Departments use file servers to more efficiently share files, as compared with emailing files.

Notes

• But as with any change in workflow, conventions may need to be discussed and agreed on, and new skills and habits developed.
• When and if it's a "go" per Physics's decision, PhysIT can make this server "drive" appear automatically so it becomes easily available on staff computers. This is almost immediate, once committed, via AD policy.
• Roger is working with Greg at A&S to set up the space (as of 11/15), in anticipation that this service will prove of value to Physics. This can easily be reversed if a "no go", of course.

November 2014

Phase one: Shared folders

Synonyms: Folders == directories.

Conventions used among staff will limit actions not necessarily enforced by the permissions.

Goal: Reduce complexity to reduce mistakes and facilitate debugging, balanced with ensuring security and adequate access.

Groups

Group name: AS-PHY-AdminStaff

Folders and permissions

Folders hierarchy options/ ideas

Do you want an "Instruction" folder, containing folders specified above?

Do you want a "Business" folder, containing folders specified above?

Do you want some other folder, to contain folders specified above?

Idea 1: One level deep for some folders

Idea 2: All folder at top level

SysAdmin Note:

1. Permissions on shared dept folders will be applied only by groups, not ID's (Due in part to the complexity of tracking /adding / removing individual permissions applied to folders, as well as possible file inheritance & permissions settings.)

1. Individual ID permissions should only be granted to folders in "Users" folder trees, if used. (Scripting / variables may be preferred)

1. Groups should have a functional name (please) "Business office", "Instruction", etc.
2. All Phy dept sub-groups will be put in a primary Physics Admin / dept group - which is used to apply policies, map drives, apply networked printer queues, allow access to the share, etc.
   1. A special
3. All staff must be in at least one sub-group, and preferably only one - even if the group only contains one person. (To allow access to share, policy’s, etc.)
4. Folders which everyone can access do not need finer grained permissions. (Use primary group @ root only)
5. Groups may either be nested (HR in Business Office), or multiple groups may be given permission to a folder (Safety, Facilities), as appropriate.
6. Where group nesting/ combining is not sufficient, a user may be placed in more than one group.
7. Caution is advised with any nesting or combined group access, unintended future rights may result.
8. It is desirable to use these same groups for all services, such as Group Policies, FileMaker, Printing, File Sharing, etc.
   1. Policies can only be applied to accounts which are in the AD Tree cornell.edu\CUinv\NetIDs\Staff\AS\, or are created by AS/ChemIT/Physit (Special admins, guestID's, etc.)

Phase two: Individual's folders

• TBD

Info from John Miner, to inform this: