Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active Directory Users personal folders auto rename

Posted on 2011-03-16
6
Medium Priority
?
789 Views
Last Modified: 2012-05-11
When a new user is created in Active directory, a private users folder is auto created and mapped to the user as "U:\"  where "U" = the user name.
recently, a group of about 10 % of the user base is renaming the folders from the users name to "My Documents".

The users mapped drives still work, the only confusion is when administrators try to find the folder for an individual using windows explorer or other search methods.
0
Comment
Question by:wlasner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:bigstyler
ID: 35148388
Hello,

give only the "List Folder Permission" for your user in the root of his directory. And Then give the "Modify" right on the subfolder.

The user will not be able anymore to change the root folder name.
0
 

Author Comment

by:wlasner
ID: 35148451
The user is not changing the name, it is changing on its own.....
0
 
LVL 4

Expert Comment

by:bigstyler
ID: 35148577
Oh ok !
This is a problem with desktop.ini file that is interpreted by Windows 7 from your admin computers.

Do you have a desktop.ini file in the root folder ? (choose to display hidden and system files).

If yes, please modify the security of the file to grant only the right to deny the right for your admins.
Then they will be able to display the folder correctly.

You can run this with a script like :

%windir%\system32\icacls.exe %homedrive%\Desktop.ini /deny "Domain Admins":r
%windir%\system32\icacls.exe %homedrive%\Desktop.ini /deny Administrators:r
%windir%\system32\icacls.exe %homedrive%\Desktop.ini /deny "Other Admin Groups":r


0
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:wlasner
ID: 35149105
There is a destop.ini file.  can you please explain more detail on what needs to be done and where the script should be run.
thanks
0
 
LVL 4

Accepted Solution

by:
bigstyler earned 2000 total points
ID: 35149264
Just to be sure and do it easily just directlry modify the ACL of the desktop.ini for a user.

Deny read access to it for everyone and then try to reproduce the issue :)
0
 

Author Comment

by:wlasner
ID: 35296529
OK - deny admin and domain admin worked - thank you.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question