home directory woes

Posted on 2005-05-12
Medium Priority
Last Modified: 2010-04-19
I created home dir, and then shared it using the share permission. I then used AD Profile to connect mapped drive ie \\server\home\%username%. From previous forum comments it has been stated that windows sets up proper permissions which only allows user and admin access to folder. In my case, it seems that any user has access to any user folder. QUESTION: When you create home folder, and after you give full control at share level, are you suppose to remove all ntfs permissions ? Have I missed something ? Thx.
Question by:mmm5
LVL 97

Expert Comment

by:Lee W, MVP
ID: 13990178
Sort of.  You are supposed to lock down the folders using NTFS permissions.  I believe there is a way to automate this by using "Creator Owner" built in account and assigning Full control to that, but I usually do this manually or by script if I'm doing a batch of users.
LVL 18

Expert Comment

ID: 13990366
Did you let windows actually create the folders inside the home directory? You're suppossed to just create the main home dir. share and then let windows create the individual folders for each user.

Author Comment

ID: 13990763
I let windows create user folder, as you indicated.

Accepted Solution

tmack earned 750 total points
ID: 13999305
change the permissions like lee said to the "home" folder to allow the admins group FC and the creator owner ad FC as well and try it again...make sure you enable inheritable permissions on all child objects.


Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Loops Section Overview

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question