Drive Mapping Problem w/ Users Home Folders...

[Guest Jason Lehman WC]

In AD I have...

Home Folder, connect to...

U: to \\servername\Users$\username

 

Note the $ after Users to indicate the share is hidden.

 

Some random users get a U:\Users$

Instead of getting U:\Users$\UserName

 

No idea why this is going on.

 

What I inherrited here was the Sys Admin w/ sharing every single users home

folder, creating too many shares. So the Home Folder used to read...

Home Folder, connect to...

U: to \\servername\username$

So I decided to share the Users dir, instead of every single users home

folder.

 

Anyone have some suggestions/experience for my problem?

Your help is much appreciated.

Thanks.

Jason.

[Guest Lanwench [MVP - Exchange]]

Re: Drive Mapping Problem w/ Users Home Folders...

 

Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

> In AD I have...

> Home Folder, connect to...

> U: to \\servername\Users$\username

>

> Note the $ after Users to indicate the share is hidden.

>

> Some random users get a U:\Users$

> Instead of getting U:\Users$\UserName

>

> No idea why this is going on.

>

> What I inherrited here was the Sys Admin w/ sharing every single

> users home folder, creating too many shares. So the Home Folder used

> to read...

> Home Folder, connect to...

> U: to \\servername\username$

> So I decided to share the Users dir, instead of every single users

> home folder.

 

Absolutely. You don't want to have individual shares. Youmight want to check

out http://support.microsoft.com/kb/274443 (for the permissions).

>

> Anyone have some suggestions/experience for my problem?

 

Yes - this is a known issue with XP, for one. You should enable "always wait

for network at computer startup and logon" in group policy. Check out

http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx for

more info.

 

> Your help is much appreciated.

> Thanks.

> Jason.

[Guest Richard Price]

Re: Drive Mapping Problem w/ Users Home Folders...

 

I recently did exactly what I think you are trying to do, and a hidden

share is not what you are after - the correct permissions, however,

are.

 

Locations:

F:\Test (shared as \\domain\Test)

F:\Test\Mike

F:\Test\Richard

 

Permissions:

\\domain\Test Share Permissions

Authenticated Users: Full Control

 

F:\Test NTFS Permissions

Advanced -> 'Allow Inherited' unticked, permissions removed

Local Admins: Full Control (This Folder Only)

Domain Admins: Full Control (This Folder, Subfolders and

Files)

System: Full Control (This Folder, Subfolders and Files)

Authenticated Users: Special (This Folder Only)

+ Traverse Folder/Execute File

+ List Folder/Read Data

+ Read Attributes

+ Read Extended Attributes

+ Read Permissions

 

F:\Test\Mike NTFS Permissions

Advanced -> 'Allow Inherited' unticked, permissions removed

Local Admins: Full Control (This Folder Only)

Domain Admins: Full Control (This Folder, Subfolders and

Files)

System: Full Control (This Folder, Subfolders and Files)

User 'Mike': Full Control (This Folder, Subfolders and Files)

 

The above allows users full access to their own folders, read access

to the root folder, no access to anyone elses folder, and still allows

admins to add/remove folders in the root folder.

 

You can then map \\domain\Test\mike to U:\ without having to hide the

share - other users cannot get access to the folders anyway.

 

From here:

http://groups.google.co.uk/group/microsoft.public.windows.server.general/browse_thread/thread/974df7bcc3d47c50/01449299fac9d367?hl=en

 

Works perfectly in my environment, seems like it would work for you.

 

Regards

Richard

[Guest Jason Lehman WC]

Re: Drive Mapping Problem w/ Users Home Folders...

 

Thanks for the reply.

I am pretty sure the permissions are all ok.

 

If I enable "always wait for network at computer startup and logon", what

impact will this have on our mobile users?

Will they expierence significant slower startups?

The article implys that you are in a Windows 2000 Server Environment. We

have all 2003 DC's. Not sure if that matters.

 

Jason

 

 

"Lanwench [MVP - Exchange]" wrote:

> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

> > In AD I have...

> > Home Folder, connect to...

> > U: to \\servername\Users$\username

> >

> > Note the $ after Users to indicate the share is hidden.

> >

> > Some random users get a U:\Users$

> > Instead of getting U:\Users$\UserName

> >

> > No idea why this is going on.

> >

> > What I inherrited here was the Sys Admin w/ sharing every single

> > users home folder, creating too many shares. So the Home Folder used

> > to read...

> > Home Folder, connect to...

> > U: to \\servername\username$

> > So I decided to share the Users dir, instead of every single users

> > home folder.

>

> Absolutely. You don't want to have individual shares. Youmight want to check

> out http://support.microsoft.com/kb/274443 (for the permissions).

> >

> > Anyone have some suggestions/experience for my problem?

>

> Yes - this is a known issue with XP, for one. You should enable "always wait

> for network at computer startup and logon" in group policy. Check out

> http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx for

> more info.

>

>

> > Your help is much appreciated.

> > Thanks.

> > Jason.

>

>

>

>

[Guest Lanwench [MVP - Exchange]]

Re: Drive Mapping Problem w/ Users Home Folders...

 

Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

> Thanks for the reply.

> I am pretty sure the permissions are all ok.

 

Sure....was just giving you that article for a reference.

>

> If I enable "always wait for network at computer startup and logon",

> what impact will this have on our mobile users?

> Will they expierence significant slower startups?

> The article implys that you are in a Windows 2000 Server Environment.

> We have all 2003 DC's. Not sure if that matters.

 

It doesn't - and it won't hurt your users, mobile or immoble. In fact, if

you try using wireless clients without this GPO setting, you will have a ton

of problems. Just apply the policy to all workstations.

>

> Jason

>

>

> "Lanwench [MVP - Exchange]" wrote:

>

>> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

>>> In AD I have...

>>> Home Folder, connect to...

>>> U: to \\servername\Users$\username

>>>

>>> Note the $ after Users to indicate the share is hidden.

>>>

>>> Some random users get a U:\Users$

>>> Instead of getting U:\Users$\UserName

>>>

>>> No idea why this is going on.

>>>

>>> What I inherrited here was the Sys Admin w/ sharing every single

>>> users home folder, creating too many shares. So the Home Folder used

>>> to read...

>>> Home Folder, connect to...

>>> U: to \\servername\username$

>>> So I decided to share the Users dir, instead of every single users

>>> home folder.

>>

>> Absolutely. You don't want to have individual shares. Youmight want

>> to check out http://support.microsoft.com/kb/274443 (for the

>> permissions).

>>>

>>> Anyone have some suggestions/experience for my problem?

>>

>> Yes - this is a known issue with XP, for one. You should enable

>> "always wait for network at computer startup and logon" in group

>> policy. Check out

>> http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx

>> for more info.

>>

>>

>>> Your help is much appreciated.

>>> Thanks.

>>> Jason.

[Guest Jason Lehman WC]

Re: Drive Mapping Problem w/ Users Home Folders...

 

Thanks for replying Richard.

I am not too worried about my file securiy, though I will check what I

currently have against what you suggested.

Breifly, the users currently have full access to the root & full access to

their own folder. They have no access to anybody else's folders.

The admins have full access to everything.

 

I'm not even sure why the shares are hidden w/ the $. Sounded like another

way to secure things.

Again, this is a inheritted network that is now mine.

Maybe I could try just removing the $, so the shares are NOT hidden.

Don't know if that will change anything or not.

I agree, if the security is setup properly; there probably is no reason to

hide the shares.

 

It is just a lot of work to go around re-shareing everything.

Thank you again for your reply

 

 

"Richard Price" wrote:

> I recently did exactly what I think you are trying to do, and a hidden

> share is not what you are after - the correct permissions, however,

> are.

>

> Locations:

> F:\Test (shared as \\domain\Test)

> F:\Test\Mike

> F:\Test\Richard

>

> Permissions:

> \\domain\Test Share Permissions

> Authenticated Users: Full Control

>

> F:\Test NTFS Permissions

> Advanced -> 'Allow Inherited' unticked, permissions removed

> Local Admins: Full Control (This Folder Only)

> Domain Admins: Full Control (This Folder, Subfolders and

> Files)

> System: Full Control (This Folder, Subfolders and Files)

> Authenticated Users: Special (This Folder Only)

> + Traverse Folder/Execute File

> + List Folder/Read Data

> + Read Attributes

> + Read Extended Attributes

> + Read Permissions

>

> F:\Test\Mike NTFS Permissions

> Advanced -> 'Allow Inherited' unticked, permissions removed

> Local Admins: Full Control (This Folder Only)

> Domain Admins: Full Control (This Folder, Subfolders and

> Files)

> System: Full Control (This Folder, Subfolders and Files)

> User 'Mike': Full Control (This Folder, Subfolders and Files)

>

> The above allows users full access to their own folders, read access

> to the root folder, no access to anyone elses folder, and still allows

> admins to add/remove folders in the root folder.

>

> You can then map \\domain\Test\mike to U:\ without having to hide the

> share - other users cannot get access to the folders anyway.

>

> From here:

> http://groups.google.co.uk/group/microsoft.public.windows.server.general/browse_thread/thread/974df7bcc3d47c50/01449299fac9d367?hl=en

>

> Works perfectly in my environment, seems like it would work for you.

>

> Regards

> Richard

>

[Guest Lanwench [MVP - Exchange]]

Re: Drive Mapping Problem w/ Users Home Folders...

 

Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

> Thanks for replying Richard.

> I am not too worried about my file securiy, though I will check what I

> currently have against what you suggested.

> Breifly, the users currently have full access to the root & full

> access to their own folder. They have no access to anybody else's

> folders.

> The admins have full access to everything.

>

> I'm not even sure why the shares are hidden w/ the $. Sounded like

> another way to secure things.

 

Yep. Nobody can browse the shares that way. I always hide shares.

> Again, this is a inheritted network that is now mine.

> Maybe I could try just removing the $, so the shares are NOT hidden.

> Don't know if that will change anything or not.

 

It won't. You need the policy setting...

> I agree, if the security is setup properly; there probably is no

> reason to hide the shares.

 

Belt + suspenders!

>

> It is just a lot of work to go around re-shareing everything.

> Thank you again for your reply

>

>

> "Richard Price" wrote:

>

>> I recently did exactly what I think you are trying to do, and a

>> hidden share is not what you are after - the correct permissions,

>> however, are.

>>

>> Locations:

>> F:\Test (shared as \\domain\Test)

>> F:\Test\Mike

>> F:\Test\Richard

>>

>> Permissions:

>> \\domain\Test Share Permissions

>> Authenticated Users: Full Control

>>

>> F:\Test NTFS Permissions

>> Advanced -> 'Allow Inherited' unticked, permissions removed

>> Local Admins: Full Control (This Folder Only)

>> Domain Admins: Full Control (This Folder, Subfolders and

>> Files)

>> System: Full Control (This Folder, Subfolders and Files)

>> Authenticated Users: Special (This Folder Only)

>> + Traverse Folder/Execute File

>> + List Folder/Read Data

>> + Read Attributes

>> + Read Extended Attributes

>> + Read Permissions

>>

>> F:\Test\Mike NTFS Permissions

>> Advanced -> 'Allow Inherited' unticked, permissions removed

>> Local Admins: Full Control (This Folder Only)

>> Domain Admins: Full Control (This Folder, Subfolders and

>> Files)

>> System: Full Control (This Folder, Subfolders and Files)

>> User 'Mike': Full Control (This Folder, Subfolders and Files)

>>

>> The above allows users full access to their own folders, read access

>> to the root folder, no access to anyone elses folder, and still

>> allows admins to add/remove folders in the root folder.

>>

>> You can then map \\domain\Test\mike to U:\ without having to hide the

>> share - other users cannot get access to the folders anyway.

>>

>> From here:

>> http://groups.google.co.uk/group/microsoft.public.windows.server.general/browse_thread/thread/974df7bcc3d47c50/01449299fac9d367?hl=en

>>

>> Works perfectly in my environment, seems like it would work for you.

>>

>> Regards

>> Richard

[Guest Ace Fekay [MVP]]

Re: Drive Mapping Problem w/ Users Home Folders...

 

In news:DD12AF0B-A92A-4C50-92AA-3CC718381D09@microsoft.com,

Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> typed:

> Thanks for replying Richard.

> I am not too worried about my file securiy, though I will check what I

> currently have against what you suggested.

> Breifly, the users currently have full access to the root & full

> access to their own folder. They have no access to anybody else's

> folders.

> The admins have full access to everything.

>

> I'm not even sure why the shares are hidden w/ the $. Sounded like

> another way to secure things.

> Again, this is a inheritted network that is now mine.

> Maybe I could try just removing the $, so the shares are NOT hidden.

> Don't know if that will change anything or not.

> I agree, if the security is setup properly; there probably is no

> reason to hide the shares.

>

> It is just a lot of work to go around re-shareing everything.

> Thank you again for your reply

>

>

> "Richard Price" wrote:

>

 

 

If I can offer the way I set it up, is to share out the individual users'

folders as hidden and not the root. This way it maps directly to their

folder and see nothing else.

 

\\servername\%username%$

 

Also, using the %username% variable on an NTFS drive automatically sets up

the permissions. I just go in there and adjust each one. Keep in mind each

user needs their own customized logon script as well, and on a larger

scaled, have used KixStart to do that with.

 

And yes, do use that policy setting Lanwench recommended.

 

Just a suggestion.

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

For urgent issues, you may want to contact Microsoft PSS directly. Please

check http://support.microsoft.com for regional support phone numbers.

 

Infinite Diversities in Infinite Combinations

[Guest Jason Lehman WC]

Re: Drive Mapping Problem w/ Users Home Folders...

 

I made the policy change you suggested late yesterday. I immediately tried

rebooting my laptop (which was having the problem described). When I logged

back in, my U: drive was correct.

So the policy seems to make a difference.

My Helpline staff is to let me know if anyone reports this problem again.

So we wait & see what happens.

Thank you all for your help. I was REALLY scratching my head on this one.

I will try to remember to post any results here.

If you don't hear from me, then it means I forgot to post & everything is

fine.

 

Jason

 

"Lanwench [MVP - Exchange]" wrote:

> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

> > Thanks for the reply.

> > I am pretty sure the permissions are all ok.

>

> Sure....was just giving you that article for a reference.

> >

> > If I enable "always wait for network at computer startup and logon",

> > what impact will this have on our mobile users?

> > Will they expierence significant slower startups?

> > The article implys that you are in a Windows 2000 Server Environment.

> > We have all 2003 DC's. Not sure if that matters.

>

> It doesn't - and it won't hurt your users, mobile or immoble. In fact, if

> you try using wireless clients without this GPO setting, you will have a ton

> of problems. Just apply the policy to all workstations.

> >

> > Jason

> >

> >

> > "Lanwench [MVP - Exchange]" wrote:

> >

> >> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

> >>> In AD I have...

> >>> Home Folder, connect to...

> >>> U: to \\servername\Users$\username

> >>>

> >>> Note the $ after Users to indicate the share is hidden.

> >>>

> >>> Some random users get a U:\Users$

> >>> Instead of getting U:\Users$\UserName

> >>>

> >>> No idea why this is going on.

> >>>

> >>> What I inherrited here was the Sys Admin w/ sharing every single

> >>> users home folder, creating too many shares. So the Home Folder used

> >>> to read...

> >>> Home Folder, connect to...

> >>> U: to \\servername\username$

> >>> So I decided to share the Users dir, instead of every single users

> >>> home folder.

> >>

> >> Absolutely. You don't want to have individual shares. Youmight want

> >> to check out http://support.microsoft.com/kb/274443 (for the

> >> permissions).

> >>>

> >>> Anyone have some suggestions/experience for my problem?

> >>

> >> Yes - this is a known issue with XP, for one. You should enable

> >> "always wait for network at computer startup and logon" in group

> >> policy. Check out

> >> http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx

> >> for more info.

> >>

> >>

> >>> Your help is much appreciated.

> >>> Thanks.

> >>> Jason.

>

>

>

>

[Guest Lanwench [MVP - Exchange]]

Re: Drive Mapping Problem w/ Users Home Folders...

 

Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

> I made the policy change you suggested late yesterday. I immediately

> tried rebooting my laptop (which was having the problem described).

> When I logged back in, my U: drive was correct.

> So the policy seems to make a difference.

> My Helpline staff is to let me know if anyone reports this problem

> again. So we wait & see what happens.

> Thank you all for your help. I was REALLY scratching my head on this

> one. I will try to remember to post any results here.

> If you don't hear from me, then it means I forgot to post &

> everything is fine.

>

> Jason

 

Glad to hear everything is OK - I remember that this was a big

head-scratcher for me too, back in the day. Thanks for posting back.

>

> "Lanwench [MVP - Exchange]" wrote:

>

>> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

>>> Thanks for the reply.

>>> I am pretty sure the permissions are all ok.

>>

>> Sure....was just giving you that article for a reference.

>>>

>>> If I enable "always wait for network at computer startup and logon",

>>> what impact will this have on our mobile users?

>>> Will they expierence significant slower startups?

>>> The article implys that you are in a Windows 2000 Server

>>> Environment. We have all 2003 DC's. Not sure if that matters.

>>

>> It doesn't - and it won't hurt your users, mobile or immoble. In

>> fact, if you try using wireless clients without this GPO setting,

>> you will have a ton of problems. Just apply the policy to all

>> workstations.

>>>

>>> Jason

>>>

>>>

>>> "Lanwench [MVP - Exchange]" wrote:

>>>

>>>> Jason Lehman WC <JasonLehmanWC@discussions.microsoft.com> wrote:

>>>>> In AD I have...

>>>>> Home Folder, connect to...

>>>>> U: to \\servername\Users$\username

>>>>>

>>>>> Note the $ after Users to indicate the share is hidden.

>>>>>

>>>>> Some random users get a U:\Users$

>>>>> Instead of getting U:\Users$\UserName

>>>>>

>>>>> No idea why this is going on.

>>>>>

>>>>> What I inherrited here was the Sys Admin w/ sharing every single

>>>>> users home folder, creating too many shares. So the Home Folder

>>>>> used to read...

>>>>> Home Folder, connect to...

>>>>> U: to \\servername\username$

>>>>> So I decided to share the Users dir, instead of every single users

>>>>> home folder.

>>>>

>>>> Absolutely. You don't want to have individual shares. Youmight want

>>>> to check out http://support.microsoft.com/kb/274443 (for the

>>>> permissions).

>>>>>

>>>>> Anyone have some suggestions/experience for my problem?

>>>>

>>>> Yes - this is a known issue with XP, for one. You should enable

>>>> "always wait for network at computer startup and logon" in group

>>>> policy. Check out

>>>> http://technet.microsoft.com/en-us/library/bb456994(TechNet.10).aspx

>>>> for more info.

>>>>

>>>>

>>>>> Your help is much appreciated.

>>>>> Thanks.

>>>>> Jason.