Guest Jason Lehman WC Posted July 14, 2008 Posted July 14, 2008 In AD I have... Home Folder, connect to... U: to \\servername\Users$\username Note the $ after Users to indicate the share is hidden. Some random users get a U:\Users$ Instead of getting U:\Users$\UserName No idea why this is going on. What I inherrited here was the Sys Admin w/ sharing every single users home folder, creating too many shares. So the Home Folder used to read... Home Folder, connect to... U: to \\servername\username$ So I decided to share the Users dir, instead of every single users home folder. Anyone have some suggestions/experience for my problem? Your help is much appreciated. Thanks. Jason.
Guest Lanwench [MVP - Exchange] Posted July 14, 2008 Posted July 14, 2008 Re: Drive Mapping Problem w/ Users Home Folders... Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: > In AD I have... > Home Folder, connect to... > U: to \\servername\Users$\username > > Note the $ after Users to indicate the share is hidden. > > Some random users get a U:\Users$ > Instead of getting U:\Users$\UserName > > No idea why this is going on. > > What I inherrited here was the Sys Admin w/ sharing every single > users home folder, creating too many shares. So the Home Folder used > to read... > Home Folder, connect to... > U: to \\servername\username$ > So I decided to share the Users dir, instead of every single users > home folder. Absolutely. You don't want to have individual shares. Youmight want to check out http://support.microsoft.com/kb/274443 (for the permissions). > > Anyone have some suggestions/experience for my problem? Yes - this is a known issue with XP, for one. You should enable "always wait for network at computer startup and logon" in group policy. Check out http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx for more info. > Your help is much appreciated. > Thanks. > Jason.
Guest Richard Price Posted July 14, 2008 Posted July 14, 2008 Re: Drive Mapping Problem w/ Users Home Folders... I recently did exactly what I think you are trying to do, and a hidden share is not what you are after - the correct permissions, however, are. Locations: F:\Test (shared as \\domain\Test) F:\Test\Mike F:\Test\Richard Permissions: \\domain\Test Share Permissions Authenticated Users: Full Control F:\Test NTFS Permissions Advanced -> 'Allow Inherited' unticked, permissions removed Local Admins: Full Control (This Folder Only) Domain Admins: Full Control (This Folder, Subfolders and Files) System: Full Control (This Folder, Subfolders and Files) Authenticated Users: Special (This Folder Only) + Traverse Folder/Execute File + List Folder/Read Data + Read Attributes + Read Extended Attributes + Read Permissions F:\Test\Mike NTFS Permissions Advanced -> 'Allow Inherited' unticked, permissions removed Local Admins: Full Control (This Folder Only) Domain Admins: Full Control (This Folder, Subfolders and Files) System: Full Control (This Folder, Subfolders and Files) User 'Mike': Full Control (This Folder, Subfolders and Files) The above allows users full access to their own folders, read access to the root folder, no access to anyone elses folder, and still allows admins to add/remove folders in the root folder. You can then map \\domain\Test\mike to U:\ without having to hide the share - other users cannot get access to the folders anyway. From here: http://groups.google.co.uk/group/microsoft.public.windows.server.general/browse_thread/thread/974df7bcc3d47c50/01449299fac9d367?hl=en Works perfectly in my environment, seems like it would work for you. Regards Richard
Guest Jason Lehman WC Posted July 14, 2008 Posted July 14, 2008 Re: Drive Mapping Problem w/ Users Home Folders... Thanks for the reply. I am pretty sure the permissions are all ok. If I enable "always wait for network at computer startup and logon", what impact will this have on our mobile users? Will they expierence significant slower startups? The article implys that you are in a Windows 2000 Server Environment. We have all 2003 DC's. Not sure if that matters. Jason "Lanwench [MVP - Exchange]" wrote: > Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: > > In AD I have... > > Home Folder, connect to... > > U: to \\servername\Users$\username > > > > Note the $ after Users to indicate the share is hidden. > > > > Some random users get a U:\Users$ > > Instead of getting U:\Users$\UserName > > > > No idea why this is going on. > > > > What I inherrited here was the Sys Admin w/ sharing every single > > users home folder, creating too many shares. So the Home Folder used > > to read... > > Home Folder, connect to... > > U: to \\servername\username$ > > So I decided to share the Users dir, instead of every single users > > home folder. > > Absolutely. You don't want to have individual shares. Youmight want to check > out http://support.microsoft.com/kb/274443 (for the permissions). > > > > Anyone have some suggestions/experience for my problem? > > Yes - this is a known issue with XP, for one. You should enable "always wait > for network at computer startup and logon" in group policy. Check out > http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx for > more info. > > > > Your help is much appreciated. > > Thanks. > > Jason. > > > >
Guest Lanwench [MVP - Exchange] Posted July 14, 2008 Posted July 14, 2008 Re: Drive Mapping Problem w/ Users Home Folders... Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: > Thanks for the reply. > I am pretty sure the permissions are all ok. Sure....was just giving you that article for a reference. > > If I enable "always wait for network at computer startup and logon", > what impact will this have on our mobile users? > Will they expierence significant slower startups? > The article implys that you are in a Windows 2000 Server Environment. > We have all 2003 DC's. Not sure if that matters. It doesn't - and it won't hurt your users, mobile or immoble. In fact, if you try using wireless clients without this GPO setting, you will have a ton of problems. Just apply the policy to all workstations. > > Jason > > > "Lanwench [MVP - Exchange]" wrote: > >> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: >>> In AD I have... >>> Home Folder, connect to... >>> U: to \\servername\Users$\username >>> >>> Note the $ after Users to indicate the share is hidden. >>> >>> Some random users get a U:\Users$ >>> Instead of getting U:\Users$\UserName >>> >>> No idea why this is going on. >>> >>> What I inherrited here was the Sys Admin w/ sharing every single >>> users home folder, creating too many shares. So the Home Folder used >>> to read... >>> Home Folder, connect to... >>> U: to \\servername\username$ >>> So I decided to share the Users dir, instead of every single users >>> home folder. >> >> Absolutely. You don't want to have individual shares. Youmight want >> to check out http://support.microsoft.com/kb/274443 (for the >> permissions). >>> >>> Anyone have some suggestions/experience for my problem? >> >> Yes - this is a known issue with XP, for one. You should enable >> "always wait for network at computer startup and logon" in group >> policy. Check out >> http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx >> for more info. >> >> >>> Your help is much appreciated. >>> Thanks. >>> Jason.
Guest Jason Lehman WC Posted July 14, 2008 Posted July 14, 2008 Re: Drive Mapping Problem w/ Users Home Folders... Thanks for replying Richard. I am not too worried about my file securiy, though I will check what I currently have against what you suggested. Breifly, the users currently have full access to the root & full access to their own folder. They have no access to anybody else's folders. The admins have full access to everything. I'm not even sure why the shares are hidden w/ the $. Sounded like another way to secure things. Again, this is a inheritted network that is now mine. Maybe I could try just removing the $, so the shares are NOT hidden. Don't know if that will change anything or not. I agree, if the security is setup properly; there probably is no reason to hide the shares. It is just a lot of work to go around re-shareing everything. Thank you again for your reply "Richard Price" wrote: > I recently did exactly what I think you are trying to do, and a hidden > share is not what you are after - the correct permissions, however, > are. > > Locations: > F:\Test (shared as \\domain\Test) > F:\Test\Mike > F:\Test\Richard > > Permissions: > \\domain\Test Share Permissions > Authenticated Users: Full Control > > F:\Test NTFS Permissions > Advanced -> 'Allow Inherited' unticked, permissions removed > Local Admins: Full Control (This Folder Only) > Domain Admins: Full Control (This Folder, Subfolders and > Files) > System: Full Control (This Folder, Subfolders and Files) > Authenticated Users: Special (This Folder Only) > + Traverse Folder/Execute File > + List Folder/Read Data > + Read Attributes > + Read Extended Attributes > + Read Permissions > > F:\Test\Mike NTFS Permissions > Advanced -> 'Allow Inherited' unticked, permissions removed > Local Admins: Full Control (This Folder Only) > Domain Admins: Full Control (This Folder, Subfolders and > Files) > System: Full Control (This Folder, Subfolders and Files) > User 'Mike': Full Control (This Folder, Subfolders and Files) > > The above allows users full access to their own folders, read access > to the root folder, no access to anyone elses folder, and still allows > admins to add/remove folders in the root folder. > > You can then map \\domain\Test\mike to U:\ without having to hide the > share - other users cannot get access to the folders anyway. > > From here: > http://groups.google.co.uk/group/microsoft.public.windows.server.general/browse_thread/thread/974df7bcc3d47c50/01449299fac9d367?hl=en > > Works perfectly in my environment, seems like it would work for you. > > Regards > Richard >
Guest Lanwench [MVP - Exchange] Posted July 14, 2008 Posted July 14, 2008 Re: Drive Mapping Problem w/ Users Home Folders... Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: > Thanks for replying Richard. > I am not too worried about my file securiy, though I will check what I > currently have against what you suggested. > Breifly, the users currently have full access to the root & full > access to their own folder. They have no access to anybody else's > folders. > The admins have full access to everything. > > I'm not even sure why the shares are hidden w/ the $. Sounded like > another way to secure things. Yep. Nobody can browse the shares that way. I always hide shares. > Again, this is a inheritted network that is now mine. > Maybe I could try just removing the $, so the shares are NOT hidden. > Don't know if that will change anything or not. It won't. You need the policy setting... > I agree, if the security is setup properly; there probably is no > reason to hide the shares. Belt + suspenders! > > It is just a lot of work to go around re-shareing everything. > Thank you again for your reply > > > "Richard Price" wrote: > >> I recently did exactly what I think you are trying to do, and a >> hidden share is not what you are after - the correct permissions, >> however, are. >> >> Locations: >> F:\Test (shared as \\domain\Test) >> F:\Test\Mike >> F:\Test\Richard >> >> Permissions: >> \\domain\Test Share Permissions >> Authenticated Users: Full Control >> >> F:\Test NTFS Permissions >> Advanced -> 'Allow Inherited' unticked, permissions removed >> Local Admins: Full Control (This Folder Only) >> Domain Admins: Full Control (This Folder, Subfolders and >> Files) >> System: Full Control (This Folder, Subfolders and Files) >> Authenticated Users: Special (This Folder Only) >> + Traverse Folder/Execute File >> + List Folder/Read Data >> + Read Attributes >> + Read Extended Attributes >> + Read Permissions >> >> F:\Test\Mike NTFS Permissions >> Advanced -> 'Allow Inherited' unticked, permissions removed >> Local Admins: Full Control (This Folder Only) >> Domain Admins: Full Control (This Folder, Subfolders and >> Files) >> System: Full Control (This Folder, Subfolders and Files) >> User 'Mike': Full Control (This Folder, Subfolders and Files) >> >> The above allows users full access to their own folders, read access >> to the root folder, no access to anyone elses folder, and still >> allows admins to add/remove folders in the root folder. >> >> You can then map \\domain\Test\mike to U:\ without having to hide the >> share - other users cannot get access to the folders anyway. >> >> From here: >> http://groups.google.co.uk/group/microsoft.public.windows.server.general/browse_thread/thread/974df7bcc3d47c50/01449299fac9d367?hl=en >> >> Works perfectly in my environment, seems like it would work for you. >> >> Regards >> Richard
Guest Ace Fekay [MVP] Posted July 14, 2008 Posted July 14, 2008 Re: Drive Mapping Problem w/ Users Home Folders... In news:DD12AF0B-A92A-4C50-92AA-3CC718381D09@microsoft.com, Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> typed: > Thanks for replying Richard. > I am not too worried about my file securiy, though I will check what I > currently have against what you suggested. > Breifly, the users currently have full access to the root & full > access to their own folder. They have no access to anybody else's > folders. > The admins have full access to everything. > > I'm not even sure why the shares are hidden w/ the $. Sounded like > another way to secure things. > Again, this is a inheritted network that is now mine. > Maybe I could try just removing the $, so the shares are NOT hidden. > Don't know if that will change anything or not. > I agree, if the security is setup properly; there probably is no > reason to hide the shares. > > It is just a lot of work to go around re-shareing everything. > Thank you again for your reply > > > "Richard Price" wrote: > If I can offer the way I set it up, is to share out the individual users' folders as hidden and not the root. This way it maps directly to their folder and see nothing else. \\servername\%username%$ Also, using the %username% variable on an NTFS drive automatically sets up the permissions. I just go in there and adjust each one. Keep in mind each user needs their own customized logon script as well, and on a larger scaled, have used KixStart to do that with. And yes, do use that policy setting Lanwench recommended. Just a suggestion. -- Regards, Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. Infinite Diversities in Infinite Combinations
