File Server Consolidator

Photo Credits:Gaetan Lee

Brian has just finished a monthly report. Before he sends it to his boss, he asks a coworker, James, to review it:

B: “James, would you please take a look at my monthly report?”

J: “Sure. Where is it?”

B: “It’s in the Drafts folder on the G drive.”

J: “Are you sure it is on drive G? I don’t see the folder named Drafts. There are only budget related folders.”

The company Brian and James work for uses many file servers. Each of them publishes many pools with folders and files. To access the folders and files more easily, users map them with different drive letters.

Brian and James both used letter G to map a network drive, but they used it to map two different network drives. No wonder they each see a different picture when they open their own drive G!

Have you ever been in the situation like that? Some users who work on many projects make use of almost all letters in the alphabet! Can you imagine how difficult it is to collaborate in an environment like that?

A time comes when you have to start with folder reorganization on your file servers. This is also the right time to standardize how network drives get mapped. When all users use the same drive letter to access a shared drive it is much easier to refer others to a specific file.

Which Letters to use for Standard Network Drives

This largely depends on the level you managed to simplify your shared folders. In general it is better to use a letter you can associate to the purpose of the drive.

Most organizations offer users a private space on a file server, known as “home folder”. You can automatically map each user’s home folder as drive H (for home). Some organizations prefer letter P (for personal).

If you managed to consolidate all your shared folders to one folder pool, you can map it with letter G (for group) or S (for shared). Some companies use letter W (for work-group).

Organizations that utilize corporate identity formats can prepare a special folder share with templates and map it as drive T (for templates). It can contain standard templates for memos, fax, orders, presentations, etc. for company-wide use.

If you haven’t used the letter S to map a shared group drive, you can use it to map a drive with useful programs (S for software). You can also use letter U (U for utilities).

Standardize Drive Letter for CD and DVD Drives

It might be useful to standardize a drive letter for CD or DVD drives. All computers could be set up to have a CD or DVD drive available under letter X. This could simplify life for authors of installation scripts. It is also convenient for users because a DVD drive will be under the same letter on all computers, independently of the number of local hard drives and partitions.

Lets say you have decided to put your file servers in order. You are going to migrate them, consolidate them or just restructure the folders. We IT professionals like it when it is not necessary to involve users. We like to buy better, bigger, faster machines and move data there, hoping the only thing the users will notice is better speed and more space. There is nothing wrong with that. But do you really have to move all the data? Is it really necessary to keep all those files forever? There might be files that nobody has opened for years! Wouldn’t it be great if you could just delete them? But how do you know if you can delete a file that hasn’t been opened for eight years? It might make sense that you can, but what if the law requires that you have to keep it for ten years? Unfortunately, only the owner of this file knows that information, and so it becomes necessary to involve users.

Involve Users

When you really want to clean up your file servers you have to involve users. They have to give you the information on which folders should be preserved and where they should be placed. I know it sounds like a big hassle if there are many users, but you do not have to work with each user individually. Instead, meet with key users or department heads and explain the details to them. Provide them with all the information material they need to inform others, then ask them to forward the information to their subordinates.

Get Management to Support You

As with all important changes in the company, it is very important to have top management support. Explain to them the problem you are solving and the benefits of the changes. Usually it is not difficult to persuade management to give their support. They also feel the pain every day when they try to find files on file servers. Users will generally take the project much more seriously if top management introduces it to them. It is a good idea to prepare an introductory e-mail message and ask the manager to send it to all the users.

Carefully Prepare the Timeframe and Deadlines

You have to give the users enough time to prepare the information you will need. When deciding on a deadline, keep in mind that it usually takes several weeks to get all the information. Some users will be very busy on their projects. Some will be out of the office and won’t be able to prepare the information for you as quickly as you would like. On the other hand, you don’t want to give them too much time. The more time you give them the more they will procrastinate. Often people collect the information you need only after being reminded several times. You should be prepared to receive most of the information just before the deadline. Schedule the deadline at least a week before the folder restructuring will actually take place. Expect also that some users will miss the deadline. Of course, no data should be lost and you will have to migrate their folders too.

Keep Users Informed

Inform the users regularly about the status of the information collection. If possible, display graphically which folders will be migrated and which folders will be deleted. If you can prepare a tree view of the source folders it will be very illustrative to them. Mark bold all the folders for which you have received the necessary information. This will get the users’ attention when they see that a folder they use is not going to be migrated. Then they will make sure you get the necessary information.

