Windows Server 2008 Thread, Best set up for new users - Home drive permissions and shares? in Technical; We currently create users with a home folder in a folder such as Year7/username$
We then give full permission on ...
4th May 2011, 05:26 PM #1
Best set up for new users - Home drive permissions and shares?
We currently create users with a home folder in a folder such as Year7/username$
We then give full permission on the folder and then restrict access through the share.
I believe that most people do this the other way with control via security permissions and give full access through the share?
Can anybody suggest the best set up for user home folders and security?
I ask as I am currently playing around with bulk user creation tools and can't see how i can use any of them with my current set up!
IDG Tech News
4th May 2011, 05:34 PM #2
- Rep Power
I would give full access through the share and then lock it down using ntfs acls.
there was a KB article on the suggested permissions for home folders on Microsoft. Ill see if I can find it again.
4th May 2011, 05:39 PM #3
Thanks, That would be good to see.
4th May 2011, 05:45 PM #4
I have a new share for each year not user - i personally think having a new share for each user is slow for the FS - there was a thread where we discussed a while ago but i can't find it.
I use \\server\intake10$\%username& then have everybody full control on the share and then restrict using NTFS
This means AD will automagically create the home drive which it won't if its a share.
4th May 2011, 05:47 PM #5
Cheers Glennda, I was considering changing the share to the yeargroup but you have reassured me.
4th May 2011, 05:52 PM #6
- Rep Power
I can't find the KB article atm (it was originally for 2003 but the principle is still the same I believe)
Off the top of my head you will need to use the advanced section of the security tab on the root of the share, and use the following (its a good starting point at least).
System - Full Control - This Folder, Subfolders and files
Administrators - Full Control - This Folder, Subfolders and files (And any other security groups you wish to access the home drives)
Authenticated Users - List Folder / Read Data & Read Attributes & Create Folders / Append Data - This Folder only
CREATOR OWNER - I use everything but Full Control, Read Permissions, Change Permissions & Take Ownership (But it can be full control if you wish) - Subfolders and files only.
Hopefully that makes sense. If not I shall try to elaborate slightly.
If I do manage to find that article I shall post a link to it in this thread.
And glennda does the same, i would use a share for the year and then allow AD to create the profiles at the students first logon within that share.
4th May 2011, 05:57 PM #7
4th May 2011, 06:48 PM #8
- Rep Power
4th May 2011, 06:49 PM #9
For profiles you need to ensure a group the user is part of (say students or year group) has write permission to the root of the share - as its not AD which creates the folder it is the user on first login
Originally Posted by iMash
4th May 2011, 06:53 PM #10
- Rep Power
Yes sorry, I should have been more specific. That is why you allow authenticated users permission to create a folder in the root. and then as they would be the owner they inherit the full control permissions for anything subsequently created within that folder.
Originally Posted by glennda
Authenticated users could be substituted with a specific security group (for example a group representing the year).
5th May 2011, 10:36 AM #11
We have a mandatory profile so that is one less thing to worry about!
5th May 2011, 04:01 PM #12
We also have shares by graduation year, and the student's home folder created inside of that share. Permissions are handled at the NTFS level, while everyone is given full access through share level security. Students are given every permission to their respective home folders with the exception of full control. I had an issue a few years back with students taking ownership of the directory and removing access rights from administrators. Easy enough fix, but it was causing issues with the nightly backups.
By Newton in forum Scripts
Last Post: 20th May 2010, 06:36 PM
Last Post: 29th April 2009, 07:38 PM
Last Post: 18th February 2009, 01:21 PM
By lovelldr in forum Windows
Last Post: 6th August 2007, 11:17 AM
By luke213 in forum Windows
Last Post: 16th June 2006, 10:28 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)