What are the best practices for creating home directories and not allowing other users to view others home directories.

I have taken over a network from a former administrator and have been told that users are able to see other users home directories.  I would like to know what are the best practices for an administrator to set up home directories and lock them down to everyone except the user who owns it and the administrator.  I want this mapped under the profiles tab in ADUC.  I want to change all the settings from the former admin, implement new ones but not have to manually go to every folder and make the changes.
We have a hard drive that we share as users$, the servers name is fileserver, so in ADUC I want it to connect to \\fileserver\users$\username-do I make this the name of the user or is it better to use %username%.
bbrunetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ryansotoCommented:
You will need to change the security on the folders to prevent all users from being able to access.
Right now either you have the users in a group that has access to the folders or something like that.
So you will need to first remove all users from all the folders except for the groups/individuals that need access to it.
Something like xcalcs will do http://support.microsoft.com/kb/825751
Next you are on the right track with using the profile tab.  New users you create and use the profile tab should be fine.  The user created should have access and the administrators group.
$ is used to make a share hidden
Just name the share users and put it on the drive of your choice.
0
bbrunetAuthor Commented:
Thanks for the fast response.
What your saying I should do is remove everyone except the admin and any group or user that needs access to it.  Can I remove all setting from the root folder and only allow admin and sytem full control, then have it propigate to all childs, would this clear up the setting on all the users folders, I know they wont be able to access it but would it kind of start me from scratch.

What is the function of the creator owner setting, could everyone be given access to there files if creator owner is added.  I have about 100 users to do, I don't understand vbscript well enough to allow it to make many changes, I would rather do it manually and be on the safe side.  What would be the fastest way to make this happen.  If you where going to create a home directory for 10 users how would you do it from scratch.  Thanks for the help.
0
ryansotoCommented:
What your saying I should do is remove everyone except the admin and any group or user that needs access to it.  Can I remove all setting from the root folder and only allow admin and sytem full control, then have it propigate to all childs, would this clear up the setting on all the users folders, I know they wont be able to access it but would it kind of start me from scratch.
<Correct you could definately do it this way and in your situation I would do this.  Make sure when you set the permissions in the advanced tab you check the box replace permissions on child objects...Do this from the top level folder and it will push those initial settings down to all folders and sub folders.  You can place the creator owner, I would do that.  
Now after you push the admin group and whatever other groups down from the top level I would then go to each folder and then add the user that the folder belongs to and add them.  This will allow this newly added user to access all subfolders>
Finally test! but your on the right track and your plan is  fine if you dont want to script it
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.