Question about mapping a shared folder

  • Thread starter Thread starter Marc S
  • Start date Start date
M

Marc S

Guest
When sharing a folder on a Windows 2003 Server, does the location of the
actual folder matter?

For example:
If the folder called "data" is located on Server named DRSERVER on
D:\Disaster Recovery Store\new\Data and has a "shared name" of "Data". So
the actual folder is 3 levels down.

Then would the mapped drive be just \\DRSERVER\Data ?

(1) Does Windows just know to look at a root level to see all "shared
folders"?
(2) No matter where the folder is actually located, the UNC would always be
\\servername\shared folder?

Is there documentation on this anywhere?

Thanks.
 
Re: Question about mapping a shared folder

Marc S <MarcS@discussions.microsoft.com> wrote:
> When sharing a folder on a Windows 2003 Server, does the location of
> the actual folder matter?
>
> For example:
> If the folder called "data" is located on Server named DRSERVER on
> D:\Disaster Recovery Store\new\Data and has a "shared name" of
> "Data". So the actual folder is 3 levels down.
>
> Then would the mapped drive be just \\DRSERVER\Data ?

Yes.
>
> (1) Does Windows just know to look at a root level to see all "shared
> folders"?

I don't really know what you mean - any server (or workstation) knows where
its shares are. You can see them if you look at \\server - or type "net
share" in a command prompt.

> (2) No matter where the folder is actually located, the UNC would
> always be \\servername\shared folder?

Yes.

>
> Is there documentation on this anywhere?

I'm not sure what sort you're looking for - this is a pretty basic thing.
Are you having problems with something in particular?
>
> Thanks.
 
Re: Question about mapping a shared folder



"Lanwench [MVP - Exchange]" wrote:

> Marc S <MarcS@discussions.microsoft.com> wrote:
> > When sharing a folder on a Windows 2003 Server, does the location of
> > the actual folder matter?
> >
> > For example:
> > If the folder called "data" is located on Server named DRSERVER on
> > D:\Disaster Recovery Store\new\Data and has a "shared name" of
> > "Data". So the actual folder is 3 levels down.
> >
> > Then would the mapped drive be just \\DRSERVER\Data ?
>
> Yes.
> >
> > (1) Does Windows just know to look at a root level to see all "shared
> > folders"?
>
> I don't really know what you mean - any server (or workstation) knows where
> its shares are. You can see them if you look at \\server - or type "net
> share" in a command prompt.
>
> > (2) No matter where the folder is actually located, the UNC would
> > always be \\servername\shared folder?
>
> Yes.
>
> >
> > Is there documentation on this anywhere?
>
> I'm not sure what sort you're looking for - this is a pretty basic thing.
> Are you having problems with something in particular?
> >
> > Thanks.

I have no problem. I am just questioning when you make a shared folder and
map a drive with UNC \\servername\shared folder...does it matter where the
shared folder is located? Can the shared folder actually be 2 or 3 levels
down, but this does NOT have to be listed in the UNC. In the UNC, you just
list the shared folder name and windows knows to take the user to that path?
 
Re: Question about mapping a shared folder



"Marc S" wrote:

>
>
> "Lanwench [MVP - Exchange]" wrote:
>
> > Marc S <MarcS@discussions.microsoft.com> wrote:
> > > When sharing a folder on a Windows 2003 Server, does the location of
> > > the actual folder matter?
> > >
> > > For example:
> > > If the folder called "data" is located on Server named DRSERVER on
> > > D:\Disaster Recovery Store\new\Data and has a "shared name" of
> > > "Data". So the actual folder is 3 levels down.
> > >
> > > Then would the mapped drive be just \\DRSERVER\Data ?
> >
> > Yes.
> > >
> > > (1) Does Windows just know to look at a root level to see all "shared
> > > folders"?
> >
> > I don't really know what you mean - any server (or workstation) knows where
> > its shares are. You can see them if you look at \\server - or type "net
> > share" in a command prompt.
> >
> > > (2) No matter where the folder is actually located, the UNC would
> > > always be \\servername\shared folder?
> >
> > Yes.
> >
> > >
> > > Is there documentation on this anywhere?
> >
> > I'm not sure what sort you're looking for - this is a pretty basic thing.
> > Are you having problems with something in particular?
> > >
> > > Thanks.
>
> I have no problem. I am just questioning when you make a shared folder and
> map a drive with UNC \\servername\shared folder...does it matter where the
> shared folder is located? Can the shared folder actually be 2 or 3 levels
> down, but this does NOT have to be listed in the UNC. In the UNC, you just
> list the shared folder name and windows knows to take the user to that path?
>
>
I look at it this way Marc:

