bbrunet
asked on
What are the best practices for creating home directories and not allowing other users to view others home directories.
I have taken over a network from a former administrator and have been told that users are able to see other users home directories. I would like to know what are the best practices for an administrator to set up home directories and lock them down to everyone except the user who owns it and the administrator. I want this mapped under the profiles tab in ADUC. I want to change all the settings from the former admin, implement new ones but not have to manually go to every folder and make the changes.
We have a hard drive that we share as users$, the servers name is fileserver, so in ADUC I want it to connect to \\fileserver\users$\userna
We have a hard drive that we share as users$, the servers name is fileserver, so in ADUC I want it to connect to \\fileserver\users$\userna
ASKER
Thanks for the fast response.
What your saying I should do is remove everyone except the admin and any group or user that needs access to it. Can I remove all setting from the root folder and only allow admin and sytem full control, then have it propigate to all childs, would this clear up the setting on all the users folders, I know they wont be able to access it but would it kind of start me from scratch.
What is the function of the creator owner setting, could everyone be given access to there files if creator owner is added. I have about 100 users to do, I don't understand vbscript well enough to allow it to make many changes, I would rather do it manually and be on the safe side. What would be the fastest way to make this happen. If you where going to create a home directory for 10 users how would you do it from scratch. Thanks for the help.
What your saying I should do is remove everyone except the admin and any group or user that needs access to it. Can I remove all setting from the root folder and only allow admin and sytem full control, then have it propigate to all childs, would this clear up the setting on all the users folders, I know they wont be able to access it but would it kind of start me from scratch.
What is the function of the creator owner setting, could everyone be given access to there files if creator owner is added. I have about 100 users to do, I don't understand vbscript well enough to allow it to make many changes, I would rather do it manually and be on the safe side. What would be the fastest way to make this happen. If you where going to create a home directory for 10 users how would you do it from scratch. Thanks for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Right now either you have the users in a group that has access to the folders or something like that.
So you will need to first remove all users from all the folders except for the groups/individuals that need access to it.
Something like xcalcs will do http://support.microsoft.com/kb/825751
Next you are on the right track with using the profile tab. New users you create and use the profile tab should be fine. The user created should have access and the administrators group.
$ is used to make a share hidden
Just name the share users and put it on the drive of your choice.