Guest Jason Lehman WC Posted July 15, 2008 Posted July 15, 2008 Re: Drive Mapping Problem w/ Users Home Folders... I made the policy change you suggested late yesterday. I immediately tried rebooting my laptop (which was having the problem described). When I logged back in, my U: drive was correct. So the policy seems to make a difference. My Helpline staff is to let me know if anyone reports this problem again. So we wait & see what happens. Thank you all for your help. I was REALLY scratching my head on this one. I will try to remember to post any results here. If you don't hear from me, then it means I forgot to post & everything is fine. Jason "Lanwench [MVP - Exchange]" wrote: > Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: > > Thanks for the reply. > > I am pretty sure the permissions are all ok. > > Sure....was just giving you that article for a reference. > > > > If I enable "always wait for network at computer startup and logon", > > what impact will this have on our mobile users? > > Will they expierence significant slower startups? > > The article implys that you are in a Windows 2000 Server Environment. > > We have all 2003 DC's. Not sure if that matters. > > It doesn't - and it won't hurt your users, mobile or immoble. In fact, if > you try using wireless clients without this GPO setting, you will have a ton > of problems. Just apply the policy to all workstations. > > > > Jason > > > > > > "Lanwench [MVP - Exchange]" wrote: > > > >> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: > >>> In AD I have... > >>> Home Folder, connect to... > >>> U: to \\servername\Users$\username > >>> > >>> Note the $ after Users to indicate the share is hidden. > >>> > >>> Some random users get a U:\Users$ > >>> Instead of getting U:\Users$\UserName > >>> > >>> No idea why this is going on. > >>> > >>> What I inherrited here was the Sys Admin w/ sharing every single > >>> users home folder, creating too many shares. So the Home Folder used > >>> to read... > >>> Home Folder, connect to... > >>> U: to \\servername\username$ > >>> So I decided to share the Users dir, instead of every single users > >>> home folder. > >> > >> Absolutely. You don't want to have individual shares. Youmight want > >> to check out http://support.microsoft.com/kb/274443 (for the > >> permissions). > >>> > >>> Anyone have some suggestions/experience for my problem? > >> > >> Yes - this is a known issue with XP, for one. You should enable > >> "always wait for network at computer startup and logon" in group > >> policy. Check out > >> http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx > >> for more info. > >> > >> > >>> Your help is much appreciated. > >>> Thanks. > >>> Jason. > > > >
Guest Lanwench [MVP - Exchange] Posted July 15, 2008 Posted July 15, 2008 Re: Drive Mapping Problem w/ Users Home Folders... Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: > I made the policy change you suggested late yesterday. I immediately > tried rebooting my laptop (which was having the problem described). > When I logged back in, my U: drive was correct. > So the policy seems to make a difference. > My Helpline staff is to let me know if anyone reports this problem > again. So we wait & see what happens. > Thank you all for your help. I was REALLY scratching my head on this > one. I will try to remember to post any results here. > If you don't hear from me, then it means I forgot to post & > everything is fine. > > Jason Glad to hear everything is OK - I remember that this was a big head-scratcher for me too, back in the day. Thanks for posting back. > > "Lanwench [MVP - Exchange]" wrote: > >> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: >>> Thanks for the reply. >>> I am pretty sure the permissions are all ok. >> >> Sure....was just giving you that article for a reference. >>> >>> If I enable "always wait for network at computer startup and logon", >>> what impact will this have on our mobile users? >>> Will they expierence significant slower startups? >>> The article implys that you are in a Windows 2000 Server >>> Environment. We have all 2003 DC's. Not sure if that matters. >> >> It doesn't - and it won't hurt your users, mobile or immoble. In >> fact, if you try using wireless clients without this GPO setting, >> you will have a ton of problems. Just apply the policy to all >> workstations. >>> >>> Jason >>> >>> >>> "Lanwench [MVP - Exchange]" wrote: >>> >>>> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote: >>>>> In AD I have... >>>>> Home Folder, connect to... >>>>> U: to \\servername\Users$\username >>>>> >>>>> Note the $ after Users to indicate the share is hidden. >>>>> >>>>> Some random users get a U:\Users$ >>>>> Instead of getting U:\Users$\UserName >>>>> >>>>> No idea why this is going on. >>>>> >>>>> What I inherrited here was the Sys Admin w/ sharing every single >>>>> users home folder, creating too many shares. So the Home Folder >>>>> used to read... >>>>> Home Folder, connect to... >>>>> U: to \\servername\username$ >>>>> So I decided to share the Users dir, instead of every single users >>>>> home folder. >>>> >>>> Absolutely. You don't want to have individual shares. Youmight want >>>> to check out http://support.microsoft.com/kb/274443 (for the >>>> permissions). >>>>> >>>>> Anyone have some suggestions/experience for my problem? >>>> >>>> Yes - this is a known issue with XP, for one. You should enable >>>> "always wait for network at computer startup and logon" in group >>>> policy. Check out >>>> http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx >>>> for more info. >>>> >>>> >>>>> Your help is much appreciated. >>>>> Thanks. >>>>> Jason.
Recommended Posts