All shares on one server (SERVERX) must have unique names.
SERVERX keeps a list of these names, and a path to each share of the form
C:\folder1\foldera\.. - this path can be as deep as you like (probably within
the 255-byte limit).

When a UNC reference \\SERVERX\someshare is made, it can be passed to
SERVERX to set up a channel to the appropriate file object (assuming the
referring task has appropriate permissions to \\SEVERX\someshare, and
appropriate NTFS permissions to the underlying file object).

The MS implementation may be different, but this conceptual model works for
me.
--
Regards,
Newell White
 
Re: Question about mapping a shared folder

The workstation only 'sees' the UNC name. (Or the local driveletter this is
mapped-to) It has no knowledge of where on the server the share is stored.
 
Re: Question about mapping a shared folder

Note that if you have a share DATA
at :
servername : PC
C:\private\DATA\norisk\factor

Then it is possible to map to
\\PC\DATA

You could also map to
\\PC\DATA\norisk\factor
Ending deeper then from where you shared it.
This might be handy if DATA functions like a placeholder folder where not
all rights are givven, for example you not allow people to write or create
folders in data, to keep it organized. The user this way cannt get up to Data
he endsup in \factor

As an admin for yourself
you could always go to
\\PC\C$ > C root



In simple the server just keeps a list of all shared folders.
Which is easy to see go to your computer > manage > shared folders

Oh and it's actualy possible to gove different share names for a certain
folder
C:\personal\data
Might be shared as "Data" but could also as well be shared as "Informatin"

Keep in mind the share permission are a first filter (normaly wide open)
While file folder permisions are the end resulting filter which decides if
you have rights to access something.
 
Re: Question about mapping a shared folder



"TransGalactic_HitchHicker" wrote:

> Note that if you have a share DATA
> at :
> servername : PC
> C:\private\DATA\norisk\factor
>
> Then it is possible to map to
> \\PC\DATA
>
> You could also map to
> \\PC\DATA\norisk\factor
> Ending deeper then from where you shared it.
> This might be handy if DATA functions like a placeholder folder where not
> all rights are givven, for example you not allow people to write or create
> folders in data, to keep it organized. The user this way cannt get up to Data
> he endsup in \factor
>
> As an admin for yourself
> you could always go to
> \\PC\C$ > C root
>
>
>
> In simple the server just keeps a list of all shared folders.
> Which is easy to see go to your computer > manage > shared folders
>
> Oh and it's actualy possible to gove different share names for a certain
> folder
> C:\personal\data
> Might be shared as "Data" but could also as well be shared as "Informatin"
>
> Keep in mind the share permission are a first filter (normaly wide open)
> While file folder permisions are the end resulting filter which decides if
> you have rights to access something.

Got it. You've all answered my question. Thanks.
 
Re: Question about mapping a shared folder

Hi,

For further clarification you can open up Computer Managment and go to the
Shares tab to see all the shares.

Windows NT did not let you map directly to a folder within a share. However,
Windows 2000/2003/2008 lets you do that now.

It is very convenient because I only have one share called Users and then
each user can map their home directory directly by mapping
\\server\Users\username

This way I can keep the number of shares to 1 instead of 2400.

Cheers,
Lara

"Marc S" wrote:

>
>
> "TransGalactic_HitchHicker" wrote:
>
> > Note that if you have a share DATA
> > at :
> > servername : PC
> > C:\private\DATA\norisk\factor
> >
> > Then it is possible to map to
> > \\PC\DATA
> >
> > You could also map to
> > \\PC\DATA\norisk\factor
> > Ending deeper then from where you shared it.
> > This might be handy if DATA functions like a placeholder folder where not
> > all rights are givven, for example you not allow people to write or create
> > folders in data, to keep it organized. The user this way cannt get up to Data
> > he endsup in \factor
> >
> > As an admin for yourself
> > you could always go to
> > \\PC\C$ > C root
> >
> >
> >
> > In simple the server just keeps a list of all shared folders.
> > Which is easy to see go to your computer > manage > shared folders
> >
> > Oh and it's actualy possible to gove different share names for a certain
> > folder
> > C:\personal\data
> > Might be shared as "Data" but could also as well be shared as "Informatin"
> >
> > Keep in mind the share permission are a first filter (normaly wide open)
> > While file folder permisions are the end resulting filter which decides if
> > you have rights to access something.
>
> Got it. You've all answered my question. Thanks.
>
 
Re: Question about mapping a shared folder



"lforbes" wrote:

> Hi,
>
> For further clarification you can open up Computer Managment and go to the
> Shares tab to see all the shares.
>
> Windows NT did not let you map directly to a folder within a share. However,
> Windows 2000/2003/2008 lets you do that now.
>
> It is very convenient because I only have one share called Users and then
> each user can map their home directory directly by mapping
> \\server\Users\username
>
> This way I can keep the number of shares to 1 instead of 2400.
>
> Cheers,
> Lara
>
> "Marc S" wrote:
>
> >
> >
> > "TransGalactic_HitchHicker" wrote:
> >
> > > Note that if you have a share DATA
> > > at :
> > > servername : PC
> > > C:\private\DATA\norisk\factor
> > >
> > > Then it is possible to map to
> > > \\PC\DATA
> > >
> > > You could also map to
> > > \\PC\DATA\norisk\factor
> > > Ending deeper then from where you shared it.
> > > This might be handy if DATA functions like a placeholder folder where not
> > > all rights are givven, for example you not allow people to write or create
> > > folders in data, to keep it organized. The user this way cannt get up to Data
> > > he endsup in \factor
> > >
> > > As an admin for yourself
> > > you could always go to
> > > \\PC\C$ > C root
> > >
> > >
> > >
> > > In simple the server just keeps a list of all shared folders.
> > > Which is easy to see go to your computer > manage > shared folders
> > >
> > > Oh and it's actualy possible to gove different share names for a certain
> > > folder
> > > C:\personal\data
> > > Might be shared as "Data" but could also as well be shared as "Informatin"
> > >
> > > Keep in mind the share permission are a first filter (normaly wide open)
> > > While file folder permisions are the end resulting filter which decides if
> > > you have rights to access something.
> >
> > Got it. You've all answered my question. Thanks.

Laura,

Thanks.
The home directory mapping you are referring to, that's for the Active
Directory Users and Computers, Profile tab, Home folder, Connect to
field...right?

Thanks.
 
Re: Question about mapping a shared folder

"Marc S" wrote:
>
> Thanks.
> The home directory mapping you are referring to, that's for the Active
> Directory Users and Computers, Profile tab, Home folder, Connect to
> field...right?
>
> Thanks.

Yes,

I share D:\Users as \\MyServer\UsersShare

Inside D:\Users are ALL my usernames eg. user1, user2, etc.

In the properties of each user I set the home drive to map to

H: \\MyServer\UsersShare\%username%

When I click OK it puts the user name of the user in that area and it maps
to their specific folder (even though it is the upper folder that is shared).

Cheers,
Lara
 
Re: Question about mapping a shared folder

lforbes <lforbes@discussions.microsoft.com> wrote:
> "Marc S" wrote:
>>
>> Thanks.
>> The home directory mapping you are referring to, that's for the
>> Active Directory Users and Computers, Profile tab, Home folder,
>> Connect to field...right?
>>
>> Thanks.
>
> Yes,
>
> I share D:\Users as \\MyServer\UsersShare
>
> Inside D:\Users are ALL my usernames eg. user1, user2, etc.
>
> In the properties of each user I set the home drive to map to
>
> H: \\MyServer\UsersShare\%username%
>
> When I click OK it puts the user name of the user in that area and it
> maps to their specific folder (even though it is the upper folder
> that is shared).
>
> Cheers,
> Lara

Or use folder redirection & you don't need a home directory any longer :-)
 
Re: Question about mapping a shared folder

I do use Folder Redirection. However, it is sometimes not 100% reliable.
Therefore I prefer to have the H:\ as well as My Documents Redirected. And
for extra backup the personel folder in the users registry points to H:\
just in case redirection decides not to work.

