Sharing out company information is a very important thing to do right – who gets to see what and what can they do with it? That is why it is best to have a plan in place before beginning.

Plan to have the shares in one folder, on a data drive (not OS), preferably on a dedicated File Server (not a NAS, please). Name the folders something recognizable.

Company is the general share that everyone can access.

Executive is the share for Executives

Accounting is the share for the accounting department – payroll, billing, etc.

Home is a folder for each user’s Home Drive (As set up in Active Directory)

Departments is a top folder with department folders inside, each department folder shared out to it’s department security group.

Ah, yes – Security Groups. You will always want to assign permissions using security groups. It is a lot easier to manage adding users to security groups than going around digging through folders for which ones they need access to. If they need access, there should be a security group for that!

Now, how to map the folders? Group Policy. Put one group policy for each Security Group and which folders they need mapped.

Another very awesome tool for doing group policy is Item-Level Targeting. With this, you can use one policy with multiple items that go to different groups – such as printers, drive maps, etc.

On the Common Tab, Check the Item-level targeting box and click the targeting button…

There are a LOT of options – even though I normally use only the Security Group option – you can get very specific.

So, if you are deploying dozens of printers or drive mappings – or software – use Item-Level targeting to control who or which pc gets what. It saves clutter in Group Policy management.