Is mapping your TFS local workspace to C:\ a bad idea?

Question

My small development team uses TFS2010 in a corporate setting, and just about everyone on the team has their TFS workspace mapped to a folder at the root level of their C: drive (e.g., C:\TFS). From a security perspective, is this a bad idea?

I fear that another person in our organization could log onto our PCs and have read access to the uncompiled code and connection strings in there. Would it be considered a best practice to map your TFS workspace to a subfolder in your user account's Documents folder, which non-administrators can't access?

My fellow teammates' original intent to house their workspace at that level of C: was to keep the mapped directory name simple, and to avoid problems with the directory and filename limitations in TFS (see error TF14078) for complex projects.

Thanks!

Answer 1

Warren P's comment under my question was headed on the right track. This depends on how your organization secures the folders under C:\ on your PC when a different individual logs onto it, but generally speaking, you can secure your a folder for your TFS workspace at the root level of C:\ by adjusting the folder security as follows:

• Remove the entry for Authenticated Users
• Add an entry with full access for your specific network user account
• Add an entry with full access for the system accounts SYSTEM and IUSR so that the .NET system accounts can also access it while you are doing local testing

(These notes are based on a Windows 7 PC, so the procedures for older versions of Windows might vary a bit)

Answer 2

One thing you need to be careful about when mapping the TFS collection too far under the root of your drive is file name/path name length. The file name must be less than 260 characters and the file path must be less than 248 characters.