+ Post New Thread
Results 1 to 11 of 11
Windows Thread, Home Drive / User Area Setup in Technical; Hi All, On our school network, the home drive setup on the NAS drive im sure has not been setup ...
  1. #1

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26

    Home Drive / User Area Setup

    Hi All,
    On our school network, the home drive setup on the NAS drive im sure has not been setup the best way it could be....

    The Current setup is:
    \\NAS\Students\Year\Username

    The only share setup is on the main Student_drives folder, and this only has everyone
    NTFS permissions are also show below, only admin in there.
    Same for the Year folders they only have ntfs permissions for Admin/domain admin, and no share files.
    On the Students folder they have no share, and NTFS they have admin and there username.

    Nowhere is any mention of "creator owner" and none of the shares are hidden.

    See attached below

    Im having quite a few problems with this setup,

    1) With Office 2007 when they try to navigate to there home drive, office crashes, the way ive temp fixed it is to add "traverse folders" for "Students" on the "Student_Drives" share...

    2) When students create a new file, they then are the "owner" of this file, and thus they get automatically "change and view permissions" even though its not checked or even denied. This means the sneaky ones will try and change all their permissions trying to deny the admin etc. and also messing up folders, meaning i have to fix it all.

    3) The Staff drives are setup the same, and laptop users get "Access Denied" on every single offline file when they try to synronize!!
    Microsoft said: "To configure a share so that users can synchronize with a subfolder under the Home$ share, grant all of the users at least Read permissions on the Home folder" so i added staff to the "Staff_drives" folder (the only folder shared) and it seemed to fix it...

    All this tells me that my drives shares arent set up correctly?
    Can anyone please help
    Attached Images Attached Images
    Last edited by burgemaster; 5th March 2008 at 03:17 PM.

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    With windows I've previously shared all users directories individually, and relied on the ntfs for security (modify for user, full for admins and read for backup/teachers)
    I would traverse through the active directory and use cacls to change the permissions and then share every directory in '02'

    I've had very little luck doing anything like this with the gui, so theres probably a wizard somewhere that I don't know about.
    I assume username == sharename == directoryname
    Code:
    Directory = "d:\users\07\"
    
    Set objParent = GetObject("LDAP://OU=yeargroup 07,DC=college,DC=com")
    
    
    objparent.Filter = Array("user")
    
    for each objUser in objParent
    
         strUsername = objuser.Get("sAMAccountName")
    
    
    
         Set objShell = CreateObject("WScript.Shell")
    
    
    
    
    
         ObjShell.SendKeys  "Cmd /c cacls  " & Directory  & strUsername & " /T /G " & strUsername & ":C ""domainname\domain admins"":F server\administrator:F ""domaainame\teachers"":R"
    
         objShell.SendKeys "{ENTER}"
    
         objShell.SendKeys "Y"
    
         objShell.SendKeys "{ENTER}"
    
    
         
    
    next
    you need calcs for this but I think subinacl does something similar.

    to share you can rely on the NTFS and share each homedir as full
    Code:
    FOR /D %A IN (*) DO NET SHARE %A=D:\USERS\07\%A  /GRANT:Everyone,Full
    add a dollar if you think its worth it (waste of time imo)

  3. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    @burgemaster - If I've understood correctly, any pupil can browse each others folder? Doesn't sound good at all if that's the case.

    The reason Office 2007 probably crashes is because of the number of folders users need to browse before reaching their own!

    What I'd recommend you do is leave the folders in their existing structure (on the server), because once you share folders out properly it won't be a problem. Users will be "redirected" to their My Documents (as you'd expect), so the fact it's a network drive is completely transparent to the user.

    Download AutoShare This will allow you to quickly and easily share folders, make them private (with a dollar sign), but also allocate the correct permissions. I always give users Full Control of their folder, as well as Domain Admins for administration purposes. This ensures users have complete access (only to their own folder), but also that Folder Redirection works correctly.

    You will need to take a look at Folder Redirection in Active Directory, but my hunch (from what you've described), is it probably isn't even enabled to 'redirect' users files when they logon.

    I use the settings "Basic - Redirect everyone's folder to the same location" and "Redirect to the user's home directory".

    On the Settings tab, tick to enable "Move the contents of My Documents to the new location"

    Within Active Directory (under every users Profile tab), their home drive should read \\servername\sharename$

    Try creating a few test users first and by following the above advice see how you get on

  4. #4

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    thx for the replies guys.

    The students cannot browse other users folders
    They cannot browse the year folder as they have no permission on it.
    Redirection is allready setup as in the pic below, this is the Default_Student Policy.
    Just noticed on the "Setting" i also have "Grant the user Exclusive Rights to documents" and the bottom selection checked?

    Could you please let me know how your structures are? ie.

