+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Server 2008 R2 Thread, Home folder best practice in Technical; Which would be best practice for creating a users home folder in AD. The directory tree to the home folders ...
  1. #1

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83

    Home folder best practice

    Which would be best practice for creating a users home folder in AD. The directory tree to the home folders is D:\home\user

    Should I make 'user' folder a share$ and then create my documents in that folder so d:\home\user$\My Documents (AD would be \\server\user$\Mydocs)

    or should I make 'home' the share$ so I end up with d:\home$\user\My Documents (AD would be \\server\home$\user\My docs)

    Both methods seem to work and both stop the folder being renamed to 'mydocuments' if folder redirection is enabled.

    Does it make a difference from a security point of view?
    Last edited by edutech4schools; 24th June 2013 at 03:07 PM.

  2. #2

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    I have realised the above post only works if you already have a user and home folder setup on the server.

    I have just tried to create a new user. If I use \\server\staff$\user\My Docs I get an error that the folder was not created as the path was not found. I have worked out that it does work if I remove the My Docs part. But then I will get the redirected folder issue where it renames the users folder to My docs.

    How is everyone else creating home folders from AD. Are you physically creating a users folder in the home folder area first and then creating the user in AD.

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by edutech4schools View Post

    How is everyone else creating home folders from AD. Are you physically creating a users folder in the home folder area first and then creating the user in AD.
    Samba shares create themselves with a shell script!

    Code:
    #!/bin/bash
    
    if [ "$2" = "09"  -o "$2" = "10" -o "$2" = "08" -o "$2" = "07" -o "$2" = "06" -o "$2" = "05" -o "$2" = "12" -o "$2" = "11" -o "$2" = "12" -o "$2" = "staff" -o "$2" = "adulted" -o "$2" = "exams" ]; then
            if [ ! -e /home/CURRIC/$2/$1 ]; then
                    mkdir -p  /home/CURRIC/$2/$1
                    chown $1:"domain admins" /home/CURRIC/$2/$1
                    chmod o-rwx /home/CURRIC/$2/$1
                    chmod g+rwxs /home/CURRIC/$2/$1
                    setfacl -m user:$1:rwx /home/CURRIC/$2/$1
                    setfacl -m group:"domain admins":rwx /home/CURRIC/$2/$1
                    if [ "$2" = "05" -o "$2" = "07" -o "$2" = "06"  ]; then
                            setquota -u $1 2097152 2306867 0 0 /home/CURRIC/
                            setfacl -m group:teachers:r-x /home/CURRIC/$2/$1
                            elif [ "$2" = "08" ]; then
                                    setquota -u $1 1048576 1153433 0 0 /home/CURRIC/
                                    setfacl -m group:teachers:r-x /home/CURRIC/$2/$1
                            elif [ "$2" = "12" ]; then
                                    setquota -u $1 1048576 1153433 0 0 /home/CURRIC/
                                    setfacl -m group:teachers:r-x /home/CURRIC/$2/$1
                            elif [ "$2" = "11" ]; then
                                   setquota -u $1 1048576 1153433 0 0 /home/CURRIC/
                                    setfacl -m group:teachers:r-x /home/CURRIC/$2/$1
                            elif [ "$2" = "09" ]; then
                                    setquota -u $1 1048576 1153433 0 0 /home/CURRIC/
                                    setfacl -m group:teachers:r-x /home/CURRIC/$2/$1
                            elif [ "$2" = "10" ]; then
                                     setquota -u $1 1048576 1153433 0 0 /home/CURRIC/
                                     setfacl -m group:teachers:r-x /home/CURRIC/$2/$1
                            elif [ "$2" = "adulted"  ]; then
                                    setquota -u $1 1048576 1153433 0 0 /home/CURRIC/
                            elif [ "$2" = "exams" ]; then
                                    setfacl -m group:teachers:rwx /home/CURRIC/$2/$1
                            elif [ "$2" = "examslibre" ]; then
                                    setfacl -m group:teachers:rwx /home/CURRIC/$2/$1
                            elif [ "$2" = "Staff" -o "$2" = "staff" ]; then
                                    setquota -u $1 20971520 26214400 0 0 /home/CURRIC/
                                    setfacl -m group:teachers:--- /home/CURRIC/$2/$1
                                    setfacl -m group:staff:--- /home/CURRIC/$2/$1
                            else
                            setquota -u $1 1048576 1153433 0 0 /home/CURRIC/
                            fi
            fi
    fi
    exit 0

  4. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,342
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414

  5. #5
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    325
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    I changed the way folders are redirected, not how home folders are created.
    Home dirs. \\server\staff\user\
    My docs are then redirected to a subfolder of the home dir. The GPO option is “Create a folder for each user under the root path”
    My docs becomes \\server\staff\user\my docs

    Hope this helps.

