The incorrect user's home directory appears in My Computer mapped drives -- completely wrong user

kapshure
kapshure used Ask the Experts™
on
Hi team.

We've got a Windows Server 2003 network, with (2) domain controllers (Enterprise Ed. SP2), both functioning as Global Catalogs, and one file server on Windows 2003 Standard SP2.  On the file server is where we have a ..\users directory (sitting on a separate volume other than sys volume), and all users get a home directory when AD user accounts are created.

Within the last few weeks, two separate times now, we have a scenario where an end-user goes to their mapped home directory in My Computer, and its pointed to another user. I've not seen this in person, but I have seen a screenshot from this weekend, where it happened again. I can't verify whether or not they have just "Read" access or actually "write" access as well.

It happened first to a person in HR, so now this issue has great visibility, and obviously carries some heavy security issues along w/ it.

I checked the System and Security logs on both a domain controller and the file server, and I can't find anything that sheds light on this.

Does someone have a clue where to start to unravel this? or any idea why this might be happening?

Thanks

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
How're you setting the home directory?  In the user account in AD? GPO? Login script?
Verify that the NTFS permissions on each user home allows modify-access for just the user. SYSTEM should have full access, Administrators may have full access.
If the Administrators group has access, make sure the affected user is not member of the Administrators group or another group that is member of the Administartors group.
Most Valuable Expert 2011
Commented:
You have some dinosaur stuff there,...mainly the mapped drives, but secondly the whole idea of a "home directory".  Both of those are dinosaur leftover ideas from the era of Novell when we were running Windows95 workstations.

What you really should do is eliminate the mapped drive letter,...eliminate the "home folder" idea and just use Folder Redirection and then redirect their users My documents to the file Server location that you are currently using as the "Home Folder" storage.  This merges the "home folder" contents and the My Documents into the same thing.   As long as these are non-portable Desktop machines you can consider it done and stop there, but for Laptops you can combine Offline Files into the same mix so that a mirror copy of the folder contents are stored locally on the users machine.

Users really need to be taught to stop thinking of things being "on a drive" somewhere and start thinking in terms of locations or just operate through their "My Documents" location.   If you ever move to something like Sharepoint for sharing and collaboration there isn't going to be a "drive letter" for everything.
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

kevinhsiehNetwork Engineer

Commented:
You are seeing this because of the hidden desktop.ini file that can cause Windows Explorer to display folders in certain ways, such as "Usersname's Documents" instead of "MY Documents".

See http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/0ab1d9aa-fc5a-4765-b60b-bc226df5cf71

Author

Commented:
@kevinsieh

i'll look into that

@pwindell

that makes a lot of sense. i've not been working in the AD environment for the past several years, been over in CentOs land. But I'm back to winders now, and they're using a 2k3 domain (a lil jankified possibly) and we're going to build up a new 2k8 domain to sync w/ our 2k8 domain in the colo.  additionally, i'm knee deep in an exchange migration to BPOS.. so im a little busy to look at completely changing the structure of user's home directories. is there something you can point to that might shed some additional light on it?  

@mpfister

i'll look into that

@lamaslandy

via AD profile settings/ maybe GPO too.. i'll have to go check the GPO settings

thx everyone
Most Valuable Expert 2011

Commented:
so im a little busy to look at completely changing the structure of user's home directories. is there something you can point to that might shed some additional light on it?  

It is as simple as Googling "Folder Redirection" and limiting it to "microsoft.com",...of heck for that matter not even bothering to limit is to "microsoft.com".   Do the same for "Offline Files".

I don't have any handy links to paste in,...I just Google it when I need it myself too.
Most Valuable Expert 2011

Commented:
The first sentence was supposed to be marked as quoted.

Author

Commented:
@pwindell

no worries. I hear yah, I just mean, I can't focus on that project till I complete something else. When that time comes then I will implore google-fu.

I do appreciate your response and direction. I'm going to close this one out, but when/if I need more help I can open another thread.

Most Valuable Expert 2011

Commented:
Sounds good.
Good luck with it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial