Let’s Get Organized: File Server Basics

[May 2007]
Let’s Get Organized: File Server Basics
Follow this plan for an organized, no-hassle file server
By: Eric B. Rux
Feature
InstantDoc #95354
From the May 2007 edition of Windows IT Pro

SideBar Selling Role-Based Security

Although a file server is one of the most basic services in the server room, I've been surprised at how disorganized many organizations' file servers are. After helping several companies reorganize their file servers, I decided to share some of the common problems that I've seen and introduce you to some ways to fix them by using Windows 2003 built-in features, free add-ons, or new business processes. Come on—let's get organized!

Scattered Data
One company I worked with had fewer than 100 employees but had eight file servers and hundreds of shares. The administrator had a hard time finding the files he needed, and users' desktops were a sea of shortcuts. For this company, consolidating servers and shares onto one large file server made sense. Depending on the service level agreement (SLA) that your IT department has, you might want to consider a cluster or other technology to reduce the risk of putting all of your eggs in one basket. Regardless of your choice, the important thing is to keep your file server structure as easy as possible for users.

For companies that have data scattered all over creation, I recommend a complete reorganization. This option isn't as difficult as it sounds if you carefully plan and communicate well with the rest of the organization. You can gauge the level of file server organization by learning how content or frustrated users are. If the problem isn't that bad (i.e., users can generally get to the information they need), then a simple housecleaning might be in order. Regardless of the scope of your reorganization, I can't over-emphasize the importance of ensuring that the cleanup is a company objective and not just an IT project. You need the support of your company's decision makers.

My ideal file server has just one share that contains multiple parent subfolders. This structure is clean, simple, and provides one-stop shopping for users. Every company is different, but the structure typically looks something like the example that Figure 1 shows. As you can see, the file server has an appropriate name, the share describes the file server's contents, and the subfolders are logically laid out. What about the subfolders that are in the parent folders? Each department should organize its own folders, but you can provide some guidance. I typically ask users leading questions such as the following:

Do you have any sub-departments or teams? If so, you might create subfolders to further segregate the data. A large IT department might create subfolders such as Infrastructure, Development, Project Management, and Quality Assurance.
Is your work separated geographically, or do you all work together? If multiple locations daily share data, it wouldn't make sense to create Seattle, Portland, and New York subfolders for each location. If the business divisions work independently, a single folder wouldn't be efficient. This example shows why this project can't be just an IT project; the business needs to own the plan.
Does your department include different levels of security access? Securing individual files is time-consuming and leads to mistakes. These "one-offs" are easy to forget about, and the security is easy to overwrite if security settings are pushed down from the parent folder to the files. If the department has security boundaries, help department members create their subfolders to mirror those boundaries.
If you had to print out all of this data, how would you organize it in a filing cabinet? This question helps users stop thinking about data as bits on a screen and start thinking in terms of documents. Help users organize the file structure as they would organize manila folders in metal drawers.

Once you've set up and secured a basic file-server structure, each department can start to move its data to the new structure. (We'll cover more information about security permissions in a moment.) Be sure to teach users the difference between moving and copying. Moving the data provides a clean break from the old way of storing documents and lets users handle their own data. A good practice is to give users a "due date" when all of the files must be moved.

"Simplify Your Life: Role-Based Security
Now that you have a fresh folder structure, you need a simple way to secure it. In every company that I've consulted with, I've found at least one user account in the Security tab of a file or folder. These rogue accounts typically appear because an administrator or Help desk technician was in a hurry and wanted to close a trouble ticket quickly. Unfortunately, this practice can cause headaches down the road if the user you've given special privileges to changes departments.

For example, one company I worked with regularly moves its temporary accounting help to a full-time position on the operations floor. If a user has permissions to access accounting files and moves to a new position, it can be a real challenge to find all of the places that user had permissions. Finding the permissions is so difficult that often the user would transfer to a new position with the old accounting permissions still intact.

In such a case, the answer is to use security groups. Groups have been around since the early days of LAN Manager. Although most organizations have security groups, many aren't using groups to their full potential. In my consulting work, I typically call security groups "roles." When combined with official roles in the company, security groups are a powerful security solution. So instead of using obscure security group names that only IT understands, roles let managers control the data their employees can access. Imagine a list of security group roles for the accounting department that looks like this:

Role Accounting VP
Role Accounting Manager
Role Accounting AP
Role Accounting AR
Role Accounting Temp
Role Accounting All

Only these roles have access to your new folder structure. Now when a new accounting employee is hired, it's easy for the manager to explain to the Help desk exactly what security groups the user should belong to.

When you add roles to the security of the folder, you can use the naming convention I show above and the additions will be a snap. Find the folder for which you want to configure security. Right-click the folder, and choose Properties. Click the Security tab and click Add. Type the word Role in the Enter the object names to select field, as Figure 2 shows, and you'll get a list of the roles that are in your Active Directory (AD).

Prev. page [1] 2 3 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

Good artical, but in the printer frendly version Figure 6 is cut off!!

norris.norman.c2@edumail.vic.gov.au- May 24, 2007

Article Rating 3 out of 5

"Be sure to teach users the difference between moving and copying" - good point. However its worth noting the technical issue that a file/folder move from one folder to another on the same server will also bring the existing NTFS permissions and potentially undo all your good set up work, wherea a copy will leave these behind. Perhaps users should be encouraged to move files/folders to a structure that is used as a staging area and then IT staff peform a copy & delete to the final destination to cleanse unwanted permissions.

duncan_priest- June 08, 2007

Article Rating 4 out of 5

ADS BY GOOGLE

SQL JOB OPENINGSSPONSORED LINKS

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

"Real Time BI" Through Real Time Data Integration: Yesterday's data is no longer sufficient to run a business, change data capture (CDC) is an innovative new software technology that is changing the data integration landscape. Find out more…

Simplify your data management: Affordable multi-database query and design tool-- free trial!

Featured Web Seminar - Change Management & Compliance: Learn how monitoring and change management are vital aspects of both day-to-day operations as well as compliance scenarios.

FEATURED LINKS

Ease Your Scripting Pains with the Flexibility of PowerShell!: Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

You’ve Deployed SharePoint…Now What?: This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Virtualization Technologies and Disaster Recovery Planning: Download this paper to see how you can realize up to 70% cost savings by using virtualization technologies in your disaster recovery plan.

Coming in December –SQL Live Event Series: Join independent experts to discover about if or when you should make the critical upgrade decision about SQL Server 2008

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technology Resource Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Reader Comments

Related Events

Related Resources

SQL JOB OPENINGSSPONSORED LINKS

FEATURED LINKS