Plus this way creates the accounts for me and with 2500 users I certainly
don't want to do that manually with each permission being specific to each
user.

Cheers,
Lara

"Lanwench [MVP - Exchange]" wrote:

> lforbes <lforbes@discussions.microsoft.com> wrote:
> > "Marc S" wrote:
> >>
> >> Thanks.
> >> The home directory mapping you are referring to, that's for the
> >> Active Directory Users and Computers, Profile tab, Home folder,
> >> Connect to field...right?
> >>
> >> Thanks.
> >
> > Yes,
> >
> > I share D:\Users as \\MyServer\UsersShare
> >
> > Inside D:\Users are ALL my usernames eg. user1, user2, etc.
> >
> > In the properties of each user I set the home drive to map to
> >
> > H: \\MyServer\UsersShare\%username%
> >
> > When I click OK it puts the user name of the user in that area and it
> > maps to their specific folder (even though it is the upper folder
> > that is shared).
> >
> > Cheers,
> > Lara
>
> Or use folder redirection & you don't need a home directory any longer :-)
>
>
>
 
Re: Question about mapping a shared folder

lforbes <lforbes@discussions.microsoft.com> wrote:
> I do use Folder Redirection. However, it is sometimes not 100%
> reliable.

Well, I'd be looking into the cause of that & fixing it, then, rather than
applying bandaids. Perhaps if you post the errors or problems you have,
someone can help.
>

> Therefore I prefer to have the H:\ as well as My Documents
> Redirected.

To the same folder, though, right?

> And for extra backup the personel folder in the users
> registry points to H:\ just in case redirection decides not to work.

Oy. Sounds like an admin nightmare on your hands - too many places to change
things if you need to change servers!

Redirection is pretty simple and should be working, period - if it isn't,
look at why.
>
> Plus this way creates the accounts for me and with 2500 users I
> certainly don't want to do that manually with each permission being
> specific to each user.

Sure, of course not. That's why you should keep things as simple as
possible. If you define home directory paths in 2500 accounts, you have to
change 2500 ADUC items if you want to switch servers around, rather than
changing one entry in group policy. Note that the permissions are not a
problem- they're set automatically on the users' subfolders if you set the
parent folder permissions correctly. You can redirect my documents and map a
drive letter to the same place and *still* not need a home directory path.
Home directories are pretty archaic and unnecessary now.


>
> Cheers,
> Lara
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> lforbes <lforbes@discussions.microsoft.com> wrote:
>>> "Marc S" wrote:
>>>>
>>>> Thanks.
>>>> The home directory mapping you are referring to, that's for the
>>>> Active Directory Users and Computers, Profile tab, Home folder,
>>>> Connect to field...right?
>>>>
>>>> Thanks.
>>>
>>> Yes,
>>>
>>> I share D:\Users as \\MyServer\UsersShare
>>>
>>> Inside D:\Users are ALL my usernames eg. user1, user2, etc.
>>>
>>> In the properties of each user I set the home drive to map to
>>>
>>> H: \\MyServer\UsersShare\%username%
>>>
>>> When I click OK it puts the user name of the user in that area and
>>> it maps to their specific folder (even though it is the upper folder
>>> that is shared).
>>>
>>> Cheers,
>>> Lara
>>
>> Or use folder redirection & you don't need a home directory any
>> longer :-)
 
Re: Question about mapping a shared folder

It isn't a bandaid, just 20 years of MS experience has taught me to have
contingency plans =). I have 500 machines that I reimage every year with the
same name. Sometimes, but not always, when I delete an Active Directory
Computer account it does not delete the DNS entry. If I forget to manually
delete the DNS then when the computer adds again it works about 90% but the
one thing that will fail is the Folder Redirection because it relies 100% on
DNS.

