world solutions—PLUS access to over 10,000 articles online. Order today!

Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro and SQL Server Magazine plus bonus Web-exclusive content on hot topics. Subscribe to receive the VIP CD and a subscription to your choice of Windows IT Pro or SQL Server Magazine!



Order Your Fundamentals CD Today!
Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.
Windows IT Pro Home Register About Us Affiliates / Licensing Media Kit Contact Us/Customer Service  
SQL Connected Home IT Library SuperSite FAQ Wininfo News
Europe Edition Office & SharePoint Pro Windows Dev Pro Windows Excavator 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing