Jump to content

HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

Guest Al

By Guest Al
in Windows 2003 Server

 Share

Recommended Posts

Guest Al

Guest Al

Posted
Posted

ok now this seems pretty simple but it doesn't work!!

 

In ADU&C, I can select an AD user, properties, profile and enter a home

folder.

 

Z: \\SERVERNAME\HOME$\%USERNAME%

 

Now on the shared server I created a share directory named HOME, then shared

named home$, in there I created the users home folder.

 

user boots up his/her XP Pro which is on the domain and can see his/her home

folder but can't freaken create or drop any folders/documents in there.

 

User gets: access denied, you need proper permissions on the folder. User

has full control on their folder!

 

Tried everything with permissions and google. Still can't get it to work.

  • Replies 9
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Dusko Savatovic

Guest Dusko Savatovic

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

You need to configure both share permissions and NTFS permissions.

Share permissions and NTFS permissions are combined so that the least

privilege applies. That is, if you set only share permission to full

control, but leave NTFS permissions as default, your (non administrative)

users will only have read permission.

 

"Al" <Al @discussions.microsoft.com> wrote in message

news:B1B6FD20-BA16-407C-B5C9-8D8DD6BA9B47@microsoft.com...

> ok now this seems pretty simple but it doesn't work!!

>

> In ADU&C, I can select an AD user, properties, profile and enter a home

> folder.

>

> Z: \\SERVERNAME\HOME$\%USERNAME%

>

> Now on the shared server I created a share directory named HOME, then

> shared

> named home$, in there I created the users home folder.

>

> user boots up his/her XP Pro which is on the domain and can see his/her

> home

> folder but can't freaken create or drop any folders/documents in there.

>

> User gets: access denied, you need proper permissions on the folder. User

> has full control on their folder!

>

> Tried everything with permissions and google. Still can't get it to work.

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

Al <Al @discussions.microsoft.com> wrote:

> ok now this seems pretty simple but it doesn't work!!

>

> In ADU&C, I can select an AD user, properties, profile and enter a

> home folder.

>

> Z: \\SERVERNAME\HOME$\%USERNAME%

>

> Now on the shared server I created a share directory named HOME, then

> shared named home$, in there I created the users home folder.

>

> user boots up his/her XP Pro which is on the domain and can see

> his/her home folder but can't freaken create or drop any

> folders/documents in there.

>

> User gets: access denied, you need proper permissions on the folder.

> User has full control on their folder!

>

> Tried everything with permissions and google. Still can't get it to

> work.

 

In addition to the other advice (your permissions are clearly wrong

somewhere), I suggest you rethink the existing setup a bit. Rather than

using home directories, just use folder redirection. You can still map a

drive letter i your login script if you like. Here's some good info -

 

"How to dynamically create security-enhanced redirected folders by using

folder redirection in Windows 2000 and in Windows Server 2003"

http://support.microsoft.com/kb/274443

 

---

SUMMARY

In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an

administrator, you can customize desktops by using Folder Redirection. You

can redirect the following folders by using Active Directory and Group

Policy:

.. Application Data

.. Desktop

.. My Documents

.. My Documents/My Pictures

.. Start Menu

You can find more information about Folder Redirection by searching Windows

Help for Folder Redirection.

 

When you redirect folders to a shared location on a network, users need both

read and write access to this location so that the users can read the

contents these folders. However, in some scenarios, you may not want to

grant read access.

 

 

= Create security-enhanced redirected folders =

 

To make sure that only the user and the domain administrators have

permissions to open a particular redirected folder, do the following:

 

1. Select a central location in your environment where you would like to

store Folder Redirection, and then share this folder. In this example,

FLDREDIR is used.

 

2. Set Share Permissions for the Everyone group to Full Control.

 

3. Use the following settings for NTFS Permissions:

. CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)

. System - Full Control (Apply onto: This Folder, Subfolders and Files)

. Domain Admins - Full Control (Apply onto: This Folder, Subfolders

and Files)

. Everyone - Create Folder/Append Data (Apply onto: This Folder Only)

. Everyone - List Folder/Read Data (Apply onto: This Folder Only)

. Everyone - Read Attributes (Apply onto: This Folder Only)

. Everyone - Traverse Folder/Execute File (Apply onto: This Folder

Only)

 

4. Configure Folder Redirection Policy as outlined in Windows Help. Use a

path similar to \\server\FLDREDIR\username to create a folder under the

shared folder, FLDREDIR.

 

Because the Everyone group has the Create Folder/Append Data right, the

group members have the proper permissions to create the folder; however, the

members are not able to read the data afterwards.

 

The Username group is the name of the user that was logged on when you

created the folder. Because the folder is a child of the parent folder, it

inherits the permissions that you assigned to FLDREDIR. Also, because the

user is creating the folder, the user gains full control of the folder

because of the Creator Owner Permission setting.

 

 

REFERENCES

For additional information, click the article number below to view the

article in the Microsoft Knowledge Base:

232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder Redirection

Feature in Windows

Guest Al

Guest Al

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

 

 

"Lanwench [MVP - Exchange]" wrote:

> Al <Al @discussions.microsoft.com> wrote:

> > ok now this seems pretty simple but it doesn't work!!

> >

> > In ADU&C, I can select an AD user, properties, profile and enter a

> > home folder.

> >

> > Z: \\SERVERNAME\HOME$\%USERNAME%

> >

> > Now on the shared server I created a share directory named HOME, then

> > shared named home$, in there I created the users home folder.

> >

> > user boots up his/her XP Pro which is on the domain and can see

> > his/her home folder but can't freaken create or drop any

> > folders/documents in there.

> >

> > User gets: access denied, you need proper permissions on the folder.

> > User has full control on their folder!

> >

> > Tried everything with permissions and google. Still can't get it to

> > work.

>

> In addition to the other advice (your permissions are clearly wrong

> somewhere), I suggest you rethink the existing setup a bit. Rather than

> using home directories, just use folder redirection. You can still map a

> drive letter i your login script if you like. Here's some good info -

>

> "How to dynamically create security-enhanced redirected folders by using

> folder redirection in Windows 2000 and in Windows Server 2003"

> http://support.microsoft.com/kb/274443

>

> ---

> SUMMARY

> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an

> administrator, you can customize desktops by using Folder Redirection. You

> can redirect the following folders by using Active Directory and Group

> Policy:

> .. Application Data

> .. Desktop

> .. My Documents

> .. My Documents/My Pictures

> .. Start Menu

> You can find more information about Folder Redirection by searching Windows

> Help for Folder Redirection.

>

> When you redirect folders to a shared location on a network, users need both

> read and write access to this location so that the users can read the

> contents these folders. However, in some scenarios, you may not want to

> grant read access.

>

>

> = Create security-enhanced redirected folders =

>

> To make sure that only the user and the domain administrators have

> permissions to open a particular redirected folder, do the following:

>

> 1. Select a central location in your environment where you would like to

> store Folder Redirection, and then share this folder. In this example,

> FLDREDIR is used.

>

> 2. Set Share Permissions for the Everyone group to Full Control.

>

> 3. Use the following settings for NTFS Permissions:

> . CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)

> . System - Full Control (Apply onto: This Folder, Subfolders and Files)

> . Domain Admins - Full Control (Apply onto: This Folder, Subfolders

> and Files)

> . Everyone - Create Folder/Append Data (Apply onto: This Folder Only)

> . Everyone - List Folder/Read Data (Apply onto: This Folder Only)

> . Everyone - Read Attributes (Apply onto: This Folder Only)

> . Everyone - Traverse Folder/Execute File (Apply onto: This Folder

> Only)

>

> 4. Configure Folder Redirection Policy as outlined in Windows Help. Use a

> path similar to \\server\FLDREDIR\username to create a folder under the

> shared folder, FLDREDIR.

>

> Because the Everyone group has the Create Folder/Append Data right, the

> group members have the proper permissions to create the folder; however, the

> members are not able to read the data afterwards.

>

> The Username group is the name of the user that was logged on when you

> created the folder. Because the folder is a child of the parent folder, it

> inherits the permissions that you assigned to FLDREDIR. Also, because the

> user is creating the folder, the user gains full control of the folder

> because of the Creator Owner Permission setting.

>

>

> REFERENCES

> For additional information, click the article number below to view the

> article in the Microsoft Knowledge Base:

> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder Redirection

> Feature in Windows

>

>

 

NTFS permissions? I don't see that option.

>

Guest Al

Guest Al

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

 

 

"Al" wrote:

>

>

> "Lanwench [MVP - Exchange]" wrote:

>

> > Al <Al @discussions.microsoft.com> wrote:

> > > ok now this seems pretty simple but it doesn't work!!

> > >

> > > In ADU&C, I can select an AD user, properties, profile and enter a

> > > home folder.

> > >

> > > Z: \\SERVERNAME\HOME$\%USERNAME%

> > >

> > > Now on the shared server I created a share directory named HOME, then

> > > shared named home$, in there I created the users home folder.

> > >

> > > user boots up his/her XP Pro which is on the domain and can see

> > > his/her home folder but can't freaken create or drop any

> > > folders/documents in there.

> > >

> > > User gets: access denied, you need proper permissions on the folder.

> > > User has full control on their folder!

> > >

> > > Tried everything with permissions and google. Still can't get it to

> > > work.

> >

> > In addition to the other advice (your permissions are clearly wrong

> > somewhere), I suggest you rethink the existing setup a bit. Rather than

> > using home directories, just use folder redirection. You can still map a

> > drive letter i your login script if you like. Here's some good info -

> >

> > "How to dynamically create security-enhanced redirected folders by using

> > folder redirection in Windows 2000 and in Windows Server 2003"

> > http://support.microsoft.com/kb/274443

> >

> > ---

> > SUMMARY

> > In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an

> > administrator, you can customize desktops by using Folder Redirection. You

> > can redirect the following folders by using Active Directory and Group

> > Policy:

> > .. Application Data

> > .. Desktop

> > .. My Documents

> > .. My Documents/My Pictures

> > .. Start Menu

> > You can find more information about Folder Redirection by searching Windows

> > Help for Folder Redirection.

> >

> > When you redirect folders to a shared location on a network, users need both

> > read and write access to this location so that the users can read the

> > contents these folders. However, in some scenarios, you may not want to

> > grant read access.

> >

> >

> > = Create security-enhanced redirected folders =

> >

> > To make sure that only the user and the domain administrators have

> > permissions to open a particular redirected folder, do the following:

> >

> > 1. Select a central location in your environment where you would like to

> > store Folder Redirection, and then share this folder. In this example,

> > FLDREDIR is used.

> >

> > 2. Set Share Permissions for the Everyone group to Full Control.

> >

> > 3. Use the following settings for NTFS Permissions:

> > . CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)

> > . System - Full Control (Apply onto: This Folder, Subfolders and Files)

> > . Domain Admins - Full Control (Apply onto: This Folder, Subfolders

> > and Files)

> > . Everyone - Create Folder/Append Data (Apply onto: This Folder Only)

> > . Everyone - List Folder/Read Data (Apply onto: This Folder Only)

> > . Everyone - Read Attributes (Apply onto: This Folder Only)

> > . Everyone - Traverse Folder/Execute File (Apply onto: This Folder

> > Only)

> >

> > 4. Configure Folder Redirection Policy as outlined in Windows Help. Use a

> > path similar to \\server\FLDREDIR\username to create a folder under the

> > shared folder, FLDREDIR.

> >

> > Because the Everyone group has the Create Folder/Append Data right, the

> > group members have the proper permissions to create the folder; however, the

> > members are not able to read the data afterwards.

> >

> > The Username group is the name of the user that was logged on when you

> > created the folder. Because the folder is a child of the parent folder, it

> > inherits the permissions that you assigned to FLDREDIR. Also, because the

> > user is creating the folder, the user gains full control of the folder

> > because of the Creator Owner Permission setting.

> >

> >

> > REFERENCES

> > For additional information, click the article number below to view the

> > article in the Microsoft Knowledge Base:

> > 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder Redirection

> > Feature in Windows

> >

> >

>

> NTFS permissions? I don't see that option.

> >

 

Ok I created the share directory and the home folder as below:

 

\\servername\home$\%username%

 

now I shared the HOME directory and everyone has read rights. I got the

users folder in the case my folder.

 

I share my folder (username) and then I click on the Security tab add myself

again and select Modify, but I still can't create or save anything in my

folder. I even gave myself Full control. Still same results.

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

Al <Al@discussions.microsoft.com> wrote:

> "Al" wrote:

>

>>

>>

>> "Lanwench [MVP - Exchange]" wrote:

>>

>>> Al <Al @discussions.microsoft.com> wrote:

>>>> ok now this seems pretty simple but it doesn't work!!

