Some Questions

[pritchardavid]

Some Questions for you guys

Our Domain is ockendon.thurrock.sch.uk

If I was to use a DFS Share I have to type the whole domain name in, but on the servers I seem to just be able to type in just '\\ockendon'.

Is there any way I can chose what name I want to use, ie just server or even ockendon, has the full domain name is too long to for staff to use (They will forget it)

-------------------

Another question is about active directory.

I would like to cleanup all the dead/not used accounts, when I mean that I mean like the users in the builtin folder and the built in user folder and also the administrator folder. What would be the best way of doing this? Any easy way?

Think the domain was upgraded from 2000 and now of course 2008, so after all this time there must be accounts that windoes roles or third party programs we have not got installed anymore, that we can get rid off

I have upload exported list, see if you can see if I can get rid of any

Or any better ideas would be nice

Thanks

[p858snake]

Oldcomp (OldCmp) can give reports on old user accounts and computers in AD.

[Stuart_C]

Both my DFS Namespaces are in domain mode are resolve from \\FQDN\sharename and \\Server\share1. Infact I just noticed that I can use either of my DC so I could have \\server1\share1 or \\server2\share1 and both resolve OK.

[pritchardavid]

Ok anothber question

What security rights to I set has the main folder?

ie the share will be \\FQDN\Year7 shared from E:\Year7

This is for the users documents


It seems I had to put in the group 'Everyone' and allow write and read permissons, has with just read it would not, let me save a edited txt file or make any new files

This seems weird to be has the test user had full permission in their user folder

Does this mean I have to 'Everyone' group to full read and write?

What to make sure all the security right are correct when moving back all the files I moved over during the upgrade to 2008R2

[Stuart_C]

OK Couple of things here:
First things first there are two sets of permissions that apply. Share permissions and Folder permissions. These combine and the most restrictive level of permissions applies.
For example if my share permissions are Read Only and my Folder Permissions are Full control then I actually have Read Permissions. Thus the share permissions need to be at least the same level that you want the users to have on their folder.

I personally tend to assign all my share permissions as "Domin Users/Domain Admins/System - Full Control" and remove the "Everyone" group unless really necessary. I then grant the users "Change" access to their own home folder (i.e. they DONT have "Full Control") but no access to the users folder itself. What I mean is that my users share is \\servername\Users\ and coresponds to e:\users on my server. A users home area is mapped in to \\servername\users\username\ and they have "change" access. If they managed to bypass the security and get to \\servername\users\ then they would have no rights to view anything. i.e. they couldn't start browsing through other users areas.