?
Solved

Permissions, Shares and Group Policy

Posted on 2004-09-12
5
Medium Priority
?
492 Views
Last Modified: 2010-04-14
PDC is a win2000 server.
All clients are win200 pro.
D:\users is the root of the user home directory on PDC.
The sub directories under d:\users correspond to the individual username.
I'd like to map a network drive to a user's home directory(d:\users) with login script.
And let user has "full control" for his own personal folder, "read only" for other personal fold.

Could anyone tell me how to perform it?

Thanks in advance
0
Comment
Question by:Jerryleo
  • 2
  • 2
5 Comments
 
LVL 11

Expert Comment

by:Quetzal
ID: 12042917
On the server, set the NTFS permissions for D:\users to Read & Execute, List Folder Contents, and Read for Domain Users.  Create a user directory under d:\users with the same name as their login (in this example, user01).  For the directlory d:\users\user01, permit the folder to be full control for user01 (it should inherit permissions for everything else).  Create a share for this folder called user01 and permit it Full Control for Everyone.

In the Netlogon share, create a login script, login.cmd.  In it put the following:
NET USE /D U:
NET USE U: \\servername\%USERNAME%

In AD, for each user, set the login script to be login.cmd


This setup will map the U drive to point to each user's home directory.  Each user will have full control over their own directory and read-only access to everyone else.
0
 
LVL 5

Assisted Solution

by:richy92
richy92 earned 60 total points
ID: 12042926
Share the folder D:\users as users with everyone full control
ensure the file permissions have administrators full control and domain users read

Create the user accounts using AD users & computers - when creating the account specify "\\servername\users\%username%" in the profile tab, home folder connect to :  and choose an appropriate drive letter (h: for home maybe)

replace servername with the name of the pdc

when you click ok to create the user it will also create a directory with the same name as the users login name, under the folder d:\users

when users login they will automatically get the folder with corresponding name mapped to the drive letter you specifed earlier - no login script needed

in order to enable other users to read - goto the security tab of each users home folder and enable the check box to allow inheritable permissions from parent to propagate - this will give permissions for domain users

this also works for existing users - just edit the account and change the home folder on the profile tab as above using either %username% variable or specifing the folder name  - you may need to adjust permissions doing this way

hope that helps
0
 

Author Comment

by:Jerryleo
ID: 12050814
Is there a way I can set a user's home directory via a Group Policy?  

I have around 100 users that will have home directories and I want to avoid having to set each user's home directory manually.  
0
 
LVL 11

Accepted Solution

by:
Quetzal earned 90 total points
ID: 12062948
Simplest way I can think of is this.  If you already are using login script, just add the NET USE.  If you aren't using login script, then create one and use GPO to set login script.  See http://www.serverwatch.com/tutorials/article.php/1474241

Here is MS ref on Home Folders:  http://support.microsoft.com/?kbid=816313
0
 

Author Comment

by:Jerryleo
ID: 12065008
Thanks for all kinds help
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question