Guest Marc S Posted March 19, 2008 Posted March 19, 2008 When sharing a folder on a Windows 2003 Server, does the location of the actual folder matter? For example: If the folder called "data" is located on Server named DRSERVER on D:\Disaster Recovery Store\new\Data and has a "shared name" of "Data". So the actual folder is 3 levels down. Then would the mapped drive be just \\DRSERVER\Data ? (1) Does Windows just know to look at a root level to see all "shared folders"? (2) No matter where the folder is actually located, the UNC would always be \\servername\shared folder? Is there documentation on this anywhere? Thanks.
Guest Lanwench [MVP - Exchange] Posted March 19, 2008 Posted March 19, 2008 Re: Question about mapping a shared folder Marc S <MarcS@discussions.microsoft.com> wrote: > When sharing a folder on a Windows 2003 Server, does the location of > the actual folder matter? > > For example: > If the folder called "data" is located on Server named DRSERVER on > D:\Disaster Recovery Store\new\Data and has a "shared name" of > "Data". So the actual folder is 3 levels down. > > Then would the mapped drive be just \\DRSERVER\Data ? Yes. > > (1) Does Windows just know to look at a root level to see all "shared > folders"? I don't really know what you mean - any server (or workstation) knows where its shares are. You can see them if you look at \\server - or type "net share" in a command prompt. > (2) No matter where the folder is actually located, the UNC would > always be \\servername\shared folder? Yes. > > Is there documentation on this anywhere? I'm not sure what sort you're looking for - this is a pretty basic thing. Are you having problems with something in particular? > > Thanks.
Guest Marc S Posted March 19, 2008 Posted March 19, 2008 Re: Question about mapping a shared folder "Lanwench [MVP - Exchange]" wrote: > Marc S <MarcS@discussions.microsoft.com> wrote: > > When sharing a folder on a Windows 2003 Server, does the location of > > the actual folder matter? > > > > For example: > > If the folder called "data" is located on Server named DRSERVER on > > D:\Disaster Recovery Store\new\Data and has a "shared name" of > > "Data". So the actual folder is 3 levels down. > > > > Then would the mapped drive be just \\DRSERVER\Data ? > > Yes. > > > > (1) Does Windows just know to look at a root level to see all "shared > > folders"? > > I don't really know what you mean - any server (or workstation) knows where > its shares are. You can see them if you look at \\server - or type "net > share" in a command prompt. > > > (2) No matter where the folder is actually located, the UNC would > > always be \\servername\shared folder? > > Yes. > > > > > Is there documentation on this anywhere? > > I'm not sure what sort you're looking for - this is a pretty basic thing. > Are you having problems with something in particular? > > > > Thanks. I have no problem. I am just questioning when you make a shared folder and map a drive with UNC \\servername\shared folder...does it matter where the shared folder is located? Can the shared folder actually be 2 or 3 levels down, but this does NOT have to be listed in the UNC. In the UNC, you just list the shared folder name and windows knows to take the user to that path?
Guest Newell White Posted March 20, 2008 Posted March 20, 2008 Re: Question about mapping a shared folder "Marc S" wrote: > > > "Lanwench [MVP - Exchange]" wrote: > > > Marc S <MarcS@discussions.microsoft.com> wrote: > > > When sharing a folder on a Windows 2003 Server, does the location of > > > the actual folder matter? > > > > > > For example: > > > If the folder called "data" is located on Server named DRSERVER on > > > D:\Disaster Recovery Store\new\Data and has a "shared name" of > > > "Data". So the actual folder is 3 levels down. > > > > > > Then would the mapped drive be just \\DRSERVER\Data ? > > > > Yes. > > > > > > (1) Does Windows just know to look at a root level to see all "shared > > > folders"? > > > > I don't really know what you mean - any server (or workstation) knows where > > its shares are. You can see them if you look at \\server - or type "net > > share" in a command prompt. > > > > > (2) No matter where the folder is actually located, the UNC would > > > always be \\servername\shared folder? > > > > Yes. > > > > > > > > Is there documentation on this anywhere? > > > > I'm not sure what sort you're looking for - this is a pretty basic thing. > > Are you having problems with something in particular? > > > > > > Thanks. > > I have no problem. I am just questioning when you make a shared folder and > map a drive with UNC \\servername\shared folder...does it matter where the > shared folder is located? Can the shared folder actually be 2 or 3 levels > down, but this does NOT have to be listed in the UNC. In the UNC, you just > list the shared folder name and windows knows to take the user to that path? > > I look at it this way Marc: All shares on one server (SERVERX) must have unique names. SERVERX keeps a list of these names, and a path to each share of the form C:\folder1\foldera\.. - this path can be as deep as you like (probably within the 255-byte limit). When a UNC reference \\SERVERX\someshare is made, it can be passed to SERVERX to set up a channel to the appropriate file object (assuming the referring task has appropriate permissions to \\SEVERX\someshare, and appropriate NTFS permissions to the underlying file object). The MS implementation may be different, but this conceptual model works for me. -- Regards, Newell White
Guest Anteaus Posted March 20, 2008 Posted March 20, 2008 Re: Question about mapping a shared folder The workstation only 'sees' the UNC name. (Or the local driveletter this is mapped-to) It has no knowledge of where on the server the share is stored.
Guest TransGalactic_HitchHicker Posted March 20, 2008 Posted March 20, 2008 Re: Question about mapping a shared folder Note that if you have a share DATA at : servername : PC C:\private\DATA\norisk\factor Then it is possible to map to \\PC\DATA You could also map to \\PC\DATA\norisk\factor Ending deeper then from where you shared it. This might be handy if DATA functions like a placeholder folder where not all rights are givven, for example you not allow people to write or create folders in data, to keep it organized. The user this way cannt get up to Data he endsup in \factor As an admin for yourself you could always go to \\PC\C$ > C root In simple the server just keeps a list of all shared folders. Which is easy to see go to your computer > manage > shared folders Oh and it's actualy possible to gove different share names for a certain folder C:\personal\data Might be shared as "Data" but could also as well be shared as "Informatin" Keep in mind the share permission are a first filter (normaly wide open) While file folder permisions are the end resulting filter which decides if you have rights to access something.
