I've recently taken over management of a file server that's turned into a chaotic situation. There are countless one-off user permissions and complex cross-departmental access needs which make simplification quite tricky. The current structure is set by departments, but I'm facing a ton of scenarios where granular user permissions are required for basic tasks like traversal, reading, or write access. I'm looking for guidance from more experienced admins on several points:
1) What are the best practices for creating a shared collaboration area where users from multiple departments can contribute?
2) At what point does creating too many Active Directory (AD) groups for Role-Based Access Control (RBAC) become counterproductive?
3) Should I opt for a single shared space with departmental subfolders, or is it better to maintain separate departmental shares?
4) Tips on gaining support from departmental leaders to help tidy up file access and locations.
I'm aware this will be a long-term project but would appreciate any insights.
5 Answers
For the collaboration space, create a flat folder structure with top-level folders per department and subfolders for specific projects. Implement Access Based Enumeration so users only see what they can access. This keeps things neater. Also, consider nesting groups in AD to simplify permission management.
I recommend having one shared drive named something like "Public" for all users to access, containing only non-sensitive data. Keeping separate departmental folders is easier for managing permissions and access compared to lumping everything into one location. As for buy-in, showing the efficiency gains can help convince upper management.
Great advice! Clean targets are key—making sure to define clear roles helps too.
Honestly, if it’s already a mess, it might be worth considering a retention policy. Start shedding files and directories that haven’t been used in over three years instead of trying to untangle everything. The ROI isn't there for hours spent preserving a mess.
Agreed, getting rid of old files could really lighten the load and save a ton of space.
Starting fresh with a rebuilt structure can be ideal. Understanding how the current setup works is crucial to developing a better new one. Auditing current permissions, even the messy singular ones, is necessary before making any changes.
Completely agree! You have to know what you’re dealing with before you can fix it.
You definitely need buy-in from top executives. If they understand the risks, especially regarding legal accountability, they’ll be more supportive. Without their backing, people will resist changes and create pushback when you try to enforce cleanup.
Right! Framing it in terms of legal risk was a game-changer for us.
Just be aware that if you go this route, the shared drive can quickly become congested if not maintained. Users have a tendency to copy files excessively.