uFiles: Suggested Organization of Folders for IT Professionals
Suggestion of how to organize folders so as to simplify time needed to maintain uFiles
For each major College, School, or organizational unit, a share will be created:
Note that XYZ in the above example is the three or four letter unique designation for a group on campus as determined in the AD Naming Conventions document maintained by the IAM group. Contact the IAM group for group naming conventions.
For each share, two organizational groups will be created:
The XYZ-uFiles-Users group contains all the individuals and Active Directory groups that will have permission to change files.
uFiles understands and supports Access Based Enumeration. This feature means that users see only files and folders that they have been granted access to see.
For each College or School, sub-groups for every organizational unit are created (and probably already exist in Active Directory). Groups should be arranged in a hierarchy for the organization. Use an organizational chart as a starting point.
People at the top of the chart can typically see everything. People at the bottom can only see their terminal end of the branch.
Example Group Structure
Each group above is a member of the group above it. Each group above is granted change permission to the directory branch below corresponding to the group name, but there is no inheritance of permissions at this level.
Here is an example file structure for the above Group structure:\\ufiles\UWM\XYZ
Thus in order to grant access to the Team1 folder above, you only have to add a user to the XYZ-Division2-Group1-Team1 group in Active Directory.
Access Control Lists can often be problematic to fix or especially edit. For unusual circumstances, it is suggested that you use "cacls" from the command line to edit folder permissions because it allows the user of the /E switch to edit an existing ACL instead of replacing it.