Userhome and Shares

Posted on 2008-10-13
Last Modified: 2012-05-05
Hi friends,

im somehow stuck with this:

i have a Server 2008 (64bit) as a fileserver,im playin around with it and have created userhomes on the D: drive:


and give each user full rights on the share. on the profile i have given the correct path, also i have created a small batch-file:

net use s ://scans

net use u:// userhome

i have the following problems:

it happens quite often that a user doesnt get a drive mapped,no idea why this (not) happens.

also,regardless if i (as a admin) can see the content of the folders on a userhome, certain users cant.

in the windows-explorer, i have the userhomes listes twice:

once all under the userhome golder, and twice dirctly as a  share on the D:// drive. and all user can see each others folder.

how can i get some order in it,because this is confusing. do i have to set those userhomes as hidden? or is it a server 2008 issue im not aware of?

Question by:boxexpert
  • 5
  • 2
LVL 58

Accepted Solution

tigermatt earned 250 total points
ID: 22715811

OK, it sounds like you have a bit of a problem! :) I'll go through each point one by one; let me know if you have any questions, and obviously answers to any of my questions!

> it happens quite often that a user doesnt get a drive mapped,no idea why this (not) happens.

How have you assigned the logon script? I presume you have done so through Group Policy, in the User Configuration, Windows Settings, Scripts (Logon/Logoff) section? You need to ideally ensure that the Group Policy you have assigned the script in is linked at the root of the domain - this means that when you load the Group Policy Management Console, you will see the name of the policy with the script defined directly below the <domain>.local container.

I would suspect the main culprit with not getting a mapped drive would be a user which is out of the scope of the policy; linking it at the root of the domain will help this.

> also,regardless if i (as a admin) can see the content of the folders on a userhome, certain users cant.

Check the permissions. The Share permissions (right-click on the UserHome folder on the Server D: drive, Sharing) should ideally be set so that the Everyone group has Full Control / Owner rights. Then, you click on the "Security" tab and add in the appropriate security settings. My recommended configuration would be to have EVERY folder with the Administrator as Full Control, and then on each user folder, the appropriate user account also granted Full Control.

> once all under the userhome golder, and twice dirctly as a  share on the D:// drive. and all user can see each others folder.

How have you assigned the Home Directories? It sounds like you may have done it twice. At present, you are using a batch file to map the drives to the user homes, which means you shouldn't need to have entered any entry in each user's Active Directory properties on the Profile tab. Check the Home Directory section on the user properties is blank.

All users may be able to see each other's folders - that is quite normal depending on the configuration, but can they browse them, and say open up one of the user's files? If they can, it's a permissions issue. Set the permissions as I described above, and you should be OK.


Author Comment

ID: 22829251
ok,will do. ill let you know about the outcome

Author Comment

ID: 22893085
i did as you told me. the userhomes are working, i shared them as follows:

FS1\\Userhome\username$    and it looks ok.

i will assign the script soon. but where do i edit the GPO? on the domain controller?
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 58

Expert Comment

ID: 22908385

Yes. GPO is edited on the Domain Controller. Use Group Policy Management tool in Start, Control Panel, Administrative Tools. Then create a new policy, link it to the domain, and assign the script in User Configuration > Windows Settings > Scripts (Logon/Logoff) > Logon. Ensure you dump the script in a share such as \\domain\NETLOGON so it is accessible at login time.
LVL 58

Expert Comment

ID: 23044384

I don't understand why this one warrants deletion? I've been assisting you through this thread and and then you have asked for this to be deleted?
LVL 58

Expert Comment

ID: 23059782

I object to this as I have been assisting this user both here and in his other thread, and now wants it deleted. Posted an original "objection" comment on Wednesday but no response from author in that time so here is my official objection post.

LVL 58

Expert Comment

ID: 23062875

I suggest PAQ using http:#a22715811.


Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question