intear
asked on
How to Auto Create User Folder with Special Permissions?
Here's my scenario:
I need to create a folder share on our server called "Archive". When a new user is created through Active Directory, a subfolder under the Archive folder should be created with the User's name. That folder will then only allow that user or administrators to r/w access. After this is done, a network drive will be mapped for the user.
So far:
I've ruled out folder redirection. This would work, but it seems as though I can't add any additional folders under the group policy. I've also tried numerous vbscripts I've found on the web with no success. I've also tried drive mapping through group policy, but I have a mixed environment of XP and Win 7 machines and it doesn't work well.
Environment:
We have a Windows Server 2008 r2 server in a domain environment, Mixed user workstations XP, Vista, Win 7
Is this scenario even possible? Any help would be great.
I need to create a folder share on our server called "Archive". When a new user is created through Active Directory, a subfolder under the Archive folder should be created with the User's name. That folder will then only allow that user or administrators to r/w access. After this is done, a network drive will be mapped for the user.
So far:
I've ruled out folder redirection. This would work, but it seems as though I can't add any additional folders under the group policy. I've also tried numerous vbscripts I've found on the web with no success. I've also tried drive mapping through group policy, but I have a mixed environment of XP and Win 7 machines and it doesn't work well.
Environment:
We have a Windows Server 2008 r2 server in a domain environment, Mixed user workstations XP, Vista, Win 7
Is this scenario even possible? Any help would be great.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would go back to the folder redirection route
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003(and beyond)
http://support.microsoft.com/kb/274443
Then incorporate "Access Based Enumeration" <<<users only see folders they are "Owner" of
http://technet.microsoft.com/en-us/library/dd772681(WS.10).aspx
Enabling the administrator to have access to redirected folders
http://support.microsoft.com/kb/288991
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003(and beyond)
http://support.microsoft.com/kb/274443
Then incorporate "Access Based Enumeration" <<<users only see folders they are "Owner" of
http://technet.microsoft.com/en-us/library/dd772681(WS.10).aspx
Enabling the administrator to have access to redirected folders
http://support.microsoft.com/kb/288991
ASKER
Maybe I'm making this more complicated, but I still have one issue with folder redirection. First off, I've setup folder redirection before in multiple environments, but never in this manner. The Archive files are not stored locally on the user's workstation, they are already on the server. I understand you can change the folder path of the predetermined folders (i.e. my docs, app data), but I think this scenario needs to use folder redirection in a different way doesn't it?
I guess the point I'm trying to get across is that in the gpo you have the folders app data, my docs, desktop, and so forth. Those folders sync local data from the users computer with the server. I don't really need that functionality from this application.
I hope that makes some sense :)
I guess the point I'm trying to get across is that in the gpo you have the folders app data, my docs, desktop, and so forth. Those folders sync local data from the users computer with the server. I don't really need that functionality from this application.
I hope that makes some sense :)
What is it that you are "Archiving"?
I would *only* redirect the My docs, start menu and Desktop<<<not "App Data"
If folder redirection is setup correctly, all folders are created by the redirection itself. I would also not use offline files which is more trouble than it's worth.
Best Practices for Folder Redirection in User Data and Settings Management
http://technet.microsoft.com/en-us/library/cc784630(WS.10).aspx
I would *only* redirect the My docs, start menu and Desktop<<<not "App Data"
If folder redirection is setup correctly, all folders are created by the redirection itself. I would also not use offline files which is more trouble than it's worth.
Best Practices for Folder Redirection in User Data and Settings Management
http://technet.microsoft.com/en-us/library/cc784630(WS.10).aspx
ASKER
Archive may be confusing, it's just the folder name. The issue at hand is that the files are not stored in any of the predetermined folders under the gpo. That's why I don't think folder redirection will work.
"The issue at hand is that the files are not stored in any of the predetermined folders under the gpo. That's why I don't think folder redirection will work."
Which files ?? My documents ?? Desktop ?? Very difficult to help without all the info :)
Which files ?? My documents ?? Desktop ?? Very difficult to help without all the info :)
Can't you just use home folders? It really sounds like this is want you want if I havn't missed something.
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
ASKER
@dstewartjr,
The files are old files from user gathered from different locations per user (i.e. my docs, desktop, as well as others) and placed in a single repository "the Archive folder" that will be stored on the server. They are not used anymore, but users don't want them deleted.
@snusgubben,
This would work, however, i need be able to have multiple folder locations.
The files are old files from user gathered from different locations per user (i.e. my docs, desktop, as well as others) and placed in a single repository "the Archive folder" that will be stored on the server. They are not used anymore, but users don't want them deleted.
@snusgubben,
This would work, however, i need be able to have multiple folder locations.
What do you mean by multiple locations. Are you talking about multiple file servers?
From what I have read, you want to create a share called "Archive", and you want this share to be populated with a dedicated user folder.
Like:
Share: \\server\Archive
-Archive
-- JohnDoe
--- JohnDoes files and folders
-- TerryButcher
--- TerryButchers files and folders
-- etc
Is this correct?
From what I have read, you want to create a share called "Archive", and you want this share to be populated with a dedicated user folder.
Like:
Share: \\server\Archive
-Archive
-- JohnDoe
--- JohnDoes files and folders
-- TerryButcher
--- TerryButchers files and folders
-- etc
Is this correct?
Again, this can all EASILY be done using folder redirection.
You configure redirection ( correctly ) and inform users that if they dont want to lose anything, to put it in their "My Docs" or "Desktop" .
You configure redirection ( correctly ) and inform users that if they dont want to lose anything, to put it in their "My Docs" or "Desktop" .
If you need multiple server locations, then use DFS.
ASKER
I've requested that this question be deleted for the following reason:
No one was able to follow the answer and give an appropriate response. I eventually went a different direction.
No one was able to follow the answer and give an appropriate response. I eventually went a different direction.
So share what you did and allow us all to learn something.
Agreed...You also made no effort to respond to the last 3 comments as well
http:#a37383336 , http:#a37383350 , http:#a37383362
http:#a37383336 , http:#a37383350 , http:#a37383362
ASKER
I think i responded to the last 3 comments before hand. Folder redirection is not an option with this scenario and don't feel like wasting anymore time explaining it. I sub contracted a guy to write an elaborate script for a nice chunk of change. Nothing new to share.
So when I said in my first comment you would need a very elaborate script I was correct?
I would concur
ASKER
Is that a recommendation or a solution? To me it's a recommendation, but whatever, I just want to move on.
ASKER
recommendation not a solution
ASKER