Your Company's Folder permissions?

[liquidtrance123]

I'm going through our company's folder permissions recently as I've taken over this responsibility and I'm amazed at how messed up it is. Almost none of the folders inherit permissions from the parents so basically a person in that department might not have permission to read or even write to that departments folder. So basically users are putting everything onto their personal network drives and emailing multiple copies to others in the company that then duplicate the files into their personal network folders. This ends up taking up HUGE amounts of space on our SAN with unneeded duplicate files. I want to try and eliminate this by setting up a departmental/site folder where files can be shared from 1 location, instead of having 400 copies of the same excel document on our SAN.

What I'm trying to get a feel for is how others have their corporate permissions configured.

For instance we have an 'area' folder that contains different 'sites' for that particular area.
Now right now I've got it configured for everyone in that 'area' to have Read access into all the different 'sites' for that 'area'.
But only that particular 'site' has Modify access.

What I'm wondering is if its better to have that 'area' as List Folder Contents only or should I keep it as Read?

I know it really depends on the company, but I just want to get a feel on whats the Norm?

 

[Sieravor]

Generally when an entire department needs access to a specific file or folder, I create a security group in my domain controller and add them as memebers of the group.

then, I go to what ever folder or folders are needed, and add access as appropriate for the new security group. Generally I have the folder set up to inherit from the parent, because it's too much of a waste of time to do it manually, but on those rare occasions I just remove the security group from the share permissions and simply add teh user individually to the folder. Does that make any sense?

Anyway, group management is by far the way to go. Setting up permissions for every single user that needs it is a horrendous waste of time.

Also, if people are using up tons of disk space, set up a disk quota for them. I have about 6TB on my main SAN and I don't let anyone use more than half a gig in their personal workspace. Build the policy, and then enforce it. Tell them to stop.