Figure The procedures for setting up drive mappings for the members of various organizational units

First you need to create some standards for the company. Table 27-2 lists the standard mapped drives assigned to the various hubs and sites in the mcity domain.

Table 27-2: Shared Folder Permission Types

Drive Letter

File Server Share

J (user folders) K (common folders) W (application data)

\\ServerName\BusinessGroup\Users\UserName

\\ServerName\BusinesGroup\Common

\\ServerName\BusinesGroup\Applications

Now you can create your shares and hide them as shown earlier by using the trailing dollar sign in the share name (for example, \\ServerName\BusinessGroup\ShareName$). This takes the share name off any browse lists. Next, you provide a login script for the user, as demonstrated in the following section.

You have several reasons for mapping to shared resources in this manner. First, it enables administrators to control what users have mapped access to. Forcing or simply enabling users to map to shared resources such as folders and printers tends to result in an administrative nightmare as well as a security risk.

Second, by not advertising the shares to browse lists, you add an extensive security layer on the shared resources. Security is further enhanced by locking the shares down so that users can access them only via login scripts or Group Policy, which are further protected with permissions and access control.

Third, script or policy-driven mapping keeps the mapping uniform and standard. In other words, users' home directories are mapped to J, all application data is mapped to W, and the common folders are mapped to K.

Was this article helpful?

0 0

Post a comment