OK lets tackle these questions.
The psexec.exe tool allows me to run command line commands as though I were on the server directly. For example if I type "psexec server1 makedir c:\folder" it would create a folder called 'folder' in the root of the C: drive on the server, not my local PC. I can upload this file if you need it, I can't remember where I got it now? Somewhere on Microsoft.com
Secondly, you want to allow the user to have full control over their folder but no-one else right? It's up to you how secure you want things. I usually have the share set to have 'EVERYONE' with full control but then tie down the security by using NTFS permissions. To do this, the command is:
Which would look something like this when filled in:
net share sharename=PathToFolder /GRANT:Everyone,FULL /Unlimited
The /Unlimited sets how many concurrent connections can be made to the share. To modify this so that only the specific user has full control (remember domain admins may like to be included?), using the syntax from my script it would be:
net share Phil=e:\userfolders\Phil /GRANT:EVERYONE,FULL /UNLIMITED
Note how I have had to build the command line up using variables as I am calling bacth file commands from a VBscript. It's a little more awkward and to be honest, there is probably a neater way of doing it. But for me this works just fine so why change it?
Set objShell = Createobject("WScript.Shell")
strShare1 = "net share "
strShare2 = "=e:\userfolders\"
strShare3 = " /GRANT:"
strShare4 = ",FULL /Unlimited"
objShell.SendKeys strShare1 & strUserName & strShare2 & strUserName & strShare3 & strUsername & strShare4
Next thing, xcacls. You can use the /? at the command prompt to get more detail out of this but a general line might look like this:
To explain, /T changes the permissions on the folder and any subdirectories/files.
xcacls path to userfolder /T /E /C /G username:F
/E is to edit the permissions instead of replacing them. You may want to leave this switch out?
/C is to continue on errors. Theres nothing worse than halfway through a script which takes an hour to run (creating 1000 users) a bloody error comes up and cancels the script! This makes it just continue.
/G Grants permissions to whichever user or group you want. :F is full control, :C is Change and :R is read and execute
Yes you can replace 'staff' with 'first year' or 'third year' or whatever else you want. It's just the name of the OU containing the users. Proof read all your script to make sure things are in the right place!
Yes you can change the server to Web1 instead of Gateway2, thats just the name of our server. Its a poor choice of name as people get confused with Default Gateway in IP settings!
Finally, the bit about print credits is just a reminder for me as we use software called PCounter to allocate a certain amount of prints per user per month.
Any more help just ask