Home folders and permissions
motherwolf
Member Posts: 117
in Off-Topic
Hey everyone,
I'm messing around on my W2k3 virtual server and creating Home folders for my users through the profile tab in the users properties. I've created the Home folder on the server and shared it out giving full permission to everyone. Then I'm typing \\W2k3\home\%username% to create the individual folder within the share. The question I have is, how do I create the user's folder so that only the user and the admin. have permission to it's contents? After I create the folder and view the security permissions I notice that the All Users group has certain permissions to access and view the contents of the specific user's folder. Is this the default? Do you always have to manually delete the All Users group? Thanks in advance for any help.
I'm messing around on my W2k3 virtual server and creating Home folders for my users through the profile tab in the users properties. I've created the Home folder on the server and shared it out giving full permission to everyone. Then I'm typing \\W2k3\home\%username% to create the individual folder within the share. The question I have is, how do I create the user's folder so that only the user and the admin. have permission to it's contents? After I create the folder and view the security permissions I notice that the All Users group has certain permissions to access and view the contents of the specific user's folder. Is this the default? Do you always have to manually delete the All Users group? Thanks in advance for any help.
Comments
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□Those folders are going to inherit permissions from the parent folder. Maybe just give the users group the list directory contents or read permission or adjust to whatever your security needs may be.
-
motherwolf Member Posts: 117Yeah, after unchecking the inheritable check box, I think you have to remove the All Users Group all together if you only want Admins and the specific user to have access to the folder.
-
RTmarc Member Posts: 1,082 ■■■□□□□□□□This is the way I do it.
Root Folder - Title it whatever you want -- Home/Users/Whatver -- Disable inheritable permissions for this folder.
Share Permissions: Authenticated Users - Full Control
NTFS Permissions: Domain Admins - Full Control
In AD, create the user's home folder just as you have been. The end effect is only the user and domain admins have access to the user's folder. -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□http://support.microsoft.com/kb/555046When you configure home directory for user (from "Active directory users and computers" - in Windows 2000/2003 domain or "User manager for domains" - in NT4 domain), you should add root share that will contain the user home directory - \\servername\sharename\%username%. To allow automatic creation of this home folder, there need to configure correct NTFS and Share permissions on home folder root share.
To allow automate home directory creations, please make sure to apply this security settings on the root folder that should contain the user home directory.
NTFS - Add Special Permissions to "Authenticated Users" group:
Traverse Folder / Execute File
List Folder / Read Data
Read Attributes
Read Permission
You may need to disable permission inheritance and make sure that the speical permissions dont apply to subfolders of the root
folder ("Apply Onto:" "This Folder Only").
Share - Add: Change - permission to "Authenticated Users" group.All things are possible, only believe.