Guest Marc S Posted March 20, 2008 Posted March 20, 2008 Re: Question about mapping a shared folder "TransGalactic_HitchHicker" wrote: > Note that if you have a share DATA > at : > servername : PC > C:\private\DATA\norisk\factor > > Then it is possible to map to > \\PC\DATA > > You could also map to > \\PC\DATA\norisk\factor > Ending deeper then from where you shared it. > This might be handy if DATA functions like a placeholder folder where not > all rights are givven, for example you not allow people to write or create > folders in data, to keep it organized. The user this way cannt get up to Data > he endsup in \factor > > As an admin for yourself > you could always go to > \\PC\C$ > C root > > > > In simple the server just keeps a list of all shared folders. > Which is easy to see go to your computer > manage > shared folders > > Oh and it's actualy possible to gove different share names for a certain > folder > C:\personal\data > Might be shared as "Data" but could also as well be shared as "Informatin" > > Keep in mind the share permission are a first filter (normaly wide open) > While file folder permisions are the end resulting filter which decides if > you have rights to access something. Got it. You've all answered my question. Thanks.
Guest lforbes Posted March 21, 2008 Posted March 21, 2008 Re: Question about mapping a shared folder Hi, For further clarification you can open up Computer Managment and go to the Shares tab to see all the shares. Windows NT did not let you map directly to a folder within a share. However, Windows 2000/2003/2008 lets you do that now. It is very convenient because I only have one share called Users and then each user can map their home directory directly by mapping \\server\Users\username This way I can keep the number of shares to 1 instead of 2400. Cheers, Lara "Marc S" wrote: > > > "TransGalactic_HitchHicker" wrote: > > > Note that if you have a share DATA > > at : > > servername : PC > > C:\private\DATA\norisk\factor > > > > Then it is possible to map to > > \\PC\DATA > > > > You could also map to > > \\PC\DATA\norisk\factor > > Ending deeper then from where you shared it. > > This might be handy if DATA functions like a placeholder folder where not > > all rights are givven, for example you not allow people to write or create > > folders in data, to keep it organized. The user this way cannt get up to Data > > he endsup in \factor > > > > As an admin for yourself > > you could always go to > > \\PC\C$ > C root > > > > > > > > In simple the server just keeps a list of all shared folders. > > Which is easy to see go to your computer > manage > shared folders > > > > Oh and it's actualy possible to gove different share names for a certain > > folder > > C:\personal\data > > Might be shared as "Data" but could also as well be shared as "Informatin" > > > > Keep in mind the share permission are a first filter (normaly wide open) > > While file folder permisions are the end resulting filter which decides if > > you have rights to access something. > > Got it. You've all answered my question. Thanks. >
Guest Marc S Posted March 24, 2008 Posted March 24, 2008 Re: Question about mapping a shared folder "lforbes" wrote: > Hi, > > For further clarification you can open up Computer Managment and go to the > Shares tab to see all the shares. > > Windows NT did not let you map directly to a folder within a share. However, > Windows 2000/2003/2008 lets you do that now. > > It is very convenient because I only have one share called Users and then > each user can map their home directory directly by mapping > \\server\Users\username > > This way I can keep the number of shares to 1 instead of 2400. > > Cheers, > Lara > > "Marc S" wrote: > > > > > > > "TransGalactic_HitchHicker" wrote: > > > > > Note that if you have a share DATA > > > at : > > > servername : PC > > > C:\private\DATA\norisk\factor > > > > > > Then it is possible to map to > > > \\PC\DATA > > > > > > You could also map to > > > \\PC\DATA\norisk\factor > > > Ending deeper then from where you shared it. > > > This might be handy if DATA functions like a placeholder folder where not > > > all rights are givven, for example you not allow people to write or create > > > folders in data, to keep it organized. The user this way cannt get up to Data > > > he endsup in \factor > > > > > > As an admin for yourself > > > you could always go to > > > \\PC\C$ > C root > > > > > > > > > > > > In simple the server just keeps a list of all shared folders. > > > Which is easy to see go to your computer > manage > shared folders > > > > > > Oh and it's actualy possible to gove different share names for a certain > > > folder > > > C:\personal\data > > > Might be shared as "Data" but could also as well be shared as "Informatin" > > > > > > Keep in mind the share permission are a first filter (normaly wide open) > > > While file folder permisions are the end resulting filter which decides if > > > you have rights to access something. > > > > Got it. You've all answered my question. Thanks. Laura, Thanks. The home directory mapping you are referring to, that's for the Active Directory Users and Computers, Profile tab, Home folder, Connect to field...right? Thanks.
Guest lforbes Posted March 25, 2008 Posted March 25, 2008 Re: Question about mapping a shared folder "Marc S" wrote: > > Thanks. > The home directory mapping you are referring to, that's for the Active > Directory Users and Computers, Profile tab, Home folder, Connect to > field...right? > > Thanks. Yes, I share D:\Users as \\MyServer\UsersShare Inside D:\Users are ALL my usernames eg. user1, user2, etc. In the properties of each user I set the home drive to map to H: \\MyServer\UsersShare\%username% When I click OK it puts the user name of the user in that area and it maps to their specific folder (even though it is the upper folder that is shared). Cheers, Lara
Guest Lanwench [MVP - Exchange] Posted March 25, 2008 Posted March 25, 2008 Re: Question about mapping a shared folder lforbes <lforbes@discussions.microsoft.com> wrote: > "Marc S" wrote: >> >> Thanks. >> The home directory mapping you are referring to, that's for the >> Active Directory Users and Computers, Profile tab, Home folder, >> Connect to field...right? >> >> Thanks. > > Yes, > > I share D:\Users as \\MyServer\UsersShare > > Inside D:\Users are ALL my usernames eg. user1, user2, etc. > > In the properties of each user I set the home drive to map to > > H: \\MyServer\UsersShare\%username% > > When I click OK it puts the user name of the user in that area and it > maps to their specific folder (even though it is the upper folder > that is shared). > > Cheers, > Lara Or use folder redirection & you don't need a home directory any longer :-)
Guest lforbes Posted March 26, 2008 Posted March 26, 2008 Re: Question about mapping a shared folder I do use Folder Redirection. However, it is sometimes not 100% reliable. Therefore I prefer to have the H:\ as well as My Documents Redirected. And for extra backup the personel folder in the users registry points to H:\ just in case redirection decides not to work. Plus this way creates the accounts for me and with 2500 users I certainly don't want to do that manually with each permission being specific to each user. Cheers, Lara "Lanwench [MVP - Exchange]" wrote: > lforbes <lforbes@discussions.microsoft.com> wrote: > > "Marc S" wrote: > >> > >> Thanks. > >> The home directory mapping you are referring to, that's for the > >> Active Directory Users and Computers, Profile tab, Home folder, > >> Connect to field...right? > >> > >> Thanks. > > > > Yes, > > > > I share D:\Users as \\MyServer\UsersShare > > > > Inside D:\Users are ALL my usernames eg. user1, user2, etc. > > > > In the properties of each user I set the home drive to map to > > > > H: \\MyServer\UsersShare\%username% > > > > When I click OK it puts the user name of the user in that area and it > > maps to their specific folder (even though it is the upper folder > > that is shared). > > > > Cheers, > > Lara > > Or use folder redirection & you don't need a home directory any longer :-) > > >
Guest Lanwench [MVP - Exchange] Posted March 26, 2008 Posted March 26, 2008 Re: Question about mapping a shared folder lforbes <lforbes@discussions.microsoft.com> wrote: > I do use Folder Redirection. However, it is sometimes not 100% > reliable. Well, I'd be looking into the cause of that & fixing it, then, rather than applying bandaids. Perhaps if you post the errors or problems you have, someone can help. > > Therefore I prefer to have the H:\ as well as My Documents > Redirected. To the same folder, though, right? > And for extra backup the personel folder in the users > registry points to H:\ just in case redirection decides not to work. Oy. Sounds like an admin nightmare on your hands - too many places to change things if you need to change servers! Redirection is pretty simple and should be working, period - if it isn't, look at why. > > Plus this way creates the accounts for me and with 2500 users I > certainly don't want to do that manually with each permission being > specific to each user. Sure, of course not. That's why you should keep things as simple as possible. If you define home directory paths in 2500 accounts, you have to change 2500 ADUC items if you want to switch servers around, rather than changing one entry in group policy. Note that the permissions are not a problem- they're set automatically on the users' subfolders if you set the parent folder permissions correctly. You can redirect my documents and map a drive letter to the same place and *still* not need a home directory path. Home directories are pretty archaic and unnecessary now. > > Cheers, > Lara > > "Lanwench [MVP - Exchange]" wrote: > >> lforbes <lforbes@discussions.microsoft.com> wrote: >>> "Marc S" wrote: >>>> >>>> Thanks. >>>> The home directory mapping you are referring to, that's for the >>>> Active Directory Users and Computers, Profile tab, Home folder, >>>> Connect to field...right? >>>> >>>> Thanks. >>> >>> Yes, >>> >>> I share D:\Users as \\MyServer\UsersShare >>> >>> Inside D:\Users are ALL my usernames eg. user1, user2, etc. >>> >>> In the properties of each user I set the home drive to map to >>> >>> H: \\MyServer\UsersShare\%username% >>> >>> When I click OK it puts the user name of the user in that area and >>> it maps to their specific folder (even though it is the upper folder >>> that is shared). >>> >>> Cheers, >>> Lara >> >> Or use folder redirection & you don't need a home directory any >> longer :-)
Guest lforbes Posted March 27, 2008 Posted March 27, 2008 Re: Question about mapping a shared folder It isn't a bandaid, just 20 years of MS experience has taught me to have contingency plans =). I have 500 machines that I reimage every year with the same name. Sometimes, but not always, when I delete an Active Directory Computer account it does not delete the DNS entry. If I forget to manually delete the DNS then when the computer adds again it works about 90% but the one thing that will fail is the Folder Redirection because it relies 100% on DNS. Also MS has a flaw in their Group Policy that if you don't have the "wait for network before logging in" Group Policy setting enabled then it won't load the Group Policy settings, startup scripts etc either computer or user at all before the user logs in. When I had new computers add into the Computers container the policy would not apply until I moved them. I don't set that wait for network on the Domain OU for obvious reasons. Now I have set the path to automatically add computers to the ComputersAll OU instead so that has cut it out. However, I still find sometimes with laptops newly joined to the domain sometimes it takes a gpupdate /force and a few restarts. My users all have mandatory profiles therefore if there is one time that their folder isn't redirected then they lose all their files (which delete on logoff). My users do not have ownership of their root user folder either. I prefer it that way for security. I have specific groups that also have access to users folders. Therefore I don't want active directory folder redirection to "add" the folders. Also that was a new feature that wasn't entirely 100% reliable either. I prefer to add them using the Home Drives and then double check to make sure they are all there. Most of my users use My Documents (folder redirection). However, I also have some applications that like to have a Drive for their saving location. They don't save well to a UNC path (folder redirection). The H:\ is there for that. I upgrade my servers every three years. H:\ is what is in the mandatory profile has listed so as long as I stick with that drive letter it doesn't matter what server. That is just a backup plan and it really doesn't matter what the profile says because folder redirection takes it over anyway if it is working properly. I just change my Group Policy and the users home directory path. It is pretty simple with Windows 2003 though being able to do a multiple user change. Again I have been an admin for 20 years since we did it the old DOS networking way. I have been 10 years with my current network and started out with NT 4, then 2000 and now 2003. Won't be going Vista anytime soon. I run it at home but definitely not MS's best invention for a business network with no backwards profile compatibility and the fact that much of the profile doesn't roam (gadgets etc) so it is pretty useless in my network where profiles are deleted on logoff and if not by script on restart. Cheers, Lara "Lanwench [MVP - Exchange]" wrote: > lforbes <lforbes@discussions.microsoft.com> wrote: > > I do use Folder Redirection. However, it is sometimes not 100% > > reliable. > > Well, I'd be looking into the cause of that & fixing it, then, rather than > applying bandaids. Perhaps if you post the errors or problems you have, > someone can help. > > > > > Therefore I prefer to have the H:\ as well as My Documents > > Redirected. > > To the same folder, though, right? > > > And for extra backup the personel folder in the users > > registry points to H:\ just in case redirection decides not to work. > > Oy. Sounds like an admin nightmare on your hands - too many places to change > things if you need to change servers! > > Redirection is pretty simple and should be working, period - if it isn't, > look at why. > > > > Plus this way creates the accounts for me and with 2500 users I > > certainly don't want to do that manually with each permission being > > specific to each user. > > Sure, of course not. That's why you should keep things as simple as > possible. If you define home directory paths in 2500 accounts, you have to > change 2500 ADUC items if you want to switch servers around, rather than > changing one entry in group policy. Note that the permissions are not a > problem- they're set automatically on the users' subfolders if you set the > parent folder permissions correctly. You can redirect my documents and map a > drive letter to the same place and *still* not need a home directory path. > Home directories are pretty archaic and unnecessary now. > > > > > > Cheers, > > Lara > > > > "Lanwench [MVP - Exchange]" wrote: > > > >> lforbes <lforbes@discussions.microsoft.com> wrote: > >>> "Marc S" wrote: > >>>> > >>>> Thanks. > >>>> The home directory mapping you are referring to, that's for the > >>>> Active Directory Users and Computers, Profile tab, Home folder, > >>>> Connect to field...right? > >>>> > >>>> Thanks. > >>> > >>> Yes, > >>> > >>> I share D:\Users as \\MyServer\UsersShare > >>> > >>> Inside D:\Users are ALL my usernames eg. user1, user2, etc. > >>> > >>> In the properties of each user I set the home drive to map to > >>> > >>> H: \\MyServer\UsersShare\%username% > >>> > >>> When I click OK it puts the user name of the user in that area and > >>> it maps to their specific folder (even though it is the upper folder > >>> that is shared). > >>> > >>> Cheers, > >>> Lara > >> > >> Or use folder redirection & you don't need a home directory any > >> longer :-) > > > >
Guest Lanwench [MVP - Exchange] Posted March 27, 2008 Posted March 27, 2008 Re: Question about mapping a shared folder lforbes <lforbes@discussions.microsoft.com> wrote: > It isn't a bandaid, just 20 years of MS experience has taught me to > have contingency plans =). I have 500 machines that I reimage every > year with the same name. Sometimes, but not always, when I delete an > Active Directory Computer account it does not delete the DNS entry. > If I forget to manually delete the DNS then when the computer adds > again it works about 90% but the one thing that will fail is the > Folder Redirection because it relies 100% on DNS. Yes, but it requires that the workstation be able to find the *server* - not vice versa. > > Also MS has a flaw in their Group Policy that if you don't have the > "wait for network before logging in" Group Policy setting enabled > then it won't load the Group Policy settings, startup scripts etc > either computer or user at all before the user logs in. This is an issue with with XP and perhaps Vista...but this is a default I enable in all my networks. It should be built in, IMO. > When I had > new computers add into the Computers container the policy would not > apply until I moved them. I don't set that wait for network on the > Domain OU for obvious reasons. Yep. > > Now I have set the path to automatically add computers to the > ComputersAll OU instead so that has cut it out. However, I still find > sometimes with laptops newly joined to the domain sometimes it takes > a gpupdate /force and a few restarts. Are they perhaps using wireless? > > My users all have mandatory profiles therefore if there is one time > that their folder isn't redirected then they lose all their files > (which delete on logoff). Ah. I don't use mandatory profiles. > > My users do not have ownership of their root user folder either. No, they don't need it. See http://support.microsoft.com/kb/274443 for the parent folder permissions. > I > prefer it that way for security. I have specific groups that also > have access to users folders. You can add them at the parent level.... > Therefore I don't want active directory > folder redirection to "add" the folders. Also that was a new feature > that wasn't entirely 100% reliable either. I prefer to add them using > the Home Drives and then double check to make sure they are all there. > > Most of my users use My Documents (folder redirection). However, I > also have some applications that like to have a Drive for their > saving location. They don't save well to a UNC path (folder > redirection). The H:\ is there for that. > > I upgrade my servers every three years. H:\ is what is in the > mandatory profile has listed so as long as I stick with that drive > letter it doesn't matter what server. That is just a backup plan and > it really doesn't matter what the profile says because folder > redirection takes it over anyway if it is working properly. > > I just change my Group Policy and the users home directory path. It is > pretty simple with Windows 2003 though being able to do a multiple > user change. > > Again I have been an admin for 20 years since we did it the old DOS > networking way. I have been 10 years with my current network and > started out with NT 4, then 2000 and now 2003. Sure, and this would explain your desire to stick with the old school tried and true - but just note that it probably isn't *necessary* and even MS doesn't recommend home directories any longer. I started out with Netware & also NT 3.x way back in the day and also find there are things it took me a long time to abandon, but most of them I no longer miss. > > Won't be going Vista anytime soon. Nor I (shudder). > I run it at home but definitely > not MS's best invention for a business network with no backwards > profile compatibility and the fact that much of the profile doesn't > roam (gadgets etc) so it is pretty useless in my network where > profiles are deleted