>>>>

>>>> In ADU&C, I can select an AD user, properties, profile and enter a

>>>> home folder.

>>>>

>>>> Z: \\SERVERNAME\HOME$\%USERNAME%

>>>>

>>>> Now on the shared server I created a share directory named HOME,

>>>> then shared named home$, in there I created the users home folder.

>>>>

>>>> user boots up his/her XP Pro which is on the domain and can see

>>>> his/her home folder but can't freaken create or drop any

>>>> folders/documents in there.

>>>>

>>>> User gets: access denied, you need proper permissions on the

>>>> folder. User has full control on their folder!

>>>>

>>>> Tried everything with permissions and google. Still can't get it to

>>>> work.

>>>

>>> In addition to the other advice (your permissions are clearly wrong

>>> somewhere), I suggest you rethink the existing setup a bit. Rather

>>> than using home directories, just use folder redirection. You can

>>> still map a drive letter i your login script if you like. Here's

>>> some good info -

>>>

>>> "How to dynamically create security-enhanced redirected folders by

>>> using folder redirection in Windows 2000 and in Windows Server 2003"

>>> http://support.microsoft.com/kb/274443

>>>

>>> ---

>>> SUMMARY

>>> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as

>>> an administrator, you can customize desktops by using Folder

>>> Redirection. You can redirect the following folders by using Active

>>> Directory and Group Policy:

>>> .. Application Data

>>> .. Desktop

>>> .. My Documents

>>> .. My Documents/My Pictures

>>> .. Start Menu

>>> You can find more information about Folder Redirection by searching

>>> Windows Help for Folder Redirection.

>>>

>>> When you redirect folders to a shared location on a network, users

>>> need both read and write access to this location so that the users

>>> can read the contents these folders. However, in some scenarios,

>>> you may not want to grant read access.

>>>

>>>

>>> = Create security-enhanced redirected folders =

>>>

>>> To make sure that only the user and the domain administrators have

>>> permissions to open a particular redirected folder, do the

>>> following:

>>>

>>> 1. Select a central location in your environment where you would

>>> like to store Folder Redirection, and then share this folder. In

>>> this example, FLDREDIR is used.

>>>

>>> 2. Set Share Permissions for the Everyone group to Full Control.

>>>

>>> 3. Use the following settings for NTFS Permissions:

>>> . CREATOR OWNER - Full Control (Apply onto: Subfolders and

>>> Files Only) . System - Full Control (Apply onto: This Folder,

>>> Subfolders and Files) . Domain Admins - Full Control (Apply

>>> onto: This Folder, Subfolders and Files)

>>> . Everyone - Create Folder/Append Data (Apply onto: This

>>> Folder Only) . Everyone - List Folder/Read Data (Apply onto:

>>> This Folder Only) . Everyone - Read Attributes (Apply onto:

>>> This Folder Only) . Everyone - Traverse Folder/Execute File

>>> (Apply onto: This Folder

>>> Only)

>>>

>>> 4. Configure Folder Redirection Policy as outlined in Windows Help.

>>> Use a path similar to \\server\FLDREDIR\username to create a folder

>>> under the shared folder, FLDREDIR.

>>>

>>> Because the Everyone group has the Create Folder/Append Data right,

>>> the group members have the proper permissions to create the folder;

>>> however, the members are not able to read the data afterwards.

>>>

>>> The Username group is the name of the user that was logged on when

>>> you created the folder. Because the folder is a child of the parent

>>> folder, it inherits the permissions that you assigned to FLDREDIR.

>>> Also, because the user is creating the folder, the user gains full

>>> control of the folder because of the Creator Owner Permission

>>> setting.

>>>

>>>

>>> REFERENCES

>>> For additional information, click the article number below to view

>>> the article in the Microsoft Knowledge Base:

>>> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder

>>> Redirection Feature in Windows

>>>

>>>

>>

>> NTFS permissions? I don't see that option.

>>>

>

> Ok I created the share directory and the home folder as below:

>

> \\servername\home$\%username%

 

You didn't create the %username% folder, did you? Don't do that.

>

> now I shared the HOME directory and everyone has read rights. I got

> the users folder in the case my folder.

 

You have to share home as home$ and grant everyone Full Control here.

>

> I share my folder (username) and then I click on the Security tab add

> myself again and select Modify, but I still can't create or save

> anything in my folder. I even gave myself Full control. Still same

> results.

 

The share permissions must not be more restrictive than the NTFS permissions

or you won't get the results you think. ;-)

Guest Al

Guest Al

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

 

 

"Lanwench [MVP - Exchange]" wrote:

> Al <Al@discussions.microsoft.com> wrote:

> > "Al" wrote:

> >

> >>

> >>

> >> "Lanwench [MVP - Exchange]" wrote:

> >>

> >>> Al <Al @discussions.microsoft.com> wrote:

> >>>> ok now this seems pretty simple but it doesn't work!!

> >>>>

> >>>> In ADU&C, I can select an AD user, properties, profile and enter a

> >>>> home folder.

> >>>>

> >>>> Z: \\SERVERNAME\HOME$\%USERNAME%

> >>>>

> >>>> Now on the shared server I created a share directory named HOME,

> >>>> then shared named home$, in there I created the users home folder.

> >>>>

> >>>> user boots up his/her XP Pro which is on the domain and can see

> >>>> his/her home folder but can't freaken create or drop any

> >>>> folders/documents in there.

> >>>>

> >>>> User gets: access denied, you need proper permissions on the

> >>>> folder. User has full control on their folder!

> >>>>

> >>>> Tried everything with permissions and google. Still can't get it to

> >>>> work.

> >>>

> >>> In addition to the other advice (your permissions are clearly wrong

> >>> somewhere), I suggest you rethink the existing setup a bit. Rather

> >>> than using home directories, just use folder redirection. You can

> >>> still map a drive letter i your login script if you like. Here's

> >>> some good info -

> >>>

> >>> "How to dynamically create security-enhanced redirected folders by

> >>> using folder redirection in Windows 2000 and in Windows Server 2003"

> >>> http://support.microsoft.com/kb/274443

> >>>

> >>> ---

> >>> SUMMARY

> >>> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as

> >>> an administrator, you can customize desktops by using Folder

> >>> Redirection. You can redirect the following folders by using Active

> >>> Directory and Group Policy:

> >>> .. Application Data

> >>> .. Desktop

> >>> .. My Documents

> >>> .. My Documents/My Pictures

> >>> .. Start Menu

> >>> You can find more information about Folder Redirection by searching

> >>> Windows Help for Folder Redirection.

> >>>

> >>> When you redirect folders to a shared location on a network, users

> >>> need both read and write access to this location so that the users

> >>> can read the contents these folders. However, in some scenarios,

> >>> you may not want to grant read access.

> >>>

> >>>

> >>> = Create security-enhanced redirected folders =

> >>>

> >>> To make sure that only the user and the domain administrators have

> >>> permissions to open a particular redirected folder, do the

> >>> following:

> >>>

> >>> 1. Select a central location in your environment where you would

> >>> like to store Folder Redirection, and then share this folder. In

> >>> this example, FLDREDIR is used.

> >>>

> >>> 2. Set Share Permissions for the Everyone group to Full Control.

> >>>

> >>> 3. Use the following settings for NTFS Permissions:

> >>> . CREATOR OWNER - Full Control (Apply onto: Subfolders and

> >>> Files Only) . System - Full Control (Apply onto: This Folder,

> >>> Subfolders and Files) . Domain Admins - Full Control (Apply

> >>> onto: This Folder, Subfolders and Files)

> >>> . Everyone - Create Folder/Append Data (Apply onto: This

> >>> Folder Only) . Everyone - List Folder/Read Data (Apply onto:

> >>> This Folder Only) . Everyone - Read Attributes (Apply onto:

> >>> This Folder Only) . Everyone - Traverse Folder/Execute File

> >>> (Apply onto: This Folder

> >>> Only)

> >>>

> >>> 4. Configure Folder Redirection Policy as outlined in Windows Help.

> >>> Use a path similar to \\server\FLDREDIR\username to create a folder

> >>> under the shared folder, FLDREDIR.

> >>>

> >>> Because the Everyone group has the Create Folder/Append Data right,

> >>> the group members have the proper permissions to create the folder;

> >>> however, the members are not able to read the data afterwards.

> >>>

> >>> The Username group is the name of the user that was logged on when

> >>> you created the folder. Because the folder is a child of the parent

> >>> folder, it inherits the permissions that you assigned to FLDREDIR.

> >>> Also, because the user is creating the folder, the user gains full

> >>> control of the folder because of the Creator Owner Permission

> >>> setting.

