usage of %USERNAME% to create Home folders

[Deaker00]

HEllo,

Havea quick question. I am using the %USERNAME% to create home folders for
the users. Issue I am having is that if I perform this action from a
workstation in the domain using the USER AND COMPUTER adminpak tools...the
home folder is not created with the usual permissions. When I do this from
the DC as the domain admin...the home folder gets created as required...with
the user as the owner and with administrators and the user with full
control. THe newly created folder also does not inhetit from it's parent
(also what I want it to do). When this same function is done from a
workstation and using the RUN AS and utilizing the domain admin...the folder
is created...but the administrator is the owner and the permissions are
inherited from the parent.

I'm sure this has been asked before...just couldn't find an answer anywhere.

Thanks.

Dan

 

[Glenn L]

Are you doing this from XP or W2K pro.
If XP, have you tried from W2K pro? vice versa?

 

[DEAKER00]

I Have only tried it from XP as that is our workstation of choice ...

Dan

 

[lforbes]

I Have only tried it from XP as that is our workstation of
choice ...

Dan


 >> HEllo,
 >>
 >> Havea quick question. I am using the %USERNAME% to
create home folders
 >> for
 >> the users. Issue I am having is that if I perform
this action from a
 >> workstation in the domain using the USER AND COMPUTER
adminpak
 >> tools...the
 >> home folder is not created with the usual
permissions. When I do this
 >> from
 >> the DC as the domain admin...the home folder gets
created as
 >> required...with
 >> the user as the owner and with administrators and the
user with full
 >> control. THe newly created folder also does not
inhetit from it's parent
 >> (also what I want it to do). When this same function
is done from a
 >> workstation and using the RUN AS and utilizing the
domain admin...the
 >> folder
 >> is created...but the administrator is the owner and
the permissions are
 >> inherited from the parent.
 >>
 >> I'm sure this has been asked before...just couldn't
find an answer
 >> anywhere.
 >>
 >> Thanks.
 >>
 >> Dan
 >>
 >>

Hi,

You must have a Windows 2000 Server. With Windows 2003 and with
Windows XP, Microsoft has changed the way it creates the users home
folders. Yep, it blew me away too. So much for "added" security.
Basically with Windows 2003 Server when you create a users home folder
inside Active Directory using the %username%, it creates the folder
with the Inherited permissions. Therefore you must set the Users at
the Root Folder as read "This folder only" to make sure they aren’t
inherited.

Cheers,

Lara

 

[Deaker00]

OK...SO I have tested it...and it is as you say. If I use the Admin tools on
a Windows 2000 workstation as the domain admin...it creates the user folder
as required. If I do the exact same thing on an XP Pro workstation....the
permissions get inherited and the owner is the administrator. This is
WHACKED!!!!

Is there any way around this? I need the user folders created as they are in
Windows 2000 with the user as the owner of the folder and the permissions
set as the Administartors groups and user with full control...NOT
inheriting.

Dan

Hi,

You must have a Windows 2000 Server. With Windows 2003 and with
Windows XP, Microsoft has changed the way it creates the users home
folders. Yep, it blew me away too. So much for "added" security.
Basically with Windows 2003 Server when you create a users home folder
inside Active Directory using the %username%, it creates the folder
with the Inherited permissions. Therefore you must set the Users at
the Root Folder as read "This folder only" to make sure they aren't
inherited.

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-usage-USERNAME-create-Home-folders-ftopict271371.html
Visit Topic URL to contact author (reg. req'd). Report abuse:

http://www.windowsforumz.com/eform.php?p=857377

 

[lforbes]

OK...SO I have tested it...and it is as you say. If I use the
Admin tools on
a Windows 2000 workstation as the domain admin...it creates
the user folder
as required. If I do the exact same thing on an XP Pro
workstation....the
permissions get inherited and the owner is the administrator.
This is
WHACKED!!!!

Is there any way around this? I need the user folders created
as they are in
Windows 2000 with the user as the owner of the folder and the
permissions
set as the Administartors groups and user with full
control...NOT
inheriting.

Dan

 > > I Have only tried it from XP as that is our
workstation of
 > > choice ...
 > >
 > > Dan
 > >
 > > "Glenn L" <the.only(delete)@gmail dot com>
wrote in message
 > >   > > > Are you doing this from XP or W2K pro.
  > > > If XP, have you tried from W2K pro? vice
versa?
  > > >
  > > >
  > > > --
  > > > Glenn L
  > > > CCNA, MCSE 2000/2003 + Security
  > > >
  > > > "(e-mail address removed)"
<[email protected]> wrote in message
  > > >
 > >  >> HEllo,
 > >  >>
 > >  >> Havea quick question. I am using the
%USERNAME% to
 > > create home folders
 > >  >> for
 > >  >> the users. Issue I am having is that
if I perform
 > > this action from a
 > >  >> workstation in the domain using the
USER AND COMPUTER
 > > adminpak
 > >  >> tools...the
 > >  >> home folder is not created with the
usual
 > > permissions. When I do this
 > >  >> from
 > >  >> the DC as the domain admin...the
home folder gets
 > > created as
 > >  >> required...with
 > >  >> the user as the owner and with
administrators and the
 > > user with full
 > >  >> control. THe newly created folder
also does not
 > > inhetit from it's parent
 > >  >> (also what I want it to do). When
this same function
 > > is done from a
 > >  >> workstation and using the RUN AS and
utilizing the
 > > domain admin...the
 > >  >> folder
 > >  >> is created...but the administrator
is the owner and
 > > the permissions are
 > >  >> inherited from the parent.
 > >  >>
 > >  >> I'm sure this has been asked
before...just couldn't
 > > find an answer
 > >  >> anywhere.
 > >  >>
 > >  >> Thanks.
 > >  >>
 > >  >> Dan
 > >  >>
 > >  >>
  > > >
  > > >
abuse:
http://www.windowsforumz.com/eform.php?p=857377

Hi,

I couldn’t find a way around it. With Windows 2003 server, it does
make the user the owner of the folder and Full-control on the folder,
but it does inherit now. I think they changed the way folder creation
was scripted.

Cheers,

Lara