Options

Home folders and permissions

motherwolfmotherwolf Member Posts: 117
Hey everyone,
I'm messing around on my W2k3 virtual server and creating Home folders for my users through the profile tab in the users properties. I've created the Home folder on the server and shared it out giving full permission to everyone. Then I'm typing \\W2k3\home\%username% to create the individual folder within the share. The question I have is, how do I create the user's folder so that only the user and the admin. have permission to it's contents? After I create the folder and view the security permissions I notice that the All Users group has certain permissions to access and view the contents of the specific user's folder. Is this the default? Do you always have to manually delete the All Users group? Thanks in advance for any help.

Comments

  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Those folders are going to inherit permissions from the parent folder. Maybe just give the users group the list directory contents or read permission or adjust to whatever your security needs may be.
  • Options
    motherwolfmotherwolf Member Posts: 117
    Yeah, after unchecking the inheritable check box, I think you have to remove the All Users Group all together if you only want Admins and the specific user to have access to the folder.
  • Options
    RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    This is the way I do it.

    Root Folder - Title it whatever you want -- Home/Users/Whatver -- Disable inheritable permissions for this folder.
    Share Permissions: Authenticated Users - Full Control
    NTFS Permissions: Domain Admins - Full Control

    In AD, create the user's home folder just as you have been. The end effect is only the user and domain admins have access to the user's folder.
  • Options
    motherwolfmotherwolf Member Posts: 117
    Thanks for the tip, I'll try it out.
  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    http://support.microsoft.com/kb/555046
    When you configure home directory for user (from "Active directory users and computers" - in Windows 2000/2003 domain or "User manager for domains" - in NT4 domain), you should add root share that will contain the user home directory - \\servername\sharename\%username%. To allow automatic creation of this home folder, there need to configure correct NTFS and Share permissions on home folder root share.


    To allow automate home directory creations, please make sure to apply this security settings on the root folder that should contain the user home directory.

    NTFS - Add Special Permissions to "Authenticated Users" group:

    Traverse Folder / Execute File

    List Folder / Read Data

    Read Attributes

    Read Permission

    You may need to disable permission inheritance and make sure that the speical permissions dont apply to subfolders of the root
    folder ("Apply Onto:" "This Folder Only").

    Share - Add: Change - permission to "Authenticated Users" group.
    All things are possible, only believe.
Sign In or Register to comment.