Also MS has a flaw in their Group Policy that if you don't have the "wait
for network before logging in" Group Policy setting enabled then it won't
load the Group Policy settings, startup scripts etc either computer or user
at all before the user logs in. When I had new computers add into the
Computers container the policy would not apply until I moved them. I don't
set that wait for network on the Domain OU for obvious reasons.

Now I have set the path to automatically add computers to the ComputersAll
OU instead so that has cut it out. However, I still find sometimes with
laptops newly joined to the domain sometimes it takes a gpupdate /force and a
few restarts.

My users all have mandatory profiles therefore if there is one time that
their folder isn't redirected then they lose all their files (which delete on
logoff).

My users do not have ownership of their root user folder either. I prefer it
that way for security. I have specific groups that also have access to users
folders. Therefore I don't want active directory folder redirection to "add"
the folders. Also that was a new feature that wasn't entirely 100% reliable
either. I prefer to add them using the Home Drives and then double check to
make sure they are all there.

Most of my users use My Documents (folder redirection). However, I also have
some applications that like to have a Drive for their saving location. They
don't save well to a UNC path (folder redirection). The H:\ is there for
that.

I upgrade my servers every three years. H:\ is what is in the mandatory
profile has listed so as long as I stick with that drive letter it doesn't
matter what server. That is just a backup plan and it really doesn't matter
what the profile says because folder redirection takes it over anyway if it
is working properly.

I just change my Group Policy and the users home directory path. It is
pretty simple with Windows 2003 though being able to do a multiple user
change.

Again I have been an admin for 20 years since we did it the old DOS
networking way. I have been 10 years with my current network and started out
with NT 4, then 2000 and now 2003.

Won't be going Vista anytime soon. I run it at home but definitely not MS's
best invention for a business network with no backwards profile compatibility
and the fact that much of the profile doesn't roam (gadgets etc) so it is
pretty useless in my network where profiles are deleted on logoff and if not
by script on restart.

Cheers,
Lara



"Lanwench [MVP - Exchange]" wrote:

> lforbes <lforbes@discussions.microsoft.com> wrote:
> > I do use Folder Redirection. However, it is sometimes not 100%
> > reliable.
>
> Well, I'd be looking into the cause of that & fixing it, then, rather than
> applying bandaids. Perhaps if you post the errors or problems you have,
> someone can help.
> >
>
> > Therefore I prefer to have the H:\ as well as My Documents
> > Redirected.
>
> To the same folder, though, right?
>
> > And for extra backup the personel folder in the users
> > registry points to H:\ just in case redirection decides not to work.
>
> Oy. Sounds like an admin nightmare on your hands - too many places to change
> things if you need to change servers!
>
> Redirection is pretty simple and should be working, period - if it isn't,
> look at why.
> >
> > Plus this way creates the accounts for me and with 2500 users I
> > certainly don't want to do that manually with each permission being
> > specific to each user.
>
> Sure, of course not. That's why you should keep things as simple as
> possible. If you define home directory paths in 2500 accounts, you have to
> change 2500 ADUC items if you want to switch servers around, rather than
> changing one entry in group policy. Note that the permissions are not a
> problem- they're set automatically on the users' subfolders if you set the
> parent folder permissions correctly. You can redirect my documents and map a
> drive letter to the same place and *still* not need a home directory path.
> Home directories are pretty archaic and unnecessary now.
>
>
> >
> > Cheers,
> > Lara
> >
> > "Lanwench [MVP - Exchange]" wrote:
> >
> >> lforbes <lforbes@discussions.microsoft.com> wrote:
> >>> "Marc S" wrote:
> >>>>
> >>>> Thanks.
> >>>> The home directory mapping you are referring to, that's for the
> >>>> Active Directory Users and Computers, Profile tab, Home folder,
> >>>> Connect to field...right?
> >>>>
> >>>> Thanks.
> >>>
> >>> Yes,
> >>>
> >>> I share D:\Users as \\MyServer\UsersShare
> >>>
> >>> Inside D:\Users are ALL my usernames eg. user1, user2, etc.
> >>>
> >>> In the properties of each user I set the home drive to map to
> >>>
> >>> H: \\MyServer\UsersShare\%username%
> >>>
> >>> When I click OK it puts the user name of the user in that area and
> >>> it maps to their specific folder (even though it is the upper folder
> >>> that is shared).
> >>>
> >>> Cheers,
> >>> Lara
> >>
> >> Or use folder redirection & you don't need a home directory any
> >> longer :-)
>
>
>
>
 
