Create Home Folder

[dave Admin]

Not sure why this is SO hard to do. It's EASY in Netware.

I have a Server 2003, SP1 network with XP workstations. I have a "Users"
folder off the root of the server drive and want individual folders for each
staff. The folders should be full control for that staff and the
Administrator account. It is important that other staff cannot see, let
alone read, any folder other than their own. In other words, if a staff
selects the user folder, the ONLY listed child folder should be their own.

With Microsoft's backward default security, every user gets read access to
every folder under the User folder.

I have searched high and low and have yet to find a procedure and set of
steps to properly create home folders for users already setup in AD.

Any advice would be appreciated.

daveM

 

[Beau]

Not sure why this is SO hard to do. It's EASY in Netware.

I have a Server 2003, SP1 network with XP workstations. I have a "Users"
folder off the root of the server drive and want individual folders for
each staff. The folders should be full control for that staff and the
Administrator account. It is important that other staff cannot see, let
alone read, any folder other than their own. In other words, if a staff
selects the user folder, the ONLY listed child folder should be their own.

With Microsoft's backward default security, every user gets read access to
every folder under the User folder.

I have searched high and low and have yet to find a procedure and set of
steps to properly create home folders for users already setup in AD.

Any advice would be appreciated.

daveM

How are you creating these folders? If you are creating them in explorer,
the permissions are inherited.

Use ADU&C, and under the profile tab use the home folder. Type in the
location and the folder will automatically be created and apporpriate
permissions assigned.

-Beau

 

[Sparda]

Not sure why this is SO hard to do. It's EASY in Netware.

I have a Server 2003, SP1 network with XP workstations. I
have a "Users"
folder off the root of the server drive and want individual
folders for each
staff. The folders should be full control for that staff and
the
Administrator account. It is important that other staff cannot
see, let
alone read, any folder other than their own. In other words,
if a staff
selects the user folder, the ONLY listed child folder should
be their own.

With Microsoft's backward default security, every user gets
read access to
every folder under the User folder.

I have searched high and low and have yet to find a procedure
and set of
steps to properly create home folders for users already setup
in AD.

Any advice would be appreciated.

daveM

I see what you mean, in Unix it would be quite simple to "chmod -R
u=rwx g-rwx o-rwx /home" making sure that the owner ship of the files
is correct. And obviusly if you wished certian users to be able to
read/write data in the home dir’s, you should make the group owner
of the home folder the same group that the user is asighned to and
give group read (perhaps write) and execute permissons, but in windows
it’s not so simple. And on my win xp desktop computers it seems
imposible. You carnt remove the "List folder contents" permissons with
out removing the "read folder contents" permison, and removing "read
folder contents" means that the uer canot access the folder. Of course
it may work on server 2003.

WAIT! There is more:

I worked it out, it seems you MUST remove the "List folder contents"
permisson, this means when the share (for example) \serverusers is
opened it says "Access Denied" how ever, if type in the home path of
the user \serverusersluke it will be happy, and allow access. This
is what the top level home directory (aka the \serverusers share)
should look like http://sparda.hopto.org/topevel.png you should be
able to work out lower users permisons your self. Which should be full
control to the owner user.

 

[dave Admin]

Thanks,

That's the best explaination I have seen yet. Netware security is orders of
magnitude easier to understand and implement than Microsoft's and I don't
speak UNIX or Linux.

Some of these same difficulties arise when having a number of folders, all
with different security requirements.

This helped

daveM