Solved

Active Directory Users personal folders auto rename

Posted on 2011-03-16
6
777 Views
Last Modified: 2012-05-11
When a new user is created in Active directory, a private users folder is auto created and mapped to the user as "U:\"  where "U" = the user name.
recently, a group of about 10 % of the user base is renaming the folders from the users name to "My Documents".

The users mapped drives still work, the only confusion is when administrators try to find the folder for an individual using windows explorer or other search methods.
0
Comment
Question by:wlasner
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:bigstyler
ID: 35148388
Hello,

give only the "List Folder Permission" for your user in the root of his directory. And Then give the "Modify" right on the subfolder.

The user will not be able anymore to change the root folder name.
0
 

Author Comment

by:wlasner
ID: 35148451
The user is not changing the name, it is changing on its own.....
0
 
LVL 4

Expert Comment

by:bigstyler
ID: 35148577
Oh ok !
This is a problem with desktop.ini file that is interpreted by Windows 7 from your admin computers.

Do you have a desktop.ini file in the root folder ? (choose to display hidden and system files).

If yes, please modify the security of the file to grant only the right to deny the right for your admins.
Then they will be able to display the folder correctly.

You can run this with a script like :

%windir%\system32\icacls.exe %homedrive%\Desktop.ini /deny "Domain Admins":r
%windir%\system32\icacls.exe %homedrive%\Desktop.ini /deny Administrators:r
%windir%\system32\icacls.exe %homedrive%\Desktop.ini /deny "Other Admin Groups":r


0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:wlasner
ID: 35149105
There is a destop.ini file.  can you please explain more detail on what needs to be done and where the script should be run.
thanks
0
 
LVL 4

Accepted Solution

by:
bigstyler earned 500 total points
ID: 35149264
Just to be sure and do it easily just directlry modify the ACL of the desktop.ini for a user.

Deny read access to it for everyone and then try to reproduce the issue :)
0
 

Author Comment

by:wlasner
ID: 35296529
OK - deny admin and domain admin worked - thank you.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now