Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

new user - homefolder & permissions

  • Filter
  • Time
  • Show
Clear All
new posts

  • new user - homefolder & permissions

    the situation is following (Windows 2003 and Windows XP environment)

    I have share on file servers in locations (e.g. server in location 35 is filesrv35, and share fodler for user folders is \\filesrv35\HOME). Folder HOME is share in which I want to automatically create home folders based on user username (I use %userprofile%), when new user log on to workstation. I want user to see only his folder and not from another user. I DON"T want to use profile field in Active Directory since users often change locations and I want GP to do everything since we can not manage to change profile in AD every day.
    Share permission on HOME folder is EVERYONE Full control. NTFS permission is what makes me huuuge problem, and its like this:
    I have:
    Administrators - Full control
    SYSTEM - Full control
    Authenticated users - Read & Execute; List Folders Contents; Read - WITH apply to this only.

    I managed to do that with following (I have this line in one .bat file) :
    mkdir "\\filesrv35\HOME\%username%"
    User folder is made BUT only Administrators and SYSTEM are propagated to home folder.
    If I set Authenticated users Modify control, it is propagated to home folder but that means that user can now view other users home folder. And I can not remove propagated permission.
    I have managed with this ICACLS to add new user permission to his home folder, but Authenticated users is still there and I can not remove it.

    xcopy "\\filesrv35\IT\icacls.exe" "%userprofile%" /E /I /H /R /Y
    cd %userprofile%
    icacls.exe "\\fileserv35\HOME\%username%" /c /t /grant:R %username%(OI)(CI)M

    I tried with icacls /remove:g "Authenticated users", its not removed, then instead of Authenticated users I put EVERYONE group, same thing, I can not remove it.
    I also tried with /reset switch, but it only removed user account, not Authenticated users

    Can someone offer me some instructions about this, I really don't know what to try next....

  • #2
    Re: new user - homefolder & permissions

    Hi try in a test environment first then when you've got a working solution apply to live.

    is a good guide.
    Please remember to award reputation points if you have received good advice.
    I do tend to think 'outside the box' so others may not always share the same views.

    MCITP -W7,
    MCSA+Messaging, CCENT, ICND2 slowly getting around to.