Solved

Active Directory Home Directory default permissions

Posted on 2010-11-11
4
619 Views
Last Modified: 2012-05-10
When a new user logs into a computer for the first time with their AD credentials the homedirectory is created if it doesn't exist. The permission however are full control for the user. I would like the user to only have modify permissions to there folder, subfolder, and files. Is there anyway to accomplish this?
0
Comment
Question by:LouisSanchez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 6

Accepted Solution

by:
Hisham_Elkouha earned 500 total points
ID: 34112194
I think that is impossible, because they create their home folder, and if they don't have full control they will not be able to create the home folders from the beginning. Users must have full control to create folders, modify will be sufficient.
0
 
LVL 6

Expert Comment

by:mahrens007
ID: 34114724
Here is a script to create the directory.  I don't think it will set the permission though.

http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_24143416.html
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34114973
Firstly, we want to create a home directory with user permission & then allow him only not to delete the file, its same like i'm the owner of my vehicle but i can't drive it.

So, its not possible & other way you can give access to shared drive with read permission or remove full permission to delete anything from the sharre.
0
 

Author Closing Comment

by:LouisSanchez
ID: 34260757
Thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question