Managing shared drives in a network is a daily routine for a Network Administrator. He needs to make sure only the users that need access to the files have the right permissions to do so, and filter out the rest. In this post I will discuss how to manage shared drives in a network. Read on.

The best way to manage shared drives in a network is through active directory using Security Groups. Creating a security group for each department will ensure only personnel from that department will have access to their drive. a communication department will be setup this way:

It could also be a good idea to create a “Public” folder under the communication share drive to share the public stuff with other departments. In that case you will create a “Communications” top folder with a Private and Public subfolders. add the domain users group as “read” only to the public folder but restrict the access to the private folder to everyone but the communication team in the security group.

The process gets more complicated when departments work interchangeably, and managers want people to have access to specific files on a shared drive, but not to the entire drive. In this case if it’s only a handful of people that need access to a specific folder, I would add them manually using the NTFS security tab. But I set a limit of not adding more than 5 people to each folder; otherwise I create a specific security group to manage the access security.

What level of security is good to use? Is good to use “modify” level for private drives, and “Read & Execute” for public, in this case anyone from any department can get to the public drives, but no one has the privilege to modify anything unless is authorized by the department manager. Of course, personnel having privilege to modify in the private folder should have the same level of permission in the public folder too.

Is it bad to give full permission to users? Yes, is pretty bad. Because users having full access to the drive can take ownership and add or remove people from the drive, which is a task only an administrator should do.

Get the latest post from Help Desk Geek in a RSS reader. Subscribe to this blog.

This entry was posted on Tuesday, May 6th, 2008 at 6:52 am and is filed under How-To. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.