Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 731
  • Last Modified:

Active Directory Mapped Network Drive User Storage

Question 1: OK so i set up Active Directory on a Windows 2003 Server with no issue however, i want to have multiple network drives linked to a user's account. As of right now i have one drive mapped when a user logs on to the PC. Pretty much the goal is to have these mapped drives follow the user at any pc they log into. I noticed you are only able to map one drive to a user in the user setup section ... How do i add multiple drives?

Question 2: I want each user to have a personal mapped drive for storage that is limited to 10 gigs that they only have access to. So far what i did was created a folder titled User Storage folder on the servers C: drive and shared that. Then i created sub folders in that directory with the users name. However im having security issues on it. I set the Main folder User Storage Folder to be accessed by the users group as a read only and then on the users personal folder i gave full control to their specfic folder. My goal was to have all the users in the users group be able to see all the users folders on the network however only have access to their particular folder. So if John Smith tried adding Mike Jones folder it wouldnt give him access.  I was able to accomplish this but once the folder is mapped to that user they cant add or delete anything from their folder.So the real question i guess here is how do i fix the security issue and number 2 how do i limit their personal folder to only use 10 gigs of storage?

Thanks,
Ray
0
SirusComputers
Asked:
SirusComputers
  • 12
  • 11
  • 3
10 Solutions
 
AmericomCommented:
Q1, you can use GPO to map drive but I suggest you do the mapping with logon script, or leverage shortcuts instead of drive mappings as it is more meanful and not liminted the the number of drive letters.

Q2, you can set the root folder for all user to List on NTFS(Security) and leave Full on Share. Then restrict the individual user with Change on NTFS
0
 
SirusComputersAuthor Commented:
How do i create a logon script and after its created where do i put it?
0
 
AmericomCommented:
You can create a VBS script call it xxxx.vbs, then create a logon GPO to launch it Here is a sample script.
'For drive mappings with VBS:

Option Explicit
Dim oNet, oExec, wshShell, sUserName, sUserDomain, oAcct, sGroup, GroupObj, objShell
Set oNet = CreateObject("WScript.Network")
Set WshShell = WScript.CreateObject("WScript.Shell")
oExec = wshShell.Run ("net use * /delete /y",0,TRUE)
sUserName = oNet.UserName
sUserDomain = oNet.UserDomain
Set oAcct = GetObject("WinNT://" & sUserDomain & "/" & sUserName)
ON ERROR RESUME NEXT
For Each GroupObj In oAcct.Groups
      Select Case GroupObj.Name
            Case "Domain Users"
                  oNet.MapNetworkDrive "H:" , "\\ServerName\ShareName$"
            Case "Domain Admins"
                  oNet.MapNetworkDrive "I:" , "\\ServerName\ShareName$"
            Case Else
      End Select
Next

You can put this script in the \\domain\netlogon
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AmericomCommented:
GPO: User configuration>Windows settings>script>logon.
0
 
AmericomCommented:
a couple more comments:
Link the GPO to the OU where you want the users to launch during logon.
For your user home share, you may want to create individual share for each user rather than only a root share to avoid admin mistake(avoid user from accidentally accessing other user's home share). there is no reason, at least I can't think of any, that the user need to see other user's home share. Doing the dedicated share for each user, you shorten the UNC path and no need to do the List permission on the root share.
0
 
SirusComputersAuthor Commented:
In that script... Can you bold what values in their i have to change? Thanks
0
 
SirusComputersAuthor Commented:
I actually fixed the issue with the security.. I set permissions to everyone so they can see all the folders however if they click on another users folder to map it... it asks for the admin user name and password. So they cant get into it.
0
 
AmericomCommented:
There is really not much you need to change.
Only the "ServerName" and "ShareName$" you need to change to your actual name.
Unless you are not using the "Domain Users" or "Domain Admins" group, you could change these Active Directory group to your preference such as "Company Users" or "Help Desk Admins" etc.
Example if you are going to map a home folder for all company users, you could use the "Domain Users" or create a group call "Company Users" and make the user a member of this group. See example below where JSmith$ is the sharename of Jon Smith which ever sharename you created.
******************************
For Each GroupObj In oAcct.Groups
      Select Case GroupObj.Name
            Case "Company Users"
                  oNet.MapNetworkDrive "H:" , "\\YourServerNameHere\JSmith$"
            Case Else
      End Select
Next
*****************************************
0
 
SirusComputersAuthor Commented:
Now is this a generic script where its applied to the users group or do i just link the script to each individual user?
0
 
SirusComputersAuthor Commented:
Option Explicit
Dim oNet, oExec, wshShell, sUserName, sUserDomain, oAcct, sGroup, GroupObj, objShell
Set oNet = CreateObject("WScript.Network")
Set WshShell = WScript.CreateObject("WScript.Shell")
oExec = wshShell.Run ("net use * /delete /y",0,TRUE)
sUserName = oNet.UserName
sUserDomain = oNet.UserDomain
Set oAcct = GetObject("WinNT://" & sUserDomain & "/" & sUserName)
ON ERROR RESUME NEXT
For Each GroupObj In oAcct.Groups
      Select Case GroupObj.Name
            Case "Domain Users"
                  oNet.MapNetworkDrive "U:" , "\\DPS210\User Folders\rzuchowski$"
                  oNet.MapNetworkDrive "S:" , "\\DPS005\OEM Drive O (Programs)$"      
            Case Else
          Next
      End Select