> >>>

> >>>

> >>> REFERENCES

> >>> For additional information, click the article number below to view

> >>> the article in the Microsoft Knowledge Base:

> >>> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder

> >>> Redirection Feature in Windows

> >>>

> >>>

> >>

> >> NTFS permissions? I don't see that option.

> >>>

> >

> > Ok I created the share directory and the home folder as below:

> >

> > \\servername\home$\%username%

>

> You didn't create the %username% folder, did you? Don't do that.

> >

> > now I shared the HOME directory and everyone has read rights. I got

> > the users folder in the case my folder.

>

> You have to share home as home$ and grant everyone Full Control here.

> >

> > I share my folder (username) and then I click on the Security tab add

> > myself again and select Modify, but I still can't create or save

> > anything in my folder. I even gave myself Full control. Still same

> > results.

>

> The share permissions must not be more restrictive than the NTFS permissions

> or you won't get the results you think. ;-)

>

 

ok lets see if I follow. No I didn't share %username%

 

now if I grant everyone full perms on HOME, then I creat subfolders with

their username (which I already have done) wouldn't everyone be able to read

everyone's folder? That would defeat the purpose. I will try it your way and

see.

 

so again to recap.

 

home is shared (full permissions)

username folders are created

 

\\servername\home$\%username%

 

 

>

>

>

Guest Al

Guest Al

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

 

 

"Al" wrote:

>

>

> "Lanwench [MVP - Exchange]" wrote:

>

> > Al <Al@discussions.microsoft.com> wrote:

> > > "Al" wrote:

> > >

> > >>

> > >>

> > >> "Lanwench [MVP - Exchange]" wrote:

> > >>

> > >>> Al <Al @discussions.microsoft.com> wrote:

> > >>>> ok now this seems pretty simple but it doesn't work!!

> > >>>>

> > >>>> In ADU&C, I can select an AD user, properties, profile and enter a

> > >>>> home folder.

> > >>>>

> > >>>> Z: \\SERVERNAME\HOME$\%USERNAME%

> > >>>>

> > >>>> Now on the shared server I created a share directory named HOME,

> > >>>> then shared named home$, in there I created the users home folder.

> > >>>>

> > >>>> user boots up his/her XP Pro which is on the domain and can see

> > >>>> his/her home folder but can't freaken create or drop any

> > >>>> folders/documents in there.

> > >>>>

> > >>>> User gets: access denied, you need proper permissions on the

> > >>>> folder. User has full control on their folder!

> > >>>>

> > >>>> Tried everything with permissions and google. Still can't get it to

> > >>>> work.

> > >>>

> > >>> In addition to the other advice (your permissions are clearly wrong

> > >>> somewhere), I suggest you rethink the existing setup a bit. Rather

> > >>> than using home directories, just use folder redirection. You can

> > >>> still map a drive letter i your login script if you like. Here's

> > >>> some good info -

> > >>>

> > >>> "How to dynamically create security-enhanced redirected folders by

> > >>> using folder redirection in Windows 2000 and in Windows Server 2003"

> > >>> http://support.microsoft.com/kb/274443

> > >>>

> > >>> ---

> > >>> SUMMARY

> > >>> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as

> > >>> an administrator, you can customize desktops by using Folder

> > >>> Redirection. You can redirect the following folders by using Active

> > >>> Directory and Group Policy:

> > >>> .. Application Data

> > >>> .. Desktop

> > >>> .. My Documents

> > >>> .. My Documents/My Pictures

> > >>> .. Start Menu

> > >>> You can find more information about Folder Redirection by searching

> > >>> Windows Help for Folder Redirection.

> > >>>

> > >>> When you redirect folders to a shared location on a network, users

> > >>> need both read and write access to this location so that the users

> > >>> can read the contents these folders. However, in some scenarios,

> > >>> you may not want to grant read access.

> > >>>

> > >>>

> > >>> = Create security-enhanced redirected folders =

> > >>>

> > >>> To make sure that only the user and the domain administrators have

> > >>> permissions to open a particular redirected folder, do the

> > >>> following:

> > >>>

> > >>> 1. Select a central location in your environment where you would

> > >>> like to store Folder Redirection, and then share this folder. In

> > >>> this example, FLDREDIR is used.

> > >>>

> > >>> 2. Set Share Permissions for the Everyone group to Full Control.

