Best practice for access to multiple Dept Drives?

Discussion in 'Active Directory' started by AussieChad, Sep 19, 2005.

  1. AussieChad

    AussieChad Guest

    Hi there,

    I am doing a re-design of our current AD structure and I'm now working on
    the logon scripting and group membership.

    What I require is the best practice for allowing certain staff to access
    multiple deparmental drives?

    An example is if jsmith is currently a member of the 'Sales' group, he
    automatically gets G:\(Sales) as this is where the logon scripts maps him.

    Users in the 'Finance' group will get G:\(Finance)

    jsmith also requires access to certain files in the Finance dept folder.
    How should this be setup? I don't want to allow permissions for a single
    user, and I want it to accessible in a user-friendly way.
    It needs to allow for future expansion that if more users from different
    depts require access to the same folder I can add them to a group.

    Is providing a shared mapped drive the only solution? ie: creating a new
    folder on S:\Finance and creating a new group and adding the entire Finance
    group, as well as other individuals that will require access to that
    particular folder?

    At the moment it is really messy and we have individuals that have set
    permissions to access other dept drives, and then they manually map that
    drive. This surely is bad practice and shouldn't be used?

    Thanks for you help in advance.
    TC
     
    AussieChad, Sep 19, 2005
    #1
    1. Advertisements

  2. Is providing a shared mapped drive the only solution? ie: creating a new
    Configure as you said. If there are sales users that need access to some of
    the finance stuff, create another group, e.g. sales-finance and add these
    sales users to this group. Grant that group permissions on the finance
    folder (in addition to granting the finance group permissions).
     
    Paul Williams [MVP], Sep 19, 2005
    #2
    1. Advertisements

  3. AussieChad

    Paul Bergson Guest

    What we do is we have a common shared folder area. All users are mapped to
    our p drive. From there groups are created for each sub-folder created at
    the p drive level. So if there is a cad folder we called it
    \\server\apps\cad or a hr_newhires \\server\apps\hr_newhires etc... There
    are two groups created apps_cad_read_only and an apps_cad_users users that
    should have either read or read/write are given membership in the group.
    This prevents you from having to write scripts to see if they belong to this
    group or that group, they can only see the groups that they are given
    permission to use.

    It is very simple and works well.

    --


    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson, Sep 19, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.