Creating home folders

Posted on 2005-04-22
Last Modified: 2010-04-18
Hi guys,

Would love your help.

Ok, Im trying to set up home directories for users, so that only the USER has access to their home directory.


1 Terminal Server.
Require local user home directories on this terminal server at:
D:\tsusers\<username> home directory.

So, I setup in group policy to create the home directory for each user, defined as:


When the user logs on to the terminal server, the home folder IS created in d:\tsusers\<username>, which is great.

However, when other users log on, they can see all other users' home folders, and worst still, they have full access to these.

How do I stop this from happening, so that only the specified user has access to their own home folder.

Thank you.

Question by:Simon336697
    LVL 7

    Assisted Solution

    What security settings have you set for the tsusers folder, are those settings set to propagate to child objects?
    you can check this through the advanced security setting tab in the folders properties page.
    LVL 3

    Assisted Solution

    i use an easier method...
    I have the home-directory set on an a drive which is not visible for my terminal server users.
    In the term-server home-dir path, i check the Connect To item, and there put the path \\yourserver\tsusers\home

    Hope this helps ya out.
    LVL 10

    Assisted Solution

    Try running XcAcls command

    run from command on server when home directory is specified.

    xcacls D:\tsusers\UserX /t /e /g UserX:f /y

    Running this command will only give the user, full access rights to their own folder only..

    For more info, look at

    LVL 104

    Accepted Solution

    If you create the user's home directory in ADUC when you setup the user in the format \\server\share\%username% then the share is setup with the correct permissions restricting access to just the user. The &username% is the correct syntax for that.

    On the share itself grant everyone full control rights. Then on the directory grant users read, to the main directory, but don't propagate the settings down to the sub folders. This will let the users in to the main folder - where they can see all of the other user folders, but access them.

    LVL 1

    Author Comment

    Thanks everyone!

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now