> > >>>

> > >>> 3. Use the following settings for NTFS Permissions:

> > >>> . CREATOR OWNER - Full Control (Apply onto: Subfolders and

> > >>> Files Only) . System - Full Control (Apply onto: This Folder,

> > >>> Subfolders and Files) . Domain Admins - Full Control (Apply

> > >>> onto: This Folder, Subfolders and Files)

> > >>> . Everyone - Create Folder/Append Data (Apply onto: This

> > >>> Folder Only) . Everyone - List Folder/Read Data (Apply onto:

> > >>> This Folder Only) . Everyone - Read Attributes (Apply onto:

> > >>> This Folder Only) . Everyone - Traverse Folder/Execute File

> > >>> (Apply onto: This Folder

> > >>> Only)

> > >>>

> > >>> 4. Configure Folder Redirection Policy as outlined in Windows Help.

> > >>> Use a path similar to \\server\FLDREDIR\username to create a folder

> > >>> under the shared folder, FLDREDIR.

> > >>>

> > >>> Because the Everyone group has the Create Folder/Append Data right,

> > >>> the group members have the proper permissions to create the folder;

> > >>> however, the members are not able to read the data afterwards.

> > >>>

> > >>> The Username group is the name of the user that was logged on when

> > >>> you created the folder. Because the folder is a child of the parent

> > >>> folder, it inherits the permissions that you assigned to FLDREDIR.

> > >>> Also, because the user is creating the folder, the user gains full

> > >>> control of the folder because of the Creator Owner Permission

> > >>> setting.

> > >>>

> > >>>

> > >>> REFERENCES

> > >>> For additional information, click the article number below to view

> > >>> the article in the Microsoft Knowledge Base:

> > >>> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder

> > >>> Redirection Feature in Windows

> > >>>

> > >>>

> > >>

> > >> NTFS permissions? I don't see that option.

> > >>>

> > >

> > > Ok I created the share directory and the home folder as below:

> > >

> > > \\servername\home$\%username%

> >

> > You didn't create the %username% folder, did you? Don't do that.

> > >

> > > now I shared the HOME directory and everyone has read rights. I got

> > > the users folder in the case my folder.

> >

> > You have to share home as home$ and grant everyone Full Control here.

> > >

> > > I share my folder (username) and then I click on the Security tab add

> > > myself again and select Modify, but I still can't create or save

> > > anything in my folder. I even gave myself Full control. Still same

> > > results.

> >

> > The share permissions must not be more restrictive than the NTFS permissions

> > or you won't get the results you think. ;-)

> >

>

> ok lets see if I follow. No I didn't share %username%

>

> now if I grant everyone full perms on HOME, then I creat subfolders with

> their username (which I already have done) wouldn't everyone be able to read

> everyone's folder? That would defeat the purpose. I will try it your way and

> see.

>

> so again to recap.

>

> home is shared (full permissions)

> username folders are created

>

> \\servername\home$\%username%

 

 

 

 

I can't do it that way. I can't have users reading each others home

folders.

 

I have done this in the past so I know it works.

 

\\server\home\%username%

 

users can't read/write to another users folder.

>

>

>

> >

> >

> >

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

Al <Al@discussions.microsoft.com> wrote:

 

<snipped for length>

> ok lets see if I follow. No I didn't share %username%

 

*No*. I meant, do not *create* the <user> folder. Let it be created

automatically. All you do is create home$ and set the permissions there, in

NTFS and on the share. See the link I posted for the permissions.

>

> now if I grant everyone full perms on HOME, then I creat subfolders

> with their username (which I already have done) '

 

 

No, don't do that.

> wouldn't everyone be

> able to read everyone's folder? That would defeat the purpose. I

> will try it your way and see.

>

> so again to recap.

>

> home is shared (full permissions)

> username folders are created

>

> \\servername\home$\%username%

 

See the link I posted - I suggest you start over.

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

 

Al <Al@discussions.microsoft.com> wrote:

<snip>

> I can't do it that way. I can't have users reading each others home

> folders.

>

Of course not. They won't, if you follow the instructions I sent in that

link.

> I have done this in the past so I know it works.

>

> \\server\home\%username%

>

> users can't read/write to another users folder.

 

You never create the users folders themselves. They should be created

automatically. See my prior message.

 Share
Go to topic listing
×
×
  • Create New...