Re: Question about mapping a shared folder

lforbes <lforbes@discussions.microsoft.com> wrote:
> It isn't a bandaid, just 20 years of MS experience has taught me to
> have contingency plans =). I have 500 machines that I reimage every
> year with the same name. Sometimes, but not always, when I delete an
> Active Directory Computer account it does not delete the DNS entry.
> If I forget to manually delete the DNS then when the computer adds
> again it works about 90% but the one thing that will fail is the
> Folder Redirection because it relies 100% on DNS.

Yes, but it requires that the workstation be able to find the *server* - not
vice versa.
>
> Also MS has a flaw in their Group Policy that if you don't have the
> "wait for network before logging in" Group Policy setting enabled
> then it won't load the Group Policy settings, startup scripts etc
> either computer or user at all before the user logs in.

This is an issue with with XP and perhaps Vista...but this is a default I
enable in all my networks. It should be built in, IMO.

> When I had
> new computers add into the Computers container the policy would not
> apply until I moved them. I don't set that wait for network on the
> Domain OU for obvious reasons.

Yep.
>
> Now I have set the path to automatically add computers to the
> ComputersAll OU instead so that has cut it out. However, I still find
> sometimes with laptops newly joined to the domain sometimes it takes
> a gpupdate /force and a few restarts.

Are they perhaps using wireless?
>
> My users all have mandatory profiles therefore if there is one time
> that their folder isn't redirected then they lose all their files
> (which delete on logoff).

Ah. I don't use mandatory profiles.
>
> My users do not have ownership of their root user folder either.

No, they don't need it. See http://support.microsoft.com/kb/274443 for the
parent folder permissions.

> I
> prefer it that way for security. I have specific groups that also
> have access to users folders.

You can add them at the parent level....

> Therefore I don't want active directory
> folder redirection to "add" the folders. Also that was a new feature
> that wasn't entirely 100% reliable either. I prefer to add them using
> the Home Drives and then double check to make sure they are all there.
>
> Most of my users use My Documents (folder redirection). However, I
> also have some applications that like to have a Drive for their
> saving location. They don't save well to a UNC path (folder
> redirection). The H:\ is there for that.
>
> I upgrade my servers every three years. H:\ is what is in the
> mandatory profile has listed so as long as I stick with that drive
> letter it doesn't matter what server. That is just a backup plan and
> it really doesn't matter what the profile says because folder
> redirection takes it over anyway if it is working properly.
>
> I just change my Group Policy and the users home directory path. It is
> pretty simple with Windows 2003 though being able to do a multiple
> user change.
>
> Again I have been an admin for 20 years since we did it the old DOS
> networking way. I have been 10 years with my current network and
> started out with NT 4, then 2000 and now 2003.

Sure, and this would explain your desire to stick with the old school tried
and true - but just note that it probably isn't *necessary* and even MS
doesn't recommend home directories any longer. I started out with Netware &
also NT 3.x way back in the day and also find there are things it took me a
long time to abandon, but most of them I no longer miss.
>
> Won't be going Vista anytime soon.

Nor I (shudder).

> I run it at home but definitely
> not MS's best invention for a business network with no backwards
> profile compatibility and the fact that much of the profile doesn't
> roam (gadgets etc) so it is pretty useless in my network where
> profiles are deleted on logoff and if not by script on restart.
>
> Cheers,
> Lara

Sounds like you have a setup that works for you. I think most offices will
do better to abandon home directories & keep things simple unless there are
legacy machines or apps which require it. I really don't have any problems
with redirection in any of my networks.

