[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

Employee User folders on Windows 2000 Server network share

What is a great scheme for setting up employee user folders? This answer is probably just a link to a public corporate policy. My main concern is security so that users are secure from one another and even the administrator.

Thanks...
0
axmurderer
Asked:
axmurderer
  • 3
  • 2
  • 2
1 Solution
 
rafael_accCommented:
You can't get secure from the Administrator! At least, not from an administrator with default rights.
What network environment is this you are talking about - is this Ms?
If your answer is "Microsoft network" then I guess you should give us some more detail? What are you trying to achieve? Why isn't the standard way (using user's permissions - ACLs) a good method for you?

Cheers.
0
 
rafael_accCommented:
Let me detail a little bit, considerint you are in MS environment.

1. Right-click a folder and select "share"
2. Give FULL permission to authenticated users
3. Set permissions locally on the folder - add the username you want to have access, and set permission rights

Note!
On 2, I said to give full permissions to authenticated users - THIS IS NOT A MISTAKE. You will restrict access at the local level (using local permissions - not share permissions)! This is the recommended way as when both share and local permissions are applied, the most restrictive ones take priority. Therefore, the actual local permissions set will be applied. Additionally, even if a user is able to login locally, he wont be able to access the specified folder as the permissions are defined locally!

Cheers.
0
 
axmurdererAuthor Commented:
Sorry I had that originally and must've edited it out. It is Windows 2000 Server.

I came from a unix background and it seemed very clean the way the user folders were handled. The network user folder was linked to the root of the user folder (say My Documents) and it was very clean. The users all saw their documents and they behaved as if they were local. Generally, they had no idea where they were physically stored.

In our setup, we just have a shared drive letter with a folder called Users. we have to manually create and restrict each user account to block other users. Our employees still tend to want to use their My Documents folder out of convenience for not navigating to the network share. Revised policies can be set forbidding this, but I would prefer to solve it transparently.

Thanks for you response.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
luv2smileCommented:
An administator CAN ALWAYS gain access to any files on the server......even if they don't have permissions, an admin can always take ownership of the files to gain access to them. So I'd advise you not to worry about restricting admins...if you are really that concerned about admins then you maybe need to think about who your admins are.....you shouldn't have an admin that you don't trust.

Now, I assume you are talking about like a users home folder? A folder than only they and nobody else should have rights to? This is controlled of course through NTFS permissions. In my network....each user has full control to their individual folder and domain admins and system have full control and that is it for their home folders.

You can use AD to automatically setup home directories for your users.

Here are the instructions...(see the first part of the document)

http://www.grouplogic.com/Knowledge/PDFUpload/Info/ADHomeDirs.pdf
0
 
axmurdererAuthor Commented:
Let me clarify two points that are unclear when I re-read my post. The idea of the user folders is that My Documents would have a folder called "Network Share". Perhaps this is just a shortcut in windows to achieve nearly the same functionality?

I mean that we have to manually create and restrict each user folder on the shared drive.

regards,
0
 
luv2smileCommented:
"Our employees still tend to want to use their My Documents folder"

Have you considered re-directing their my documents folder to a folder on the server? This can easily be accomplished thru the use of group policy.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now