Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Creating home folders

Posted on 2005-04-22
Medium Priority
Last Modified: 2010-04-18
Hi guys,

Would love your help.

Ok, Im trying to set up home directories for users, so that only the USER has access to their home directory.


1 Terminal Server.
Require local user home directories on this terminal server at:
D:\tsusers\<username> home directory.

So, I setup in group policy to create the home directory for each user, defined as:


When the user logs on to the terminal server, the home folder IS created in d:\tsusers\<username>, which is great.

However, when other users log on, they can see all other users' home folders, and worst still, they have full access to these.

How do I stop this from happening, so that only the specified user has access to their own home folder.

Thank you.

Question by:Simon336697

Assisted Solution

corneliup earned 500 total points
ID: 13841317
What security settings have you set for the tsusers folder, are those settings set to propagate to child objects?
you can check this through the advanced security setting tab in the folders properties page.

Assisted Solution

jeroenlemaire earned 500 total points
ID: 13842479
i use an easier method...
I have the home-directory set on an a drive which is not visible for my terminal server users.
In the term-server home-dir path, i check the Connect To item, and there put the path \\yourserver\tsusers\home

Hope this helps ya out.
LVL 10

Assisted Solution

by:Seelan Naidoo
Seelan Naidoo earned 500 total points
ID: 13849315
Try running XcAcls command

run from command on server when home directory is specified.

xcacls D:\tsusers\UserX /t /e /g UserX:f /y

Running this command will only give the user, full access rights to their own folder only..

For more info, look at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8ec308b8-9229-44bb-acad-707ec1b7f0a9.mspx

LVL 104

Accepted Solution

Sembee earned 500 total points
ID: 13850805
If you create the user's home directory in ADUC when you setup the user in the format \\server\share\%username% then the share is setup with the correct permissions restricting access to just the user. The &username% is the correct syntax for that.

On the share itself grant everyone full control rights. Then on the directory grant users read, to the main directory, but don't propagate the settings down to the sub folders. This will let the users in to the main folder - where they can see all of the other user folders, but access them.


Author Comment

ID: 13882357
Thanks everyone!

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question