The departmental file share, s.sfsu.edu, should be used for documents that should not be lost if an employee separates from the university. Each unit on campus has a share on s.sfsu.edu. Access to individual shares and folders is controlled by Active Directory security groups. Security groups are managed locally by each unit via the campus gateway. For information on other storage options, please see the File Storage Guide.
- How Do I:
- Advanced Users
- Delegated Administrators
- Open Windows File Explorer
- In the list of locations, right click Computer/My Computer/My PC
- Select Map Network Drive
- In the Folder field enter: \\s.sfsu.edu\[your share]
- If your computer is NOT joined to AD, select Connect using different credentials
Select Finish. If your computer is joined to AD, it will automatically pass your credentials and log you in. If you are not joined to AD, you will need to provide your credentials, in the form of:
Login: [SF State ID]@sfsu (e.g., 900000000@sfsu)
Password: SF State password
- In Finder, select the Go menu, and choose Connect to Server
- Enter the server address: smb://s.sfsu.edu
- Click Connect
- When prompted, select Registered User and enter your SF State ID and Password in the Name and Password fields
- Select the share (volume) you wish to connect to and click OK. The folder will now appear in the finder
Optional: View the share folder on the desktop:
- With the Finder still active select Finder > Preferences
- On the General tab check Connected Servers
- Close Finder Preferences
In Windows, connect to your share. Right click on the drive and select Properties. Under the General tab, it will show you the used and free space available.
Initial quota size for each Departmental Share is set to 2 TB. Upon request the quota can be increased. To request the same, please submit a Service Request to the Systems Team with a Cc. to the Associate Vice President & Chief Technology Officer, Information Technology Services (ITS). The Service Request must include business justification for the increase in quota size and should be submitted by the Department Head (MPP level or above).
Delegated administrators and subfolder administrators are responsible for the adding and removing of users from the security groups they administer. Using the gateway (https://gateway.sfsu.edu):
- Select IT Services
- In the Security Groups section, locate the group you wish to edit and click Edit
To add user(s):
- Enter their SF State e-mail address in the Add Member(s) box, separate multiple addresses with a semi-colon
- Click Add Member(s)
To remove user(s):
- Find the users email address in the list and click the Remove link
- When finished, click Save to save your changes
Daily snapshots of files are created between midnight and 1:00 a.m. The snapshots are retained for 60 days. To recover a lost or corrupted file or folder:
- Using Windows File Explorer, locate the parent folder containing the missing/damaged items
- Right click the folder and select Properties
- Select the Previous Versions tab
- Highlight the folder/date to which you want to restore
- To overwrite the existing folder with the previous version, click Restore and approve the destruction of the current folder
To restore just a file or to create a backup of the previous folder contents, click Open and copy the temporary folder contents to a new location
Records should be retained for only as long as they are valid, useful, and required to be retained. All data uploaded should follow existing CSU policy and executive orders regarding Records Retention and Disposition Schedules.
- Environmental Health and Safety
- Student Records
- University Police
- University Advancement
- Academic Personnel
- Curriculum & Accreditation
- Research & Sponsored Programs
- Institutional Records
For Departmental Shares:
- Daily snapshots of files are created between midnight and 1:00 a.m.
- 60 daily snapshots are available
- Snapshots are copied off-site for disaster recovery
Security groups can be maintained either under the delegated organizational unit (OU) with ADUC (Active Directory Users and Computers), or under the Group OU with Gateway.
Portal maintained groups must follow this structure: SFS-s-"share"-"folder"-"subfolder"-"subsubfolder"- "access" where:
- share is your top level share
- folder is your sub-unit – netops, strategic, etc.
- subfolder is your team or secondary unit, if you have one
- subsubfolder is a folder in your area that you want to set more granular permissions on “access” is the type of access this group will grant:
- access can be rw - read and write, ro - read only, or ls – list folders
Note that the separator for the group name is a dash “-“ and not an underscore “_”.
Open your web browser and go to the following URL: https://gateway.sfsu.edu/staff/IT-services. Log in and go to the Security Groups section. Click “Request New Group”.
Enter in the Group ID (your group name, following the naming convention). The Display name should match the Group ID for file share groups. Check the File Share option for Use type. Mail enabled should be set to No. Enter in the email address of the primary person who will manage this group. Click “Submit”.
This process currently requires manual approval. A Footprints ticket will be created. Once approved, the group will be created and will be accessible through Gateway. After the group is created, edit the group and add in your designated alternate administrator.
While creation and maintenance of groups and group membership can be done through Gateway, assignment of groups to folder permissions can only be performed via Windows.
To assign permissions, open File Explorer and navigate to the subfolder in the share that you want to change. Right click on it and choose Properties. Select the Security tab.
To remove access for a group, select the group or user name and click Remove. To add a group, click Add and enter in the group name. Be sure to click the Check Names button to verivy the group exists. Click OK.
For a read only group, ensure that the only permissions checked for that group allow for “Read & execute”, “List folder contents”, and “Read”.
For an read and write group, ensure that Allow is checked for “Read & execute”, “List folder contents”, and “Read”. In addition, add Allow checks for “Modify” and “Write”.
Storage for departments is managed through delegated administration. Top-level shares are assigned to a units based upon the university organization structure. The unit head assigns a delegated administrator and alternate to manage the top-level access and oversee storage use for the unit. The delegated administrator creates folders based upon organizational needs and associates security groups and permissions to the folders. The subfolder administrator manages group membership through the SF State Gateway. Delegated administrators can delegate some of their activities to subfolder administrators but must not give others top level access. Delegated unit administrators are responsible for communicating who is responsible for the unit’s roles.
Once assigned, the delegated administrator will perform the following functions for their department/unit:
- Manage unit subfolders
- Create AD groups following naming conventions
- Update AD group managers upon employee separation
- Assign groups to subfolders and set permissions
- Assist with recovering files from snapshots
- Communicate unit roles and responsibilities
Roles and Responsibilities
|ITS Help Desk||
|Delegated unit administrator & alternate||
|Folder administrator & alternate||
|Subfolder administrator & alternate (optional)||
The advanced user may prefer to use ADUC for group management. ADUC is part of the Windows Remote Systems Administrator tools. Download links for your appropriate client version, along with instructions, can be found here: http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx
Note: Before you can manage your groups with ADUC, they will need to have some parameters changed. This is a limitation of the way Gateway creates the groups. A more streamlined solution is being investigated.
Once you start ADUC, navigate to ad.sfsu.edu\Groups\Resources\Shares\ and you will see the file share groups. Double click on the group you want to modify, click on the “Members” tab and you’ll see a list of all members in that group. Use the “Add” and “Remove” buttons below as desired. More advanced functionality, like nesting of groups, can only be done here.
SF State reserves the right to remove, inspect and audit uploaded files without notice as part of its routine maintenance and for matters that affect the security of SF State data. Accounts may be suspended in the event of litigation or subpoena. Typically any data subject to a litigation hold or subpoena is copied, so that shared use of the data in question can continue without interruption to work processes.