    \\Server\Student_Drives(shared y/n/$ & permissions)\Year(shared y/n/$ & permissions)\Username(shared y/n/$ & permissions)

    "I always give users Full Control of their folder"
    Do you set full control to "this folder only" ? do they have full control of their files? i.e view/change permissions? as I dont want the students messin`

    I will have a play today sharing out the Students Homedrive hidden..

    Whatever i do i cant seems to stop the students having permission to view/change permission on thier files and folders!! (as shown below)
    As soon as they own the file/folder they get to change the permissions.

    EDIT: Fixed by ZeroHour, There is a setting in the GP to hide the Security Tab.... Doh
    Thanks again
    Attached Images Attached Images
    Last edited by burgemaster; 21st February 2008 at 09:29 AM.

  5. #5

    Join Date
    Jul 2007
    Location
    Devon
    Posts
    233
    Thank Post
    8
    Thanked 9 Times in 8 Posts
    Rep Power
    16
    Ours down here are set in the same way...

    students\year\username and they just go straight into the folder when mapped.

    We've only given students modify access - that way they cannot change the permissions.

    So on the Students & Year folder they only have traverse, staff get read access and then they get modify access on subfolders and files of the student home drive so that they cannot move the folder to another students home drive...

    I think if a student creates a folder, they become the "Creator Owner" which usually has full control...

  6. #6


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    We've only given students modify access - that way they cannot change the permissions.
    Same here, if users have full control they tend to try and take ownership, restricting admins and backup operators from doing essential work - like backing their stuff up.

    Could you please let me know how your structures are? ie.
    d:\users\cohort\username shared as \\servername\username

  7. #7

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18
    As said - the security tab should be disabled. Students can't make the permission changes then. There is a GP option to disable it.

    User Configuration > Administrative Templates > Windows Explorer > “Remove Security tab” > Enabled

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by plock View Post
    As said - the security tab should be disabled. Students can't make the permission changes then. There is a GP option to disable it.

    User Configuration > Administrative Templates > Windows Explorer > “Remove Security tab” > Enabled
    but that just removes the gui. Setting the permissions correctly will fix the problem.

  9. #9

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Quote Originally Posted by CyberNerd View Post
    but that just removes the gui. Setting the permissions correctly will fix the problem.
    Even with modfiy they can still change/view permissions i think mate.
    "The owner can always change permissions even when they are not
    granted the permission to change permissions or even denied it"

  10. #10

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18
    Quote Originally Posted by CyberNerd View Post
    but that just removes the gui. Setting the permissions correctly will fix the problem.
    You're absolutely correct.

  11. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Even with modfiy they can still change/view permissions i think mate.
    maybe, but xcacls might be a better option as it can specifically deny permission changes

    XCACLS Syntax

    XCACLS filename [/T] [/E] [/C] [/G usererm;spec] [/R user [...]]
    [/P usererm;spec [...]] [/D user [...]] [/Y]
    filename Displays ACLs.
    /T Changes ACLs of specified files in the current directory
    and all subdirectories.
    /E Edit ACL instead of replacing it.
    /C Continue on access denied errors.
    /G usererm;spec Grant specified user access rights.
    Perm can be: R Read
    C Change (write)
    F Full control
    P Change Permissions (Special access)
    O Take Ownership (Special access)
    X EXecute (Special access)
    E REad (Special access)
    W Write (Special access)
    D Delete (Special access)
    Spec can be the same as perm and will only be applied to a
    directory. In this case, Perm will be used for file inheritence
    in this directory. If not omitted: Spec=Perm. Special values
    for Spec only:
    T NoT Specified (for file inherit, only for dirs valid)
    At least one access right has to follow!
    Entries between ';' and T will be ignored!
    /R user Revoke specified user's access rights.
    /P usererm;spec Replace specified user's access rights.
    for access right specification see /G option
    /D user Deny specified user access.
    /Y Replace user's rights without verify

SHARE:
+ Post New Thread

Similar Threads

  1. Home Area Permissions
    By DSapseid in forum Scripts
    Replies: 15
    Last Post: 21st May 2012, 01:27 PM
  2. Transfer User Area's - Permissions Issues ??
    By mac_shinobi in forum Wireless Networks
    Replies: 24
    Last Post: 21st May 2008, 12:36 PM
  3. Mapping to user area on win2003 cc3
    By rama1712 in forum Windows
    Replies: 0
    Last Post: 18th February 2008, 10:37 AM
  4. NSS 9 - tutor PCs need setup for every user that logs on.
    By Halfmad in forum Network and Classroom Management
    Replies: 4
    Last Post: 23rd August 2007, 03:16 PM
  5. delete same folder from all users home area
    By markcuk in forum How do you do....it?
    Replies: 27
    Last Post: 25th April 2007, 10:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •