Windows XP 70-270 Free Certification Tutorial

Optimize access to files and folders.

One of the NTFS foundations Microsoft wants you to understand is how to properly design a folder structure to correspond with solid security principles. Even though this is a gray area between server administration and desktop OS administration, understanding this concept will help you in your technical career.

By default, new folders and files created in a directory inherit the security permissions of the parent. Due to this design fundamental, as you design a folder security layout, you should think about having the most general groups have security access at the root folder with tighter security as you go into each layer of sub-folders. For example, let’s assume you are designing a folder structure on your file server for all of the departments in your company, it might look like this:

Department

Change Rights for Domain Users

HR

Change Rights for HR Security Group

Finance

Change Rights for Finance Security Group

MIS

Change Rights for MIS Security Group

Operations

Change Rights for Operations Security Group

Benefits

Change Rights for Benefits Security Group

Payroll

Change Rights for Payroll Security Group

Training

Change Rights for Training Security Group

If you start at the top of the flow, you see the Department folder which has Change security Rights for Domain Users. If you follow each level of yellow folders, you see that the security rights get more fine tuned at each level, first for the HR team, then for each department folder within HR, and so on. A Finance user can get into the Department folder, then into the Finance folder, but not into the HR, MIS, or Operations folders.

Likewise, a member of the Training group in the HR department can get into Department, then HR, then Training, but not into Payroll or Benefits folders.

Best practice entails creating security groups and assigning these groups rights to folders, instead of assigning rights for individual users for department folders.

Leave a Reply

Your email address will not be published. Required fields are marked *