>
>
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> lforbes <lforbes@discussions.microsoft.com> wrote:
>>> I do use Folder Redirection. However, it is sometimes not 100%
>>> reliable.
>>
>> Well, I'd be looking into the cause of that & fixing it, then,
>> rather than applying bandaids. Perhaps if you post the errors or
>> problems you have, someone can help.
>>>
>>
>>> Therefore I prefer to have the H:\ as well as My Documents
>>> Redirected.
>>
>> To the same folder, though, right?
>>
>>> And for extra backup the personel folder in the users
>>> registry points to H:\ just in case redirection decides not to work.
>>
>> Oy. Sounds like an admin nightmare on your hands - too many places
>> to change things if you need to change servers!
>>
>> Redirection is pretty simple and should be working, period - if it
>> isn't, look at why.
>>>
>>> Plus this way creates the accounts for me and with 2500 users I
>>> certainly don't want to do that manually with each permission being
>>> specific to each user.
>>
>> Sure, of course not. That's why you should keep things as simple as
>> possible. If you define home directory paths in 2500 accounts, you
>> have to change 2500 ADUC items if you want to switch servers around,
>> rather than changing one entry in group policy. Note that the
>> permissions are not a problem- they're set automatically on the
>> users' subfolders if you set the parent folder permissions
>> correctly. You can redirect my documents and map a drive letter to
>> the same place and *still* not need a home directory path. Home
>> directories are pretty archaic and unnecessary now.
>>
>>
>>>
>>> Cheers,
>>> Lara
>>>
>>> "Lanwench [MVP - Exchange]" wrote:
>>>
>>>> lforbes <lforbes@discussions.microsoft.com> wrote:
>>>>> "Marc S" wrote:
>>>>>>
>>>>>> Thanks.
>>>>>> The home directory mapping you are referring to, that's for the
>>>>>> Active Directory Users and Computers, Profile tab, Home folder,
>>>>>> Connect to field...right?
>>>>>>
>>>>>> Thanks.
>>>>>
>>>>> Yes,
>>>>>
>>>>> I share D:\Users as \\MyServer\UsersShare
>>>>>
>>>>> Inside D:\Users are ALL my usernames eg. user1, user2, etc.
>>>>>
>>>>> In the properties of each user I set the home drive to map to
>>>>>
>>>>> H: \\MyServer\UsersShare\%username%
>>>>>
>>>>> When I click OK it puts the user name of the user in that area and
>>>>> it maps to their specific folder (even though it is the upper
>>>>> folder that is shared).
>>>>>
>>>>> Cheers,
>>>>> Lara
>>>>
>>>> Or use folder redirection & you don't need a home directory any
>>>> longer :-)
 
Re: Question about mapping a shared folder

"Lanwench [MVP - Exchange]" wrote:
> lforbes <lforbes@discussions.microsoft.com> wrote:
> > If I forget to manually delete the DNS then when the computer adds
> > again it works about 90% but the one thing that will fail is the
> > Folder Redirection because it relies 100% on DNS.
>
> Yes, but it requires that the workstation be able to find the *server* - not
> vice versa.

Oh, I will clarify. When I delete a computer in AD sometimes it doesn't
delete the DNS entry. When the computer is re-imaged with the same name it
gets a DHCP IP that is always different from the original IP that the
previous install had. Therefore there ends up two DNS entries for the SAME
computer name but two different IP's. And yes this happened in a brand new
installed Windows 2003 domain. (prior to SP1). I would have this happen all
the time when AD wouldn't delete the DNS entry. It may have been fixed with
SP1 because I haven't noticed it being that bad for awhile.

Anyway Group Policy works mostly but the folder redirection would error out
in Event Viewer. On another note, it had a problem redirecting the
Application Data folder because it had a space in it? It would always error
saying it couldn't find "\\server\profiles$\profilename\application"

> > Also MS has a flaw in their Group Policy that if you don't have the
> > "wait for network before logging in" Group Policy setting enabled
> > then it won't load the Group Policy settings, startup scripts etc
> > either computer or user at all before the user logs in.
>
> This is an issue with with XP and perhaps Vista...but this is a default I
> enable in all my networks. It should be built in, IMO.

