People Suck

People Suck

Memorandum

Re: Proposal for Future Network
Earlier this year, we discussed ways in which we could structure our new network to both apply the principles of least privilege to all users while still granting them access to all of the data they are entitled to. I have outlined here the OU structure of the network, as well as the structure of the file system.
The OU structure of the domain will be very straightforward. Branching off from the root of the domain, the OUs Administrators, Shop Floor, Purchasing, and Accounting will be created. The administrators OU will include the user accounts for the system administrators. This includes both the domain users accounts, which will be used for conducting everyday tasks, as well as the administrator accounts which contain full access permissions. The three other OUs will be further subdivided into two more OUs named Employees and Management. To further illustrate this, the Accounting OU will include an OU named Management where the accounting manager’s accounts will be stored and an OU named Employees where user accounts for all other accounting employees will be stored. The Shop Floor and Purchasing OUs will follow the same template, respectively. This will allow more detailed and control for applying administrative tools such as Group Policy.
The file system will be very straightforward. A data partition will be created on the file server which includes four shares. These shares will be titled Administration, Shop Floor, Purchasing, and Accounting. This is where general information pertaining to each department will be stored and only accessed by each department. Within each of these shares will be a subfolder named Management, where management from each department will place files to share only with other department managers.   Access to each share will be controlled by NTFS file permissions, as well as by group membership. The groups included in our solution are Domain Administrators, Domain Users, Accounting,...