Now that you have the design of your network completed what do you do next?
"Order the equipment and start pulling cables, right?"
Wrong, (sort of) let's take a closer look at one of the most time consuming processes in the small business network design.
1. User Permissions
User Permissions is what separates the Public Shares from the Folders Assigned group of IT Administrators.
Let's setup a shared folder and allow everyone access to this shared folder. Do you assign the "Everyone" group or users group?
How would you share to a single person a folder within a folder for your business? Do you need to allow one group full control over a department folder and limit view to another? Can you group your network users into a single group policy or do you need to create individual group policies for your business.
You could fill up half of that notepad you purchased from OfficeMax with just questions if you think about it for a few minutes.
So why don't you start off by asking questions about your network and start interviewing your users of the network. During your interview process you might find your single shared folder idea isn't going to help keep things organized in the long run.
Let's look at a simple business design that used a single shared folder.
Business A: Shared single folder back in 1998. Everyone had full control over this folder and Copy/Paste was one of the first things the network users learned.
The single folder share started with a single document back in 1998. Today that same single share has over 1,800 folders and 35,000 files. It becomes increasingly difficult to find order within this common share because of how it was used.
- The shared folder was used to backup My Documents from 12 different computers sharing a single login.
- A drafts folder was created that has both final copies and drafts.
- A final copy folder was created that duplicates the drafts folder.
- A user defined folder was created to store individual files from the user.
- Folder names were made by every network user mostly using personal names.
- etc. etc. etc.
The single shared folder plan soon found it's way into the realm of folder chaos.
If you can not relate to the single shared folder example above then you have nothing to worry about. Most likely you don't share folders or your IT manager planned the folder structure to grow without the chaos factor.
You will find many different methods of organizing your files and folders. The example below might not be what you need and is only here for you to get a few ideas during your planning phase.
The basics: If you use groups or if you use only individual users the basic structure fits both methods. It is much easier if you use Groups and add users to Groups but that's up to you and your plan. A 2 employee office wouldn't need to have groups but a 5 employee office could benefit by using groups.
- Start off with a single folder placed on the drive root but not on the OS drive.
- The master folder might look like: D:\XYZ
- Assign permissions to this folder that you can manage.
- EVERYONE (Read, Execute, List, Read)
- SYSTEM (Full Control)
- Administrators (Full Control)
- Users (Read,Execute,List,Read)
- Create your first branch in your tree. I personally like to create user storage folders. User storage often seen as Z:\ is only used by the assigned user.
- Create Folder USER01 or FirstName_LastName (use a name to identify the user)
- Assign permissions
- SYSTEM (Full Control Not Inherited)
- Administrators (Full Control, Not Inherited)
- OWNER CREATOR (Full Control, Not Inherited)
- Username of person accessing this folder (Full Control, Not Inherited)
- Create a Network Training Folder.
- TRAINING (Subfolders in Training help more than you think. Read on)
- Permissions: Users (Read Excute, List, Read) (If you use a Domain controller you can add Domain Users to the root training folder of our XYZ master folder.
- Create your first subfolder in the training folder and call it IT_TRAINING.
- Select the groups of people that need access to the IT_TRAINING FOLDER and give them READ level access only.
- Create your first IT_TRAINING folder and place a TEXT document detailing your file structure. (I can't tell you how many times people file documents in the wrong folder.)
- Continue creating subfolders in your training folder for each department your network design will be including.
- OFFICE_BTR Create your first main Office folder. If you have several locations you can add the location name after the word OFFICE. (Pick something that you can read and know everythin in the folder is office related.)
- In the OFFICE_BTR folder you can now start creating your department folders as you did your training folder. You will not need to "Share" the folders as in the "Shared Folder" function if you have assigned permissions and mapped the folder location. If you must use "Shares" then always a hidden share for everything but the training folder or your general information folder.
- DEPT_PAYROLL (Add only users that require access. Remove all inherited if not needed. Be sure to always allow OWNER, Administrators, SYSTEM to the mix so you don't find yourself locked out.
You should get the point of file structure by now, I could go on and add to the mix FTP, WebDAV, Virtual folder linking etc. But that will be in a follow up post.
When you start designing I can offer one simple security tip to remember.
"When in doubt, BLOCK them OUT."
You know I have never had a person say, "I can see everything in that folder and I don't want to see it." but I have had people say, "I need access to that information."
Keep it on a "Need to Access" bases and you'll find your overall network security better than your average network designs.
Call if you need your network designed as I described above. This work can be done remotely and I'll even scan and fax my OfficeMAX notepad notes after the job is completed.
We even setup virtual road maps for those that take a little more time learning where the old files have gone.