The problem with cookies is that they would only store the note position/visibility data on that particular user's local profile on his PC (unless you have profile roaming, and I'm assuming a Windows environment here of course). Surely what you want is for any user to log on from any PC anywhere and find the notes exactly as he left them?
Well, presumably you're authenticating the users anyway and are therefore storing their account details in a database, along with the notes created, etc. So I suggest that you store the *state* of each note for each user in the database too, recording the state every time the note is moved/hidden/shown via an AJAX call to the PHP backend (to update the database). To reduce the number of records being stored/manipulated you should only create a user's note record where the data differs from the base values for the note (i.e. when created by the admin, as stored in the note record).
Then, when a user logs in, use AJAX to retrieve and draw all the notes he has access to with any overridden or visibility settings for the user, driven by a suitable SQL query which joins the data tables together and overrides the base values where the user has made a change.
Marcus Tucker / www / blog
Web Analyst Programmer / Voted SPF "ASP Guru"