Users home directory

[Dick]

I am taking a risk here, since i'm a Novell guy.

But anyway, when I create a user on a W2003 server on the profiles tab
you can assign his home directory.

question 1

When the user logs on he can see the home directory (<user> on
<server>\home$ H, but can't do anything with it. The path is like
this \\server\home$\<username>, the user has full control on the
directory <username>.

question 2

I thought that the $ sign after a directory is a hidden share. Why is
it then that I can see it in the windows explorer??

What can I do wrong???

Dick

 

[Herb Martin]

I am taking a risk here, since i'm a Novell guy.

Not, much, I visit a variety of newsgroups and it's usually the Mac folks
that are the most rude to people who don't always run their idea of the
"best system". Most of the time the Linux folks are happy to help as are
the Microsoft people.

But anyway, when I create a user on a W2003 server on the profiles tab
you can assign his home directory.

question 1

When the user logs on he can see the home directory (<user> on
<server>\home$ H, but can't do anything with it. The path is like
this \\server\home$\<username>, the user has full control on the
directory <username>.

The user needs FC on the "share" (or at LEAST "change" on the share)
plus the NTFS permissions you indicate on the DIRECTORY.

(The term "folder" is an unfortunately muddling of the terminology that is
now current so mentally distinguish "Directory" from "Share" by avoiding the
word "folder" when working permissions -- as you have done -- even
though you will hear it from otherwise knowledgable people.)

The Directory (and file) permissions are NTFS, and the Share (or "file
share")
permissions are completely distinct. The user must have access through both
method to have EFFECTIVE access.

question 2

I thought that the $ sign after a directory is a hidden share. Why is
it then that I can see it in the windows explorer??

The $ sign on the end of a SHARE should make the share unbrowsable
by both Explorer (net neighborhood) and the command line "net view".

It should not appear BEFORE the user connects to it; the user cannot
browse or discover such shared without knowing the name.

What can I do wrong???

Try checking the permissions on the Share and seeing if the share is in the
browse lists or visible BEFORE the connection.

 

[Rob Elder, MVP-Networking]

You should share Home without the $. No need to make it hidden. Use the
following syntax in the home folder path \\servername\home\%username%

Don't forget that the default share permission on 2K3 is read. You should
change that to full. The permissions should be configured automatically on
the user folders beneath home.

If you're using 2k3 as a your DC, you much better off redirecting the My
Documents folder using Folder Redirection in group policy. Less confusing
for the user. They just save to My Documents and the location is
transparent.

$ is supposed to hide shares. Not sure why you're seeing it. You didn't
put a space before it, did you?

 

[Herb Martin]

You should share Home without the $. No need to make it hidden. Use the
following syntax in the home folder path \\servername\home\%username%

Are you saying there is a reason NOT to hide home?

Don't forget that the default share permission on 2K3 is read. You should
change that to full. The permissions should be configured automatically on
the user folders beneath home.

Good advice and this jibes with (and better explains) my recommendation to
check the share permissions.

If you're using 2k3 as a your DC, you much better off redirecting the My
Documents folder using Folder Redirection in group policy. Less confusing
for the user. They just save to My Documents and the location is
transparent.

I agree -- the real issue however is that "Home" is the only appropriate
choice
for 9x and NT boxes. It's the clients that really push this to using Home
rather
than My Documents and the GPO settings.