Starting over on fileshares...

All,

A little over a year ago (right before I got here) my current place of
employment migrated from a Novell fileserver to Windows 2003 (on a Win2K
native domain) one.

There wasn't any real planning and ever since we've had all sorts of sharing
issues. Such as:
-Only a few out of the 120+ top level folders of the departmental share are
using groups to manage the users.
-The share permissions on the departmental share are set to change for
everyone so there have been individual users granted full control share
permissions, rather than giving domain users full control share permissions
and locking down the folders with their NTFS permissions. This goes along
with the fact that since some users have both FC on the share and NTFS for
some folders they sometimes take ownership thus breaking the folder for
everyone else in the meantime.
-The home drive share is a hidden share (Personal$) but the NTFS permissions
are such that a smart enough can derive any other users login name from our
naming convention to gain entry into their personal drive.

I have a feeling I'm going to be the one tasked to fix these issues and
revamp our fileserver.
My plan would be to lock down the NTFS permissions by making two security
groups per shared folder that needs them, group-rw and group-ro (for
read/write or read-only) and be sure to put in the description which
personnel can approve someone be added to one of those groups for the data.
Then look at which folders belong to whom and figure out who actually gets
to call the shots on granting access to that data and working with them to
migrate the individual users into the groups and then start testing removing
the users implicit permissions.
Other than that, though, I've got nothing, can anyone point me to some good
resources for planning this out or offer suggestions on traps/pitfalls to
avoid?

Thank you,
Les Bowman


.

Relevant Pages

  • Re: Need initial pointers
    ... Here is a link on how to restore default NTFS permissions to W2K. ... > create folders for roaming profiles which cause the local ... > of Shares and nonpropagated user rights and have set up ...
    (microsoft.public.win2000.security)
  • Re: quick file sharing question
    ... Going back and checking the share setup I have, you are correct in stating the share perms are only 3 types. ... You write "Share permissions have the same functionality ... individual files and folders within that share. ... NTFS permissions can be set for a whole tree or for any file ...
    (microsoft.public.windows.server.general)
  • Re: W2K Server to W2K3 Server migration - looking for advice
    ... You can try robocopy.exe tool with the "/SEC" switch to copy the folders ... with their NTFS permissions instead of using FSMT. ... you can also try a third-party tool Secure Copy to migrate the ...
    (microsoft.public.windows.server.migration)
  • NTFS delete problem
    ... I'm having a little trouble setting up NTFS permissions within a Share. ... Share X contains several folders A to Z, folders A - Z contain several ... the files in the subfolders A - C are deleted, ...
    (microsoft.public.windows.server.general)
  • Re: NTFS Security Question.
    ... A subordinate object DOES not inherit the PARENT perms (in ... will assume "Nebulous" permissions that refer to the LINK ... The trick is to PROPOGATE to all FILES (not Folders and Files - that would ... Since Windows 2000 deny NTFS permission does not work ...
    (microsoft.public.windowsxp.security_admin)