  6. #6

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    Sorry but I had a very busy day and did not word my original posts correctly. I think ADMaster has understood my ramblings and I will look at creating the extra folder using gpo redirection tomorrow and check if that works.

  7. #7
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,427
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Quote Originally Posted by edutech4schools View Post
    I have realised the above post only works if you already have a user and home folder setup on the server.

    I have just tried to create a new user. If I use \\server\staff$\user\My Docs I get an error that the folder was not created as the path was not found. I have worked out that it does work if I remove the My Docs part. But then I will get the redirected folder issue where it renames the users folder to My docs.

    How is everyone else creating home folders from AD. Are you physically creating a users folder in the home folder area first and then creating the user in AD.
    AD users and computers creates folders for you if you set it as the home folder, with the correct permissions. Also use the share as the level above the home folder and set read for *this folder only* for the relevant group who needs to traverse it. \\server\share\user\Documents

    If you are using only Vista/7/8 clients you can use folder redirection to the following path %HOMESHARE%%HOMEPATH%Documents (and the other folders %HOMESHARE%%HOMEPATH%Music etc). The path in this instance would be "\\server\share\user" + "\" so "\\server\share\user\" plus the redirected folder as a subfolder of the users home folder (avoiding the desktop.ini issues). Redirected folders get created automatically if missing, because the user folder was created by AD already (with %username% if you want to do multiple).

    One thing to note, DO NOT mix fqdn and short server names for the redirection paths, there is a 7 bug that means changing between the two deletes the contents).

  8. Thanks to DMcCoy from:

    zag (26th June 2013)

  9. #8

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    In folder redirection policies do I use 'Create a folder for each user under the root path' or 'redirect to the following location' both options have a root path box.

  10. #9

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    OK think I have set this up correctly, please advise if not. I worked out that I needed 'redirect to the following location' The issue I have with doing it this way is the user still sees the My Documents folder inside the home folder, is this not an issue???. If I created the entire path in AD (\\server\share\user\mydocs) they are already inside the my documents folder when they click on the home folder but doing it this way means manually creating the folder.

    If I do user the redirected policies methode I presume I will need to manually move all home folder contents into the automatically created My Documents folder?

  11. #10

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    Found a work-around.

    When creating a new user in AD if you use home folder connect as - \\server\share\user\docs you get some error about the path not being correct, but if you do \\server\share\user click apply but then go back and add \docs separately at the end AD will create the extra folder So when a user opens their home folder it is actually opening \\server\share\user\docs. I have then been able to use basic redirection to automatically redirect everyone's My Documents to this same folder.

  12. #11

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    Just wanted to check what share permissions and security permissions you all have on the shared folder in \\server\share\user\docs.

  13. #12

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    The link Plexer posted was the one I used for security settings and how to set up my home folders.

  14. #13

    Join Date
    Apr 2010
    Posts
    2,035
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    Shows you the type of week I have been having, totally missed Plexer's link.

  15. #14
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    325
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    Edutech,
    If I understand your latest work around, I think you’ll be right back where you started.
    You are mapping the home folder to \\server\share\user\docs, and also redirecting my documents to the same location correct? This will take you back to the desktop.ini renaming folders on you.

    Here is a screenshot of group policy I mentioned.
    Notice all I need to do is add \\srv\share and it fills in the username \ my docs

    basic create folder.PNG

    This screen shot is to specify different locations for staff and students. You can do this or just create separate policies.
    advanced create folder.PNG

    Hope this helps,

  16. #15


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,578
    Thank Post
    228
    Thanked 853 Times in 732 Posts
    Rep Power
    294
    how i have it setup is that in the users profile tab under home drive is has

    connect U: to \\server\user share\group\username

    then i use folder redirection to set my
    docs to \\server\user share\group\username\my documents
    pics to \\server\user share\group\username\pictures
    and so on (assuming its a win7 only if not its tends to be a bit of a mix)
    security wise ive found that office can get a bit shirty if it cant read all the path so i have \\server\user share set to allow users to read this folder only, \\server\user share\group\ set so the group can read this folder only and \\server\user share\group\username set to modify access (unless ad auto creates it then its full control)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Students are installing IM apps to their home folder
    By bwallman in forum How do you do....it?
    Replies: 30
    Last Post: 20th December 2007, 05:31 PM
  2. DHCP best practice and advice again
    By tosca925 in forum Windows
    Replies: 11
    Last Post: 23rd November 2006, 08:49 PM
  3. Start Menus home folder load balancing.
    By Teth in forum How do you do....it?
    Replies: 6
    Last Post: 1st November 2006, 04:49 PM
  4. Home Folder Shares
    By Gatt in forum Windows
    Replies: 19
    Last Post: 30th May 2006, 04:37 PM
  5. Implementing best practice ICT management and support
    By FITS in forum Courses and Training
    Replies: 16
    Last Post: 8th September 2005, 02:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •