Hello there everyone,
I could use some help with the setting up some space on the server at my work for members of staff to save their work on. I though that instead of posting the question â€œhow do I go about doing it?â€ I would have a go myself, and look for some pointers and guidance.
Currently, members of staff store all their work in a single folder that is shared across the network, with no structure as to how and where people save their files, let alone security and permission settings. The work stored on the server is divided up into work that is reasonably private and should only be viewable by its owner, some more work that although is not particularly sensitive, is not needed to be shared with other people. We also have some work that needs to be shared with particular groups of staff, as well as work done by individuals that needs to be shared with everyone.
We have a single server, running Windows 2000 Server, being used as our active directory store, an SQL server and a network storage. We have about 40 staff accounts in the active directory, about 25 of which require space on the server to save their files.
I started by creating a global security group â€œServer Storageâ€, to which I add the members of staff who require space on the server to store files. I created a folder in a non boot partition on the server named â€œServer Storageâ€ for all the shared folders and work to be stored under. I set this folder to be shared, with no user limit, and no comment. I removed the â€œEveryoneâ€ group from the permissions, added the â€œServer Storageâ€ group and gave them full access.
In this â€œServer Storageâ€ folder, I created three folders; Public, Private and Shared. With all of these folders, I first disabled the option "allow inherited permissions from parent to propagate to this objectâ€. I then took away the permissions for â€œEveryoneâ€, added the â€œServer Storageâ€ group and gave them read only permissions. I granted full permissions for the Administrator (or else I wouldnâ€™t have been able to do much more!)
In the â€œPrivateâ€ folder, I created a folder for each member of staff in the â€œServer Storageâ€ group. I selected all of the folders, again disabled inherited permissions, removed the â€œEveryoneâ€ group and granted full permissions to the Administrator. I then proceeded with each of these folders in turn to grant the individual user full access to their own folder. One folder per member of staff, each member of staff only able to access their own folder and the Administrator access to everything
In the â€œPublicâ€ folder, I did pretty much the same thing, creating folders for each member of staff, selecting them all to disable inherited permissions and remove the â€œEveryoneâ€ group. I then just added the â€œServer Storageâ€ group, and granted them full permissions to all the folders. One folder per member of staff, each member of staff having access to all the folders.
Finally, I have created a handful of folders in the â€œShared directory, to which I have granted access to various groups of various selections (and sometimes all) members of staff. Some full access, some read only access.
The general idea is that each member of staff has a folder to save work which is private, a folder to save work which is public and viewable by any member of staff, and an area which various work can be viewed and shared with other colleagues. Users can only create manipulate files and folders in the areas they have access to â€“ so members of staff cannot create new files or folders in any of the Server Storage, Pubic, Private and Shared Folder â€“ space for a new member of staff or shared folder has to be created by an administrator. The files in both the Public and Personal are both names after their owner, using a full name, eg â€œFred Blogsâ€ or â€œJohn Doeâ€. I plan to get people to access these files by mapping the Personal, Private and Shared directories as network drives.
I hope that all makes some sense! I could really use some ideas, comments or criticisms on anything I might have done wrong, or ways I could make this better. For example, is it a problem that each member of staff has two folders in different areas that have the same name? Should I change the format of one of these folders? â€“ They currently both look like this:-
John Doe on \\Server.\Server Storage\Private
John Doe on \\Server.\Server Storage\Public
Would it be an idea to change these names, should I be using the member of staffâ€™s actual network account name?
Are the actual names of the root directories and security groups suitable?
Any advice, feedback or hints with this would be really greatly appreciated!