on logoff and if not by script on restart. > > Cheers, > Lara Sounds like you have a setup that works for you. I think most offices will do better to abandon home directories & keep things simple unless there are legacy machines or apps which require it. I really don't have any problems with redirection in any of my networks. > > > > "Lanwench [MVP - Exchange]" wrote: > >> lforbes <lforbes@discussions.microsoft.com> wrote: >>> I do use Folder Redirection. However, it is sometimes not 100% >>> reliable. >> >> Well, I'd be looking into the cause of that & fixing it, then, >> rather than applying bandaids. Perhaps if you post the errors or >> problems you have, someone can help. >>> >> >>> Therefore I prefer to have the H:\ as well as My Documents >>> Redirected. >> >> To the same folder, though, right? >> >>> And for extra backup the personel folder in the users >>> registry points to H:\ just in case redirection decides not to work. >> >> Oy. Sounds like an admin nightmare on your hands - too many places >> to change things if you need to change servers! >> >> Redirection is pretty simple and should be working, period - if it >> isn't, look at why. >>> >>> Plus this way creates the accounts for me and with 2500 users I >>> certainly don't want to do that manually with each permission being >>> specific to each user. >> >> Sure, of course not. That's why you should keep things as simple as >> possible. If you define home directory paths in 2500 accounts, you >> have to change 2500 ADUC items if you want to switch servers around, >> rather than changing one entry in group policy. Note that the >> permissions are not a problem- they're set automatically on the >> users' subfolders if you set the parent folder permissions >> correctly. You can redirect my documents and map a drive letter to >> the same place and *still* not need a home directory path. Home >> directories are pretty archaic and unnecessary now. >> >> >>> >>> Cheers, >>> Lara >>> >>> "Lanwench [MVP - Exchange]" wrote: >>> >>>> lforbes <lforbes@discussions.microsoft.com> wrote: >>>>> "Marc S" wrote: >>>>>> >>>>>> Thanks. >>>>>> The home directory mapping you are referring to, that's for the >>>>>> Active Directory Users and Computers, Profile tab, Home folder, >>>>>> Connect to field...right? >>>>>> >>>>>> Thanks. >>>>> >>>>> Yes, >>>>> >>>>> I share D:\Users as \\MyServer\UsersShare >>>>> >>>>> Inside D:\Users are ALL my usernames eg. user1, user2, etc. >>>>> >>>>> In the properties of each user I set the home drive to map to >>>>> >>>>> H: \\MyServer\UsersShare\%username% >>>>> >>>>> When I click OK it puts the user name of the user in that area and >>>>> it maps to their specific folder (even though it is the upper >>>>> folder that is shared). >>>>> >>>>> Cheers, >>>>> Lara >>>> >>>> Or use folder redirection & you don't need a home directory any >>>> longer :-)
Guest lforbes Posted March 27, 2008 Posted March 27, 2008 Re: Question about mapping a shared folder "Lanwench [MVP - Exchange]" wrote: > lforbes <lforbes@discussions.microsoft.com> wrote: > > If I forget to manually delete the DNS then when the computer adds > > again it works about 90% but the one thing that will fail is the > > Folder Redirection because it relies 100% on DNS. > > Yes, but it requires that the workstation be able to find the *server* - not > vice versa. Oh, I will clarify. When I delete a computer in AD sometimes it doesn't delete the DNS entry. When the computer is re-imaged with the same name it gets a DHCP IP that is always different from the original IP that the previous install had. Therefore there ends up two DNS entries for the SAME computer name but two different IP's. And yes this happened in a brand new installed Windows 2003 domain. (prior to SP1). I would have this happen all the time when AD wouldn't delete the DNS entry. It may have been fixed with SP1 because I haven't noticed it being that bad for awhile. Anyway Group Policy works mostly but the folder redirection would error out in Event Viewer. On another note, it had a problem redirecting the Application Data folder because it had a space in it? It would always error saying it couldn't find "\\server\profiles$\profilename\application" > > Also MS has a flaw in their Group Policy that if you don't have the > > "wait for network before logging in" Group Policy setting enabled > > then it won't load the Group Policy settings, startup scripts etc > > either computer or user at all before the user logs in. > > This is an issue with with XP and perhaps Vista...but this is a default I > enable in all my networks. It should be built in, IMO. Oh, mine too. However, it is not turned on by default and has caused many a tech to become frustrated with why GP wasn't working as it should. MS does seem to forget some important things though like to put on the R2 media that the adprep.exe has to be run off CD2? I had to come to these boards for that one. > > Now I have set the path to automatically add computers to the > > ComputersAll OU instead so that has cut it out. However, I still find > > sometimes with laptops newly joined to the domain sometimes it takes > > a gpupdate /force and a few restarts. > > Are they perhaps using wireless? Yes, maybe that is the issue. The weird thing is they join the domain with no problem and they can login without an issue. The wireless NIC is enabled before the startup sequence. All my laptops work after forcing though. > > My users do not have ownership of their root user folder either. > > No, they don't need it. See http://support.microsoft.com/kb/274443 for the > parent folder permissions. Oh, I know they don't need it. If Active Directory adds the folder itself through folder redirection they get the ownership automatically because they "created" the folder on their first logon. I also don't like to give my users any priviledges including a 'create folder' . On the upper share my users have "Read" - This folder only. Because I create the folders through adding them to the AD home drive then I have ownership of them. > > I > > prefer it that way for security. I have specific groups that also > > have access to users folders. > > You can add them at the parent level.... Ah, yes you can with Windows 2003. However that was not the case with Windows 2000 when you had to do it manually. > Sure, and this would explain your desire to stick with the old school tried > and true - but just note that it probably isn't *necessary* and even MS > doesn't recommend home directories any longer. I started out with Netware & > also NT 3.x way back in the day and also find there are things it took me a > long time to abandon, but most of them I no longer miss. Ah yes but Microsoft also thought that going to DNS meant people would stop using NetBios for logging in and mapping drives. However, thank goodness they didn't because DNS is so cumbersome with all that typing. I am actually not sure why they wouldn't recommend "home directories". Is it the mapping to the home directories they are refering to? My users have home directories on the server \\server\users\theirusername. I use GP to redirect (actually via group but that is another story). I have the mapping in there for the legacy applications and I don't care whether I map via script or AD but AD is easier. > > Sounds like you have a setup that works for you. I think most offices will > do better to abandon home directories & keep things simple unless there are > legacy machines or apps which require it. I really don't have any problems > with redirection in any of my networks. > I am actually not sure why MS wouldn't recommend "home directories". Is it the mapping to the home directories they are refering to? My users, of course, have home directories on the server \\server\users\theirusername. I use GP to redirect (actually via group but that is another story). I have the mapping in there for the legacy applications and I don't care whether I map via script or AD but AD is easier. Oh, and I also prefer having the H: drive there because I am very strict with my Quotas and the users can see how much left of their quotas that they have by looking in My Computer. If the mapped drive was causing issues or inhibited things in any way then of course I would remove it. I prefer GP but if one thing is not going to work Folder Redirection would definitely be that one thing. I have too many users who rely heavily on my network to risk it. Cheers, Lara
Guest Lanwench [MVP - Exchange] Posted March 27, 2008 Posted March 27, 2008 Re: Question about mapping a shared folder lforbes <lforbes@discussions.microsoft.com> wrote: > "Lanwench [MVP - Exchange]" wrote: >> lforbes <lforbes@discussions.microsoft.com> wrote: >>> If I forget to manually delete the DNS then when the computer adds >>> again it works about 90% but the one thing that will fail is the >>> Folder Redirection because it relies 100% on DNS. >> >> Yes, but it requires that the workstation be able to find the >> *server* - not vice versa. > > Oh, I will clarify. When I delete a computer in AD sometimes it > doesn't delete the DNS entry. When the computer is re-imaged with > the same name it gets a DHCP IP that is always different from the > original IP that the previous install had. Therefore there ends up > two DNS entries for the SAME computer name but two different IP's. Sure. > And yes this happened in a brand new installed Windows 2003 domain. > (prior to SP1). I would have this happen all the time when AD > wouldn't delete the DNS entry. It may have been fixed with SP1 > because I haven't noticed it being that bad for awhile. But it doesn't really cause problems (certainly not related to anything we're discussing here) - and you can set up aging/scavenging on the DNS server. > > Anyway Group Policy works mostly but the folder redirection would > error out in Event Viewer. On another note, it had a problem > redirecting the Application Data folder because it had a space in it? > It would always error saying it couldn't find > "\\server\profiles$\profilename\application" Hmmmm. Well, you shouldn't be redirecting to your *profile* share, that's for sure. Keep profiles & data separate. I choose Basic - redirect everyone to the same location Create a folder under the root share .....and for the root share, I use \\server\users$ or whatnot. Permissions on that folder are set up as per the KB article I already mentioned. Each user gets \\server\users$\%username%\My Documents, ...\Application Data, ...\Desktop > >>> Also MS has a flaw in their Group Policy that if you don't have the >>> "wait for network before logging in" Group Policy setting enabled >>> then it won't load the Group Policy settings, startup scripts etc >>> either computer or user at all before the user logs in. >> >> This is an issue with with XP and perhaps Vista...but this is a >> default I enable in all my networks. It should be built in, IMO. > > Oh, mine too. However, it is not turned on by default and has caused > many a tech to become frustrated with why GP wasn't working as it > should. MS does seem to forget some important things though like to > put on the R2 media that the adprep.exe has to be run off CD2? I had > to come to these boards for that one. Yep! > >>> Now I have set the path to automatically add computers to the >>> ComputersAll OU instead so that has cut it out. However, I still >>> find sometimes with laptops newly joined to the domain sometimes it >>> takes a gpupdate /force and a few restarts. >> >> Are they perhaps using wireless? > > Yes, maybe that is the issue. The weird thing is they join the > domain with no problem and they can login without an issue. The > wireless NIC is enabled before the startup sequence. All my laptops > work after forcing though. Yep. I have problems with wireless too. Make sure you use Windows' wireless managment, not third party stuff. > >>> My users do not have ownership of their root user folder either. >> >> No, they don't need it. See http://support.microsoft.com/kb/274443 >> for the parent folder permissions. > > Oh, I know they don't need it. If Active Directory adds the folder > itself through folder redirection they get the ownership > automatically because they "created" the folder on their first logon. Oh - you mean to *their* folder? Why would you care about that, honestly? What does it hurt? > I also don't like to give my users any priviledges including a > 'create folder' . But they'd never be able to make *use* of that. Review the KB article. > On the upper share my users have "Read" - This > folder only. Because I create the folders through adding them to the > AD home drive then I have ownership of them. Why does this matter? > >>> I >>> prefer it that way for security. I have specific groups that also >>> have access to users folders. >> >> You can add them at the parent level.... > > Ah, yes you can with Windows 2003. However that was not the case with > Windows 2000 when you had to do it manually. Are you 100% sure? Even setting the permissions as per the KB article and merely *adding* your custom AD security group? You may be right,but I can't say - haven't tried with W2k for a while. > >> Sure, and this would explain your desire to stick with the old >> school tried and true - but just note that it probably isn't >> *necessary* and even MS doesn't recommend home directories any >> longer. I started out with Netware & also NT 3.x way back in the day >> and also find there are things it took me a long time to abandon, >> but most of them I no longer miss. > > Ah yes but Microsoft also thought that going to DNS meant people > would stop using NetBios for logging in and mapping drives. However, > thank goodness they didn't because DNS is so cumbersome with all that > typing. I leave NetBIOS enabled for browsing because I like it - and I use WINS. But remember, even without NetBIOS you can type in \\servername . And this has nothing to do with mapping drives. > > I am actually not sure why they wouldn't recommend "home > directories". Is it the mapping to the home directories they are > refering to? My users have home directories on the server > \\server\users\theirusername. I use GP to redirect (actually via > group but that is another story). I have the mapping in there for > the legacy applications and I don't care whether I map via script or > AD but AD is easier. I map in the login script as it's easier to set net use h: "\\server\users$\%username%\My Documents" /persistent:no ....in one place, rather than modify a boatload of user properties in ADUC, even if I *can* select them all at once. > >> >> Sounds like you have a setup that works for you. I think most >> offices will do better to abandon home directories & keep things >> simple unless there are legacy machines or apps which require it. I >> really don't have any problems with redirection in any of my >> networks. >> > <dupe paragraph snipped> > > Oh, and I also prefer having the H: drive there because I am very > strict with my Quotas and the users can see how much left of their > quotas that they have by looking in My Computer. OK, so you can map a drive. But back to an earlier comment: if you're using Microsoft's quota implementation, you *have* to have the users set as owners of their data folders & files, don't you? > > If the mapped drive was causing issues or inhibited things in any way > then of course I would remove it. The mapped drive isn't the issue. I use that too. The issue I'm talking about is all the other stuff you've got going :-) > I prefer GP but if one thing is not > going to work Folder Redirection would definitely be that one thing. > I have too many users who rely heavily on my network to risk it. > > Cheers, > Lara
Guest lforbes Posted March 28, 2008 Posted March 28, 2008 Re: Question about mapping a shared folder > But it doesn't really cause problems (certainly not related to anything > we're discussing here) - and you can set up aging/scavenging on the DNS > server. Not it only causes problems if I reuse a computer name that is still in DNS. I don't need the aging though as I reimage right after I delete the computer account. > Hmmmm. Well, you shouldn't be redirecting to your *profile* share, that's > for sure. Keep profiles & data separate. I choose > > Basic - redirect everyone to the same location > Create a folder under the root share > > .....and for the root share, I use \\server\users$ or whatnot. Permissions on > that folder are set up as per the KB article I already mentioned. > > Each user gets \\server\users$\%username%\My Documents, ...\Application > Data, ...\Desktop > > > Ah, but this issue with this is I don't want to include 45MB+ of Application Data in a users quota or give them write access to it. I run the full Adobe Suite, Paint Shop Pro and the full Macromedia Suite so the Application Data gets pretty big if they have write access to the profile. One of the reasons I use mandatory profiles in the first place. I just got a new server with a 300GB SCSI drive and even it is already 1/2 full. It may be because they only have read access that it is giving an error on redirect. > Yep. I have problems with wireless too. Make sure you use Windows' wireless > managment, not third party stuff. Oh, yes of course. It won't logon to the domain reliably with the 3rd party stuff. > Oh - you mean to *their* folder? Why would you care about that, honestly? > What does it hurt? > I prefer them not to have access because the folder is included in their quota then but doesn't show up in quota manager so I can delete it when I delete the user. Leaves me with thousands of quota entries with 3kb used. > > Ah, yes you can with Windows 2003. However that was not the case with > > Windows 2000 when you had to do it manually. > > Are you 100% sure? Even setting the permissions as per the KB article and > merely *adding* your custom AD security group? You may be right,but I can't > say - haven't tried with W2k for a while. Oh yes. I used W2K for years. When we went to Windows 2003 I couldn't figure out how to give users read access to the list of folders (for my Mac Users) without giving them read access of everyone's folder. Then after about 3 months they posted that KB article which explained it. I hadn't played around with the more advanced permissions at that time. > I leave NetBIOS enabled for browsing because I like it - and I use WINS. But > remember, even without NetBIOS you can type in \\servername . And this has > nothing to do with mapping drives. Now from the documentation I read, I thought to map drives with DNS you had to use the \\server.domain.local\Sharename ? I never tried it. I always had WINS and netbios enabled. > I map in the login script as it's easier to set > > net use h: "\\server\users$\%username%\My Documents" /persistent:no > Ah, yes but I have 2500 users that are Not in one user folder. If I did that then I would go bug eyed with the addition and removal (add and remove about 300 per year). I have ABC Users, DEF Users, GHI Users etc. Also I have a few Windows 2000 machines that don't work with the newer Windows 2003 options for folder redirection. Therefore I left everything as I had for Windows 2000 redirecting via group. I also upgraded my Domain from 2000 to 2003. I didn't do a clean install simply because it would have been offline for too long rebuilding. I have since replaced the Windows 2000 servers that were upgraded and am running all newer 2003 servers but the settings I never changed. It works and so I leave it. > ....in one place, rather than modify a boatload of user properties in ADUC, > even if I *can* select them all at once. > > OK, so you can map a drive. But back to an earlier comment: if you're using > Microsoft's quota implementation, you *have* to have the users set as owners > of their data folders & files, don't you? Just need ownership of their files but that happens when the create them. Don't need ownership of their home folder. > > The mapped drive isn't the issue. I use that too. The issue I'm talking > about is all the other stuff you've got going :-) > Cheers, Lara
Guest Lanwench [MVP - Exchange] Posted March 28, 2008 Posted March 28, 2008 Re: Question about mapping a shared folder lforbes <lforbes@discussions.microsoft.com> wrote: >> But it doesn't really cause problems (certainly not related to >> anything we're discussing here) - and you can set up >> aging/scavenging on the DNS server. > > Not it only causes problems if I reuse a computer name that is still > in DNS. I don't need the aging though as I reimage right after I > delete the computer account. > >> Hmmmm. Well, you shouldn't be redirecting to your *profile* share, >> that's for sure. Keep profiles & data separate. I choose >> >> Basic - redirect everyone to the same location >> Create a folder under the root share >> >> .....and for the root share, I use \\server\users$ or whatnot. >> Permissions on that folder are set up as per the KB article I >> already mentioned. >> >> Each user gets \\server\users$\%username%\My Documents, >> ...\Application Data, ...\Desktop >> >>> > > Ah, but this issue with this is I don't want to include 45MB+ of > Application Data in a users quota or give them write access to it. So don't redirect Application Data. > I > run the full Adobe Suite, Paint Shop Pro and the full Macromedia > Suite so the Application Data gets pretty big if they have write > access to the profile. One of the reasons I use mandatory profiles in > the first place. I just got a new server with a 300GB SCSI drive and > even it is already 1/2 full. It may be because they only have read > access that it is giving an error on redirect. Yes. > >> Yep. I have problems with wireless too. Make sure you use Windows' >> wireless managment, not third party stuff. > > Oh, yes of course. It won't logon to the domain reliably with the 3rd > party stuff. > >> Oh - you mean to *their* folder? Why would you care about that, >> honestly? What does it hurt? >> > I prefer them not to have access because the folder is included in > their quota You could redirect it to an entirely different volume. > then but doesn't show up in quota manager so I can delete > it when I delete the user. Leaves me with thousands of quota