Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Creating home folders

Posted on 2005-04-22
5
Medium Priority
?
364 Views
Last Modified: 2010-04-18
Hi guys,

Would love your help.

Ok, Im trying to set up home directories for users, so that only the USER has access to their home directory.

Setup:

1 Terminal Server.
Require local user home directories on this terminal server at:
D:\tsusers\<username> home directory.

So, I setup in group policy to create the home directory for each user, defined as:

D:\tsusers

When the user logs on to the terminal server, the home folder IS created in d:\tsusers\<username>, which is great.

However, when other users log on, they can see all other users' home folders, and worst still, they have full access to these.

How do I stop this from happening, so that only the specified user has access to their own home folder.

Thank you.

Simon
0
Comment
Question by:Simon336697
5 Comments
 
LVL 7

Assisted Solution

by:corneliup
corneliup earned 500 total points
ID: 13841317
What security settings have you set for the tsusers folder, are those settings set to propagate to child objects?
you can check this through the advanced security setting tab in the folders properties page.
0
 
LVL 3

Assisted Solution

by:jeroenlemaire
jeroenlemaire earned 500 total points
ID: 13842479
i use an easier method...
I have the home-directory set on an a drive which is not visible for my terminal server users.
In the term-server home-dir path, i check the Connect To item, and there put the path \\yourserver\tsusers\home

Hope this helps ya out.
0
 
LVL 10

Assisted Solution

by:Seelan Naidoo
Seelan Naidoo earned 500 total points
ID: 13849315
Try running XcAcls command

run from command on server when home directory is specified.

xcacls D:\tsusers\UserX /t /e /g UserX:f /y

Running this command will only give the user, full access rights to their own folder only..

For more info, look at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8ec308b8-9229-44bb-acad-707ec1b7f0a9.mspx

0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 13850805
If you create the user's home directory in ADUC when you setup the user in the format \\server\share\%username% then the share is setup with the correct permissions restricting access to just the user. The &username% is the correct syntax for that.

On the share itself grant everyone full control rights. Then on the directory grant users read, to the main directory, but don't propagate the settings down to the sub folders. This will let the users in to the main folder - where they can see all of the other user folders, but access them.

Simon.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 13882357
Thanks everyone!
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question