Solved

Permissions, Shares and Group Policy

Posted on 2004-09-12
5
467 Views
Last Modified: 2010-04-14
PDC is a win2000 server.
All clients are win200 pro.
D:\users is the root of the user home directory on PDC.
The sub directories under d:\users correspond to the individual username.
I'd like to map a network drive to a user's home directory(d:\users) with login script.
And let user has "full control" for his own personal folder, "read only" for other personal fold.

Could anyone tell me how to perform it?

Thanks in advance
0
Comment
Question by:Jerryleo
  • 2
  • 2
5 Comments
 
LVL 11

Expert Comment

by:Quetzal
ID: 12042917
On the server, set the NTFS permissions for D:\users to Read & Execute, List Folder Contents, and Read for Domain Users.  Create a user directory under d:\users with the same name as their login (in this example, user01).  For the directlory d:\users\user01, permit the folder to be full control for user01 (it should inherit permissions for everything else).  Create a share for this folder called user01 and permit it Full Control for Everyone.

In the Netlogon share, create a login script, login.cmd.  In it put the following:
NET USE /D U:
NET USE U: \\servername\%USERNAME%

In AD, for each user, set the login script to be login.cmd


This setup will map the U drive to point to each user's home directory.  Each user will have full control over their own directory and read-only access to everyone else.
0
 
LVL 5

Assisted Solution

by:richy92
richy92 earned 20 total points
ID: 12042926
Share the folder D:\users as users with everyone full control
ensure the file permissions have administrators full control and domain users read

Create the user accounts using AD users & computers - when creating the account specify "\\servername\users\%username%" in the profile tab, home folder connect to :  and choose an appropriate drive letter (h: for home maybe)

replace servername with the name of the pdc

when you click ok to create the user it will also create a directory with the same name as the users login name, under the folder d:\users

when users login they will automatically get the folder with corresponding name mapped to the drive letter you specifed earlier - no login script needed

in order to enable other users to read - goto the security tab of each users home folder and enable the check box to allow inheritable permissions from parent to propagate - this will give permissions for domain users

this also works for existing users - just edit the account and change the home folder on the profile tab as above using either %username% variable or specifing the folder name  - you may need to adjust permissions doing this way

hope that helps
0
 

Author Comment

by:Jerryleo
ID: 12050814
Is there a way I can set a user's home directory via a Group Policy?  

I have around 100 users that will have home directories and I want to avoid having to set each user's home directory manually.  
0
 
LVL 11

Accepted Solution

by:
Quetzal earned 30 total points
ID: 12062948
Simplest way I can think of is this.  If you already are using login script, just add the NET USE.  If you aren't using login script, then create one and use GPO to set login script.  See http://www.serverwatch.com/tutorials/article.php/1474241

Here is MS ref on Home Folders:  http://support.microsoft.com/?kbid=816313
0
 

Author Comment

by:Jerryleo
ID: 12065008
Thanks for all kinds help
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Loss of RDP via youngzsoft.com/cn 4 218
Windows 2000 Kerberos problem 5 303
P2V Windows NT/2000 SP4 3 1,812
windows 2000 image 3 121
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now