Departments use file servers to more efficiently store and share files. As compared with emailing files, for example.

Notes

• But as with any change in workflow, conventions may need to be discussed and agreed on, and new skills and habits developed.
• When and if it's a "go" per Physics's decision, PhysIT can make this server "drive" appear automatically so it becomes easily available on all staff computers. This is almost immediate, once committed, via AD policy.
  • This drive will appear on all Physics staff computers. It can safely be ignored by folks not using the service, but they may appreciate knowing what why it will appear on their computer.
• Roger has workd with Greg at A&S to set up the space (started 11/15/13), in anticipation that this service will prove of value to Physics. This could have easily been reversed if there had been a "no go" decision, of course.

See also

• http://www.physics.cornell.edu/professorspeople/administrative-staff/

December 2014

Next step, as of Friday, 12/15/14:

Deb to schedule a Physics staff mtg week of 1/12/2015 to demo share and have a Q&A. Deb to demo, with ChemIT's assistance as desired. ChemIT staff to be available during the meeting.

• Invite all staff with current permissions, as well as Mark, Vince, and Jenny. (Per John, no need to have Dorothy or Nick attend.)

Actions taken so far

Oliver demo to John and Deb on 12/15/14 (Monday), a "next step" from Friday, 11/14/14.

• We looked over structure within John's account after (temporarily) mounting their drive, <//files.cornell.edu/as/phy/admin>.
• Oliver created demo account <as-phy-it-user> and added it to the "Instruction" group so we can see what limited permissions look like logged on with that account.
  
  • Confirm inaccessible folders are visible, but that they prevented access if access not permitted, prompting a dialog box stating as such.

Phase one: Shared folders

Synonyms: Folders == directories.

Conventions used among staff will limit actions not necessarily enforced by the permissions.

Objective: Reduce complexity to reduce mistakes and facilitate debugging, balanced with ensuring security and adequate access.

Groups

Folders and permissions

Folders hierarchy

SysAdmin Note:

1. Permissions on shared dept folders will be applied only by groups, not ID's (Due in part to the complexity of tracking /adding / removing individual permissions applied to folders, as well as possible file inheritance & permissions settings.)

1. Individual ID permissions should only be granted to folders in "Users" folder trees, if used. (Scripting / variables may be preferred)

1. Groups should have a functional name (please) "Business office", "Instruction", etc.
2. All Phy dept sub-groups will be put in a primary Physics Admin / dept group - which is used to apply policies, map drives, apply networked printer queues, allow access to the share, etc.
   1. A special
3. All staff must be in at least one sub-group, and preferably only one - even if the group only contains one person. (To allow access to share, policy’s, etc.)
4. Folders which everyone can access do not need finer grained permissions. (Use primary group @ root only)
5. Groups may either be nested (HR in Business Office), or multiple groups may be given permission to a folder (Safety, Facilities), as appropriate.
6. Where group nesting/ combining is not sufficient, a user may be placed in more than one group.
7. Caution is advised with any nesting or combined group access, unintended future rights may result.
8. It is desirable to use these same groups for all services, such as Group Policies, FileMaker, Printing, File Sharing, etc.
   1. Policies can only be applied to accounts which are in the AD Tree cornell.edu\CUinv\NetIDs\Staff\AS\, or are created by AS/ChemIT/Physit (Special admins, guestID's, etc.)

Phase two: Individual's folders

• TBD

Info from John Miner, to inform this: