Home Directory Permissions

D

Don Jones

What should the user's home directories permissions be?

Using a Windows NT 4.0 Domain, and adding users with Home
Directories, the end permissions are UserName with Full
Control and no other users have access.

Under Windows 2000 Domain, The user's home directory is
inheriting the permissions of the parent folder. Admin
Full Control, System Full Control, Users Full Control,
and the username full control. The folder has the box
checked to to inheirt permissions from the parent.

I was under the impression, that home directories should
only be accessible by the "user" and no one else unless
the user gave them access. Am I missing something?

Thanks.

Don Jones
 
A

Alex Zhang

Hello Don,

Thank you for posting here.

I suggest that you refer to the following article to configure proper
permission for the folder Users which you shared as Error! Hyperlink
reference not valid. name>\users

Q274443 HOW TO: Dynamically Create Secure Redirected Folders By Using
Folder."
http://support.microsoft.com/default.aspx?scid=KB;EN-US;274443


Please perform the following steps to test the situation:

1. Set Share Permissions for the Everyone group to Full Control.
2. Use the following settings for NTFS Permissions:
CREATOR OWNER - Full Control
System - Full Control
Domain Admins - Full Control
Everyone - List Folder/Read Data (Apply onto: This Folder,
subfolders, and files)
Everyone - Read Attributes (Apply onto: This Folder, subfolders,
and files)
Everyone - Create Folder/Append Data (Apply onto: Subfolders, and
files only)

NOTE: That in the modified permissions, the Create Folder/Append Data
permission is only applied to "Subfolders, and files only" not "This
Folder, subfolders,and files."

Note: You can right click the folder->Properties->Security->Advanced, and
uncheck ¡°inherited from parent permission¡± to remove all inherited
permission from parent folder and then add proper users as described above.

You can add permission for Everyone by:

1). Right click the users folder->properties->security->Advanced
2). Click Add, type Everyone, click OK, select Apply onto: This Folder,
subfolders, and file, check List Folder/Read Data and Read Attributes.
3). Click Add, type Everyone, click OK, select Apply onto: Subfolders, and
files only, check Create Folder/Append Data

Then you can try to create users by using your template to test the
situation, the user shall have proper permissions at this time.

For more information about home directory:
Home-Directory
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad
schema/a_homedirectory.asp
Managing Existing User and Group Accounts
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
09w2kada.mspx
HOW TO: Assign a Home Directory to a User
http://support.microsoft.com/default.aspx?kbid=320043
How Windows NT Determines a User's Home Directory
http://support.microsoft.com/default.aspx?scid=kb;EN-US;101507

I hope this information proves helpful to you.
If you have any questions or concerns, please do not hesitate to let me
know. I am happy to be of assistance.

Thanks and regards,
Alex Zhang
Microsoft Partner Online Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Don Jones" <[email protected]>
| Sender: "Don Jones" <[email protected]>
| Subject: Home Directory Permissions
| Date: Tue, 20 Apr 2004 17:19:57 -0700
| Lines: 19
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcQnNmCE67BdYRHaSEW1R8l5F3rnnA==
| Newsgroups: microsoft.public.win2000.security
| Path: cpmsftngxa10.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.security:25599
| NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| X-Tomcat-NG: microsoft.public.win2000.security
|
| What should the user's home directories permissions be?
|
| Using a Windows NT 4.0 Domain, and adding users with Home
| Directories, the end permissions are UserName with Full
| Control and no other users have access.
|
| Under Windows 2000 Domain, The user's home directory is
| inheriting the permissions of the parent folder. Admin
| Full Control, System Full Control, Users Full Control,
| and the username full control. The folder has the box
| checked to to inheirt permissions from the parent.
|
| I was under the impression, that home directories should
| only be accessible by the "user" and no one else unless
| the user gave them access. Am I missing something?
|
| Thanks.
|
| Don Jones
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Permissions on a home directory 4
home directory permissions 1
permissions fouled up on user folder 3
Random files losing NTFS Permissions 2
Reset permissions on thousands of user home directories 9
Strange NTFS directory permissions 2
Question about share permissions 1
NTFS Permissions - Sub-Folders 4

Top