[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 172
  • Last Modified:

What are the best practices for creating home directories and not allowing other users to view others home directories.

I have taken over a network from a former administrator and have been told that users are able to see other users home directories.  I would like to know what are the best practices for an administrator to set up home directories and lock them down to everyone except the user who owns it and the administrator.  I want this mapped under the profiles tab in ADUC.  I want to change all the settings from the former admin, implement new ones but not have to manually go to every folder and make the changes.
We have a hard drive that we share as users$, the servers name is fileserver, so in ADUC I want it to connect to \\fileserver\users$\username-do I make this the name of the user or is it better to use %username%.
0
bbrunet
Asked:
bbrunet
  • 2
1 Solution
 
ryansotoCommented:
You will need to change the security on the folders to prevent all users from being able to access.
Right now either you have the users in a group that has access to the folders or something like that.
So you will need to first remove all users from all the folders except for the groups/individuals that need access to it.
Something like xcalcs will do http://support.microsoft.com/kb/825751
Next you are on the right track with using the profile tab.  New users you create and use the profile tab should be fine.  The user created should have access and the administrators group.
$ is used to make a share hidden
Just name the share users and put it on the drive of your choice.
0
 
bbrunetAuthor Commented:
Thanks for the fast response.
What your saying I should do is remove everyone except the admin and any group or user that needs access to it.  Can I remove all setting from the root folder and only allow admin and sytem full control, then have it propigate to all childs, would this clear up the setting on all the users folders, I know they wont be able to access it but would it kind of start me from scratch.

What is the function of the creator owner setting, could everyone be given access to there files if creator owner is added.  I have about 100 users to do, I don't understand vbscript well enough to allow it to make many changes, I would rather do it manually and be on the safe side.  What would be the fastest way to make this happen.  If you where going to create a home directory for 10 users how would you do it from scratch.  Thanks for the help.
0
 
ryansotoCommented:
What your saying I should do is remove everyone except the admin and any group or user that needs access to it.  Can I remove all setting from the root folder and only allow admin and sytem full control, then have it propigate to all childs, would this clear up the setting on all the users folders, I know they wont be able to access it but would it kind of start me from scratch.
<Correct you could definately do it this way and in your situation I would do this.  Make sure when you set the permissions in the advanced tab you check the box replace permissions on child objects...Do this from the top level folder and it will push those initial settings down to all folders and sub folders.  You can place the creator owner, I would do that.  
Now after you push the admin group and whatever other groups down from the top level I would then go to each folder and then add the user that the folder belongs to and add them.  This will allow this newly added user to access all subfolders>
Finally test! but your on the right track and your plan is  fine if you dont want to script it
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now