home directory woes

Posted on 2005-05-12
Last Modified: 2010-04-19
I created home dir, and then shared it using the share permission. I then used AD Profile to connect mapped drive ie \\server\home\%username%. From previous forum comments it has been stated that windows sets up proper permissions which only allows user and admin access to folder. In my case, it seems that any user has access to any user folder. QUESTION: When you create home folder, and after you give full control at share level, are you suppose to remove all ntfs permissions ? Have I missed something ? Thx.
Question by:mmm5
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Sort of.  You are supposed to lock down the folders using NTFS permissions.  I believe there is a way to automate this by using "Creator Owner" built in account and assigning Full control to that, but I usually do this manually or by script if I'm doing a batch of users.
    LVL 18

    Expert Comment

    Did you let windows actually create the folders inside the home directory? You're suppossed to just create the main home dir. share and then let windows create the individual folders for each user.

    Author Comment

    I let windows create user folder, as you indicated.
    LVL 4

    Accepted Solution

    change the permissions like lee said to the "home" folder to allow the admins group FC and the creator owner ad FC as well and try it again...make sure you enable inheritable permissions on all child objects.


    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now