Ok here is what i did the script for the user group but i cant get it to work... What am i doing wrong?
0
 
AmericomCommented:
For this one \\DPS210\User Folders\rzuchowski$
If you have an hidden share as "rzuchowski$" all you need is \\DPS210\rzuchowski$

For "\\DPS005\OEM Drive O (Programs)$"
Try a simpler sharename.
0
 
AmericomCommented:
btw, you "Next" should be after End Select
0
 
SirusComputersAuthor Commented:
I dont have the money sign  in the share name like the folder is just rzuchowski . Do i need the money sign after it and if i do why?
0
 
AmericomCommented:
The $ is for hidden share only. If you don't have it then you need to remove it.
0
 
SirusComputersAuthor Commented:
Alright so i got everything working thanks to you however... The user shared portion of it for the U: Drive... How do i make this generic.. for example i need the U drive to map to everyones logon name. So for me mine is rzuchowski but say i need one for John Smith... What do i put in the script to make it generic? Also how do i limit the users folders to only be able to use 10 gigs of space ?
0
 
SirusComputersAuthor Commented:
oNet.MapNetworkDrive "U:" , "\\DPS210\User Folders\rzuchowski"  <----- thats whats in script now but if i log on as another user their folder wont come up cause only my folder is in the script how do i make this generic for the U: Drive?
0
 
AmericomCommented:
Two methods you can try:
1) do the home folder and map to U: by the domain account properties as you have started earlier with the username variable such as \\ServerName\%UserName%
2) if you want to do it with the above script, you just need to replace the username share with the variable "sUserName" already defined in your script. Example:
oNet.MapNetworkDrive "U:" , "\\DPS210\User Folders\"&sUserName&""
0
 
SirusComputersAuthor Commented:
I tried doing it through the domain account properties and the share will now show up for some reason.
0
 
SirusComputersAuthor Commented:
Can you have the domain account properties set while having a script in place?
0
 
AmericomCommented:
regarding the disk quota. In Windows Server 2003, you can only set quota per volume. This means if you enable quota for a particular user on a specific volume, the quota restriction is enable not only for user's home folder but other group shares where the user have access to as well. So, if those shares are on the same volume, then this is tough to manage and will create high maintenance for you. You may improve this by having a dedicated volume for just user home folder if that's what you will set quota. You may want to upgrade your file server to R2 to have quota by folder. See http://www.windowsnetworking.com/articles_tutorials/Configuring-Volume-Folder-Quotas.html
0
 
AmericomCommented:
Yes, you can setup domain account properties set while having a script in place. Just make sure that you don't use the same drive letter for mapping.
0
 
abolinhasCommented:
Hi SirusComputers,

Try this

1º - Create a batch file (like this) :

@ECHO OFF
NET USE U: \\yourservername\%username%  /persistent:yes

Save in SYSVOL (eg. \\domain\sysvol\domain\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\User\Scripts\Logon)

2º - Assign full control to your users.
http://www.microsoft.com/windowsxp/using/networking/security/permissions.
mspx

3º - Add this batch to logon script
http://www.computerperformance.co.uk/Logon/logon_script_assign.htm
0
 
SirusComputersAuthor Commented:
I got everything working thanks guys. I read an article the other day about using FSRM but i dont have R2 installed. To install R2 im guessing id have to buy R2 and upgrade or does it have to be a new install? Also If you guess were installing a new server and you had to pick between 2003 r2 and server 2008 what would you go with? An if you pick 2008 is it any better... are things harder ?

0
 
AmericomCommented:
If you upgrade from win2k3 to win2k3 R2, it's free. You just need to contact Microsoft and ask for a CD cost about $15-$30.

But Before introducing your first Windows server 2003 R2 DC you must extend the schema of your existing Windows server 2003 domain using the version of adprep that is on Disc 2 of the R2 media.

Step1. Run ADPREP /forestprep  (note: this command can be found in \cmpnents\r2 on CD2, the one in CD1 is different)
Step2. Wait for the above to replicated then run ADPREP /domain prep

Regarding to Win2k8, there's also Win2k8 R2 as well. Now this will required you to purchase licnese. Of course, there are many new feature to Win2k8/R2. This Win2k8R2 comes with only 64 bit. So, you may have to plan for new OS and HW. More info: How to Prepare an Existing 32-bit Active Directory Domain Services Forest for the 64-bit Windows Server 2008 R2:
http://policelli.com/blog/?p=433
0
 
abolinhasCommented:
0
 
abolinhasCommented:
sorry, Igonre my previous comment
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 12
  • 11
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now