Help with unique directory/file security request

-

i've been asked division of company rearrange our file structure on our network attached storage servers. however, i'm having little trouble coming solution manage file security on new structure in way doesn't create burden on department. here's skinny:

currently our file structure organized department. on our nas's have these parent folders: accounting, engineering, quality, etc.. secure these directories no-brainer, create 2 active directory security groups , give 1 full access , other read-only access corresponding directory. example, quality folder have quality full access , quality read-only security group assigned appropriate permissions on it.

now management wants change structure parent directories aren't organized department, rather part number (we're manufacturing facility). want, example, parent folder called "pn1234567" , directories beneath folder various departments accounting, quality, etc.. need assign unique permissions each of these departmental folders within part number directories, , can't think of practical way of going doing it. wouldn't huge issue except have on 1000 part numbers...

i can understand why want arrange files in manner because corresponds specific part number can found in single location instead of having hunt through directories searching related files/documents. know of way can simplify application of permissions way?

hi carlk4574,

wow have hands full.

with knee jerk reaction sounds job dfsn , heres why that:

1) correct permissions have been applied existing structure - appearance of structure of files need change.

2) scriptable on 1000 part numbers excel , batch files friend

3) because not changing location of files won't break working

how? glad asked :)

lets take hypothetical @ fake structures - assumes each department has folders each part number see below:

i know in real world there still cleanup , lot more messy make sense department owns files. said

you create hidden namespaces each partnumber mydomain.com\pn1$

under pn1$ create folder targets each of departments acct, mfg

the path each target data lives in current folder \\server1\data\acct\pn1
create public namespace access data \\domain.com\data

create folder target each part number , have target point hidden namespace
pn1 -> \\domain.com\pn1$

there still lot of work involved doing lot less painful creating top level folders each part number, assigning authenticated users scope of folder only, creating folders each department, assigning proper permissions on department folder, copy data the new folder , validating permissions x1000 - scripted too. guess real answer come answering is how clean departments keep data, how data, , user acceptance of change.

here blog on design commandline examples
http://blogs.technet.com/b/josebda/archive/2009/08/21/three-ways-to-design-your-dfs-namespaces.aspx

hopefully help





Windows Server  >  File Services and Storage



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more