Make a Backup and Test It

No matter how much time you give to users, there will always be some files that they won’t tell you about. Make sure to make a backup to tape or other media before you move the data. It is very important to test that backup. If you are going to delete the source folders after the folder reorganization you have to make sure you can get the data from the backup.

Imagine a company that has decided to setup a file server. After the file server is installed and a share is set up, the users create several folders, where they place their files.

With time the users notice that file sharing is easier when the files are stored on the file server, rather than stored locally on their individual computers. In addition, the IT department runs a backup every night. The number of files and folders constantly increases; therefore, it now takes a great deal of effort to find the correct folder.

Additionally, users quickly find out that it is useful to prefix their folders with numbers. This way the folder appears right on top of the list. Shortly, the folder structure looks similar to the one below:

They quickly find out that other characters are even more effective. The folder list becomes like this:

Soon the filer server content becomes a muddled set of folders, with several folders serving the same purpose. It gets harder and harder to find the folder one needs.

How to prevent this problem

The solution to muddled file server content is quite simple. Do not permit users to create first level folders by themselves. They should always ask when they need a folder on that level.

In some environments it might be even better to fix the first level folder structure. Get together all the key users and have them decide on the folders that should be on the first level. After that, new folders could be added to the first level only exceptionally. Users must decide which first level is the most suitable for their data and then create a new folder beneath. All new folders must be created on the second level or lower.

What if you already have a file server in need of folder restructure?

Eventually you will have to grasp the nettle. Remember, many users will resist any change. For that reason it is essential to have top management support.

Make it easy for users to give you information on which folders they use and how they should be restructured. For smaller file servers you can create a template in Word or Excel and ask them to fill in the information. For each folder on the new server they should send you the name of the folder, where should it be placed and which folders from the old server must be migrated to the new folder. Combine the information that users send to you in a spreadsheet and periodically send it back to them. If they notice that some of their folders are not marked for processing they should send you that information.

With some effort you can transform that spreadsheet to a script that can be used to copy the old file server to a new one.

For larger file servers you might need to consider a tool designed for folder restructuring.

Windows File Server gives you many possibilities to configure permissions. You can have one set of permissions on a parent folder and another set on sub-folder(s). You can configure some sub-folders to inherit permission from the parent and the other sub-folders to have completely different permissions. You can gather users to local groups or domain groups and then grant permissions to those groups. You can also grant permissions on folders to individual users. You can use any combination of local groups, domain groups and individual users to define permissions.
With so many options available, what is the best way to manage security on file servers?

I’ve collected some best practices I would like to share with you.

Use domain security groups to manage folder permissions.

For each folder create two domain security groups. One group for users with read only permissions and another group for users with read and write permissions. Use only those two groups to manage folder permissions. When a user needs write permissions put him or her to the group that has write permissions. If he or she needs only read permissions, then put him or her to the group with read only permissions. Users that are not members of any of those two groups do not have access to that folder. A nice benefit of this best practice is that administrators can manage permissions without touching file servers. They just add or remove users from security groups in the Active Directory.

Always use the same pattern for group names. One possible pattern is “ServerName-ShareName-FolderName-GroupType”.
An example of a group name would be “UserFiles-Common-TopQualityDeviations-RW”.

“ServerName” is the name of the server where the folder is located.
“ShareName” is the name of the share on the file server.
“FolderName” is the name of the folder, where you replace spaces with underscores or use Pascal Case.
“GroupType” describes the permissions that user in that group will have on that folder. Use letter R for read only permissions and RW (or only W) for read and write permissions.
If you decide to use only one share for all the files you can omit the share name part.

Define permissions only on one folder level.

Often users want some colleagues to have read access on a parent folder. For some sub-folders they would like to give some of those users write permissions. For some sub-folders they want only two or tree people to have access and ban everybody else.
Don’t fall into that trap. It takes only a small amount of inattention when you change permissions on a parent folder and permissions on sub-folders will be reset. Some sensitive information could be disclosed and you will be in trouble.
Define permissions only on one folder level. All the files and folders beneath that folder inherit those permissions. When users demand different permissions for a sub-folder move that folder one level up and define unique permissions for that folder and all its sub-folders.

Define the “owner” of each folder

Each folder should have an owner. The owner is a person that is responsible for the contents of the folder. This is also a person that has to approve all security changes for that folder. When some users ask for access to a folder, administrators should ask the owner to approve the change before they make it. It would be even better if you have the user ask the owner to request the change.
Put the owner information to the comments field in the Active Directory security group. This way you don’t have to maintain a separate list of folders and owners. Administrators have the information readily available when they open a group properties window.