AD Permissions

T

Tera

In an AD Win2K environment (one domain), when a new user is setup and home
folders are connected to \\servername\home\userid, when I hit ok, AD creates
the userid folder on the server. These permissions are not getting the
inherited permissions from the root home folder. Does anyone know where AD
gets these permissions? My problem is I created a new group (g-home and
group share) which is modify rights to all home folders. I want this group
included when a new userid is created but it is not. AD gives the
Administrators-full, Domain Admins-full, userid-full, system-full and that's
it.

If I go and create the folder manually, it will get the inherited
permissions from the home folder, but will not add the userid, so this
doesn't work either.

Any suggestions will be helpful.
Thanks!
Tera
 
M

Mark Ramey [MSFT]

Tera

When you let Active Directory create the folder for you, by default the
inheritable permissions will be turned off. The system will set the user
folder permissions to Administrators Full Control and the user Full Control.

This is due to the security model of 2000. If you want the folder to inherit
permissions you must create the folder manually and add the user to the
permissions. This will set the inheritable permissions on the folder.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Question 1
newbie: restrict permissions for home folder 1
Home directory permissions 1
Default Perms for Home Folders 1
folder permissions AD 1
Problem with assigning permissions with CACLS in VBScript 1
Problem Creating HomeDirectories and Permissions using VBScript 4
Home directory mapping only mapping the \\servername\sharename. 4

Top