entries > with 3kb used. I guess this is veering off topic, but I personally hate the native MS quota stuff. I don't want to control my data based on the user who owns the file. If I were to use quota management I'd go with third party kit that can base it on other things, such as the *folder*. > >>> Ah, yes you can with Windows 2003. However that was not the case >>> with Windows 2000 when you had to do it manually. >> >> Are you 100% sure? Even setting the permissions as per the KB >> article and merely *adding* your custom AD security group? You may >> be right,but I can't say - haven't tried with W2k for a while. > > Oh yes. I used W2K for years. When we went to Windows 2003 I couldn't > figure out how to give users read access to the list of folders (for > my Mac Users) without giving them read access of everyone's folder. > Then after about 3 months they posted that KB article which explained > it. I hadn't played around with the more advanced permissions at that > time. They can be a little intimidating, for sure. > >> I leave NetBIOS enabled for browsing because I like it - and I use >> WINS. But remember, even without NetBIOS you can type in >> \\servername . And this has nothing to do with mapping drives. > > Now from the documentation I read, I thought to map drives with DNS > you had to use the \\server.domain.local\Sharename ? Nope. net use \\server\share > I never tried > it. I always had WINS and netbios enabled. Me too, but not for this purpose. Just for ease of browsing. > >> I map in the login script as it's easier to set >> >> net use h: "\\server\users$\%username%\My Documents" /persistent:no >> > Ah, yes but I have 2500 users that are Not in one user folder. OK, so a vbscript or kixtart script and different group policies. >If I > did that then I would go bug eyed with the addition and removal (add > and remove about 300 per year). I have ABC Users, DEF Users, GHI > Users etc. Also I have a few Windows 2000 machines that don't work > with the newer Windows 2003 options for folder redirection. Which ones, just out of curiosity ? > > Therefore I left everything as I had for Windows 2000 redirecting via > group. I also upgraded my Domain from 2000 to 2003. I didn't do a > clean install simply because it would have been offline for too long > rebuilding. Probably wise.... > I have since replaced the Windows 2000 servers that were > upgraded and am running all newer 2003 servers but the settings I > never changed. It works and so I leave it. Sure. I understand. > >> ....in one place, rather than modify a boatload of user properties >> in ADUC, even if I *can* select them all at once. > >> >> OK, so you can map a drive. But back to an earlier comment: if >> you're using Microsoft's quota implementation, you *have* to have >> the users set as owners of their data folders & files, don't you? > > Just need ownership of their files but that happens when the create > them. Don't need ownership of their home folder. >> > >> The mapped drive isn't the issue. I use that too. The issue I'm >> talking about is all the other stuff you've got going :-) Again, I know you have a system that works well for you - just curious as to whether or not you might be able to simplify your life a bit. :-) >> > > Cheers, > Lara
Guest lforbes Posted March 31, 2008 Posted March 31, 2008 Re: Question about mapping a shared folder I did reply a few days ago but somehow it didn't post. Maybe there is a limit to a thread? > I guess this is veering off topic, but I personally hate the native MS quota > stuff. I don't want to control my data based on the user who owns the file. > If I were to use quota management I'd go with third party kit that can base > it on other things, such as the *folder*. Actually I have R2 quotas which does redirect via folder but hate it so I stick with the drives. It works well for me as I do base it on ownership and with servers I can record who is doing what as well. It flags me when users are filling up their directories fast that they may be doing it with apps they aren't allowed. I have R2 blocking most file types but some groups need access to the file types for game development. > >If I > > did that then I would go bug eyed with the addition and removal (add > > and remove about 300 per year). I have ABC Users, DEF Users, GHI > > Users etc. Also I have a few Windows 2000 machines that don't work > > with the newer Windows 2003 options for folder redirection. > > Which ones, just out of curiosity ? > > It was the new Folder Redirection options added with 2003. Redirect to Home Folder and another one. With Windows 2000 clients the only one that works is Redirect via Group (which I use) and redirect all users to one location. > Again, I know you have a system that works well for you - just curious as to > whether or not you might be able to simplify your life a bit. :-) > Thanks. I always am trying to do that. I may test it out for future. I just don't want to create too many Group Policies because the amout of server space they take up. Thanks for the input. I notice you post a lot on these boards so I am sure we will converse again. Cheers, Lara
Guest Lanwench [MVP - Exchange] Posted March 31, 2008 Posted March 31, 2008 Re: Question about mapping a shared folder lforbes <lforbes@discussions.microsoft.com> wrote: > I did reply a few days ago but somehow it didn't post. Maybe there is > a limit to a thread? > >> I guess this is veering off topic, but I personally hate the native >> MS quota stuff. I don't want to control my data based on the user >> who owns the file. If I were to use quota management I'd go with >> third party kit that can base it on other things, such as the >> *folder*. > > Actually I have R2 quotas which does redirect via folder but hate it > so I stick with the drives. It works well for me as I do base it on > ownership and with servers I can record who is doing what as well. It > flags me when users are filling up their directories fast that they > may be doing it with apps they aren't allowed. I have R2 blocking > most file types but some groups need access to the file types for > game development. >>> If I >>> did that then I would go bug eyed with the addition and removal (add >>> and remove about 300 per year). I have ABC Users, DEF Users, GHI >>> Users etc. Also I have a few Windows 2000 machines that don't work >>> with the newer Windows 2003 options for folder redirection. >> >> Which ones, just out of curiosity ? >>> > > It was the new Folder Redirection options added with 2003. Redirect > to Home Folder and another one. With Windows 2000 clients the only > one that works is Redirect via Group (which I use) and redirect all > users to one location. Hmmm - I think you're mistakenon a little of that. I have been using redirection since it came out - and I have several older "legacy" offices on W2k server, set up to redirect to the home directory..... > >> Again, I know you have a system that works well for you - just >> curious as to whether or not you might be able to simplify your life >> a bit. :-) >> > > Thanks. I always am trying to do that. I may test it out for future. > I just don't want to create too many Group Policies because the amout > of server space they take up. > > Thanks for the input. I notice you post a lot on these boards so I am > sure we will converse again. > > Cheers, > Lara Likewise - best o' luck out there!
Recommended Posts