• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 494
  • Last Modified:

Permissions, Shares and Group Policy

PDC is a win2000 server.
All clients are win200 pro.
D:\users is the root of the user home directory on PDC.
The sub directories under d:\users correspond to the individual username.
I'd like to map a network drive to a user's home directory(d:\users) with login script.
And let user has "full control" for his own personal folder, "read only" for other personal fold.

Could anyone tell me how to perform it?

Thanks in advance
  • 2
  • 2
2 Solutions
On the server, set the NTFS permissions for D:\users to Read & Execute, List Folder Contents, and Read for Domain Users.  Create a user directory under d:\users with the same name as their login (in this example, user01).  For the directlory d:\users\user01, permit the folder to be full control for user01 (it should inherit permissions for everything else).  Create a share for this folder called user01 and permit it Full Control for Everyone.

In the Netlogon share, create a login script, login.cmd.  In it put the following:
NET USE U: \\servername\%USERNAME%

In AD, for each user, set the login script to be login.cmd

This setup will map the U drive to point to each user's home directory.  Each user will have full control over their own directory and read-only access to everyone else.
Share the folder D:\users as users with everyone full control
ensure the file permissions have administrators full control and domain users read

Create the user accounts using AD users & computers - when creating the account specify "\\servername\users\%username%" in the profile tab, home folder connect to :  and choose an appropriate drive letter (h: for home maybe)

replace servername with the name of the pdc

when you click ok to create the user it will also create a directory with the same name as the users login name, under the folder d:\users

when users login they will automatically get the folder with corresponding name mapped to the drive letter you specifed earlier - no login script needed

in order to enable other users to read - goto the security tab of each users home folder and enable the check box to allow inheritable permissions from parent to propagate - this will give permissions for domain users

this also works for existing users - just edit the account and change the home folder on the profile tab as above using either %username% variable or specifing the folder name  - you may need to adjust permissions doing this way

hope that helps
JerryleoAuthor Commented:
Is there a way I can set a user's home directory via a Group Policy?  

I have around 100 users that will have home directories and I want to avoid having to set each user's home directory manually.  
Simplest way I can think of is this.  If you already are using login script, just add the NET USE.  If you aren't using login script, then create one and use GPO to set login script.  See http://www.serverwatch.com/tutorials/article.php/1474241

Here is MS ref on Home Folders:  http://support.microsoft.com/?kbid=816313
JerryleoAuthor Commented:
Thanks for all kinds help
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now