Active Directory: Home Directory

Hi,

1)      This is related to Home Directory of a User in the Active Directory’s environment
2)      The OS for the Domain Controller is Windows 2008 server
3)      I use the login script to map the network drives for each user (I put it at the Profile tab of the user properties). The login script is as the followings:

REM @echo off

Net use X:  /home

Net use Y: \\Bobafilesrv\Marketing

Net use W: \\Bobafilesrv\Accounting

Net use P: \\Bobafilesrv\Public

:end

4) I do not have any problem to map network drives (Y: drive, W: drive and P: drive)
5) But I have a problem with the “Home Directory” (X: drive)
- The error message: “The home directory is not set up etc …..”

6) OK, I go to EACH user’s properties and setup the Home Directory as the followings:
- Firstly, I created a SHARE at Bobafilesrv called “Home200”
-Then, I go to each user’s properties
- I go to the Home directory’s box and set the followings:
Connect to Z: \\Bobafilesrv\Home200\%username%

7) I got the “Home Directory of EACH user” successfully

8) My questions:

First: Is it the RIGHT way to setup the home directory?

Second: I am still confused with the PERMISSION of the folder “Home200” (I gave the Full Authority to each Authenticated user; It seems it is NOT correct as  every user is ABLE to see other user’s home directory)
-      For example:
-      If Jblack (from his workstation): do the followings: \\Bobafilesrv\Home200\pbrom
-      Jblack can OPEN the home directory of the pbrown

Third: Is it POSSIBLE to create the home directory using the GPO? (Note: Right now, I have to setup the home directory of each user ONE by ONE); If yes, Please give me a hint

Thank you

tjie
tjieAsked:
Who is Participating?
 
Mike KlineCommented:
Yes number 6 is the correct way.

Take a look at this blog for permissions   http://blogs.technet.com/b/migreene/archive/2008/03/24/3019467.aspx

You can map drives using group policy preferences   http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx

Either way will work.  If you go with GPP test and experiment with it.

Thanks

Mike
0
 
tigermattCommented:
Mike has you well covered (hi Mike!), but I thought it worth picking up on your point about creating the folders by GPO.

You can't do that by specifically enabling any setting in Group Policy, but you can cause it to happen without using Home Directories if you set up a folder redirection policy and the permissions as per the link in Mike's post. If you do that, the process of applying the folder redirection policy to a user at login time will cause Windows to create the folder structure if it doesn't already exist.

Also, if you create home directories via the standard Microsoft tools (AD Users & Computers), and assuming the account you use has the proper permissions on the shares, then the tool itself will create the home folder when you enable it on a user account. Enabling this setting for many users can be performed en masse by simply highlighting them all and entering properties; this is one of the few settings on the "multiple objects" property page. If you use command line tools or scripting methods to set home directory paths though, then you must also create the folders manually.

Which method you use is a matter for debate. I've always considered the home directory approach to be less nifty than the folder redirection approach. Home directories will typically still be used in conjunction with folder redirection for the "My Documents" folder to appear correctly, so it seems to make sense to just have folder redirection handle it all.

But, that can lead to more complex policies in large networks, where you might have multiple file servers; it's a very flexible system allowing you to modify the home directory value on individual user accounts and move their data to other servers, whereas doing so with GPO can be cumbersome, and typically means you cannot treat users' data individually but are forced to group users and their data together for ease of management. Home Directories also set (when created by AD U&C) explicit "Full Control" permissions to the user account over that directory, rather than the automated redirection method, which depends on the NTFS owner flag and the inherited "CREATOR OWNER" permission. But, you can also combine your shares with DFS namespaces to make that process easier. The larger networks I manage still use home directories + DFS + folder redirection and it works well.

It really is a matter which is to be decided internally and which probably comes down to personal choice.

-Matt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.