Re: Corporate File control

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 03/09/04


Date: Tue, 9 Mar 2004 12:02:36 -0500

General note - users should probably never have Full Control over any folder
(except roaming profile folder) - Modify is quite enough.

How often are you finding you need to change permissions? I rarely have to
do this - I set up the permissions on the folders when I set up the server,
and rarely need to modify them unless someone wants a new share that is
restricted to a certain group.

Re viruses - you ought to be running good antivirus software (ideally,
centrally managed) that can scan mail, as well as centrally managed server&
workstation AV software. I use Trend products and have them set to update
from Trend every hour....block Yahoo mail., Hotmail, (and POP/IMAP also if
you have your own mail server).

The rest of your questions - too large for me to be able to answer right
now. Not enough coffee. ;-)

Milton Bliss wrote:
> two questions
>
> 1) who should control user access rights in a file server? IT or data
> owners?
>
> 2) where can if find a document that describes all the NTFS setting in
> IMMENSE detail? There a dozen little setting I only generally
> understand.
>
>
>
> mydoom.f came visiting 2/24/4, two weeks later my systems are
> recovered
>
> The virus was effective at deleting many files because I give most
> people high permissions on the file server. This is because I do not
> understand the settings, nor have I taken the time to ascertain the
> users actual needs. It is easier to give them all rights and not
> worry about it. - I'm worried now.
>
>
>
> I proposed to make each department head administer file permissions
> within their department's data.
>
>
>
> My boss say's "too many cooks spoil the soup"
>
>
>
> What is the best practice? It is true the department heads are busy
> non-technical accountants, marketers, and nurses. Teaching them the
> minutia of NTFS permissions would be challenging. Convincing them to
> maintain the permissions concerns me. Further, does Active Directory
> provide me a way to allow the Marketing director to add/delete people
> to/from the MarketingSecurity group? Then does NTFS allow me to give
> that same Marketing director control the exact rights each security
> group has in a specific set of directories?
>
>
>
> On the other hand, I certainly don't have time. Am I better off
> hiring a clerk to maintain AD and NTFS for the entire company?
>
>
>
> The second question of course is the technical detail, where can I
> find good documentation on NTFS settings? I'll need to know what the
> settings do whether I use them, teach them to department heads or a
> clerk.
>
>
>
> I am grateful for direction of the sages.