Don't mean to sound flippant, but if you're brought in to clean up, then clean up. Maximize availability of services, explain and plan downtime to minimize impact on the business, but ultimately, you're brought in to cleanup. If you don't have enough flexibility to clean up a mess, then you need to consider walking away.
On Wed, Jun 17, 2009 at 3:13 PM, aci <[email protected]> wrote: > TIA for any and all replies to this inquiry... > > I am coming in to clean up previous tech's migration/setup of a 2003 to > 2008 windows domain. The existing network shares and user folders are a > complete mess whereby everything is currently in one directory > > \\servername\netshare\*.* which is of course mapped at the root as a > network drive accessible to all users on the domain. > > This includes a dozen security groups, SQL data, application directories > and shared user folders. > > Typically when I am setting things up from scratch I put user data, > database data and shared folders in completely different directories secured > with share and NTFS permissions, mapping drives only to specific folders > based upon "need to access" policies. > > In this case, with everything already set up, and several things difficult > (not impossible) to move, I would like recommendations on best practices > that I could apply to this situation > > 1. User's files (not to be saved to local workstation) > a. manually map persistent U:\ drive to manually created & shared users > directory (70 users) > b. designated home directories in account properties\profile tab and add > to logon script > c. my doc's redirection to server \\servername\department\username > (folder not shared) > d. combination of some of the above > > 2. I know this is classic reverse darwinism, but My advisers see nothing > wrong with mapping to the root of the netshare directory as long as > permissions are set to deny/grant access as needed to folders and files. Of > course, administering this is a permissions auditors nightmare, and I would > rather do this on a mapped drive via group membership GPO's... thoughts on > best way for me to make the recommendation [that it is always better to go > with what your IT group advises given that is what you are paying them to > do...] I mean that it is worth the effort to consolidate folders, create, > test and assign GPO based mappings? > > All recommendations are highly appreciated. Thanks! > > > Aci > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