Oh, mine too. However, it is not turned on by default and has caused many a
tech to become frustrated with why GP wasn't working as it should. MS does
seem to forget some important things though like to put on the R2 media that
the adprep.exe has to be run off CD2? I had to come to these boards for that
one.

> > Now I have set the path to automatically add computers to the
> > ComputersAll OU instead so that has cut it out. However, I still find
> > sometimes with laptops newly joined to the domain sometimes it takes
> > a gpupdate /force and a few restarts.
>
> Are they perhaps using wireless?

Yes, maybe that is the issue. The weird thing is they join the domain with
no problem and they can login without an issue. The wireless NIC is enabled
before the startup sequence. All my laptops work after forcing though.

> > My users do not have ownership of their root user folder either.
>
> No, they don't need it. See http://support.microsoft.com/kb/274443 for the
> parent folder permissions.

Oh, I know they don't need it. If Active Directory adds the folder itself
through folder redirection they get the ownership automatically because they
"created" the folder on their first logon. I also don't like to give my users
any priviledges including a 'create folder' . On the upper share my users
have "Read" - This folder only. Because I create the folders through adding
them to the AD home drive then I have ownership of them.

> > I
> > prefer it that way for security. I have specific groups that also
> > have access to users folders.
>
> You can add them at the parent level....

Ah, yes you can with Windows 2003. However that was not the case with
Windows 2000 when you had to do it manually.

> Sure, and this would explain your desire to stick with the old school tried
> and true - but just note that it probably isn't *necessary* and even MS
> doesn't recommend home directories any longer. I started out with Netware &
> also NT 3.x way back in the day and also find there are things it took me a
> long time to abandon, but most of them I no longer miss.

Ah yes but Microsoft also thought that going to DNS meant people would stop
using NetBios for logging in and mapping drives. However, thank goodness they
didn't because DNS is so cumbersome with all that typing.

I am actually not sure why they wouldn't recommend "home directories". Is it
the mapping to the home directories they are refering to? My users have home
directories on the server \\server\users\theirusername. I use GP to redirect
(actually via group but that is another story). I have the mapping in there
for the legacy applications and I don't care whether I map via script or AD
but AD is easier.

>
> Sounds like you have a setup that works for you. I think most offices will
> do better to abandon home directories & keep things simple unless there are
> legacy machines or apps which require it. I really don't have any problems
> with redirection in any of my networks.
>

I am actually not sure why MS wouldn't recommend "home directories". Is it
the mapping to the home directories they are refering to? My users, of
course, have home directories on the server \\server\users\theirusername. I
use GP to redirect (actually via group but that is another story). I have
the mapping in there for the legacy applications and I don't care whether I
map via script or AD but AD is easier.

Oh, and I also prefer having the H: drive there because I am very strict
with my Quotas and the users can see how much left of their quotas that they
have by looking in My Computer.

If the mapped drive was causing issues or inhibited things in any way then
of course I would remove it. I prefer GP but if one thing is not going to
work Folder Redirection would definitely be that one thing. I have too many
users who rely heavily on my network to risk it.

Cheers,
Lara
 
Re: Question about mapping a shared folder

lforbes <lforbes@discussions.microsoft.com> wrote:
> "Lanwench [MVP - Exchange]" wrote:
>> lforbes <lforbes@discussions.microsoft.com> wrote:
>>> If I forget to manually delete the DNS then when the computer adds
>>> again it works about 90% but the one thing that will fail is the
>>> Folder Redirection because it relies 100% on DNS.
>>
>> Yes, but it requires that the workstation be able to find the
>> *server* - not vice versa.
>
> Oh, I will clarify. When I delete a computer in AD sometimes it
> doesn't delete the DNS entry. When the computer is re-imaged with
> the same name it gets a DHCP IP that is always different from the
> original IP that the previous install had. Therefore there ends up
> two DNS entries for the SAME computer name but two different IP's.

Sure.

> And yes this happened in a brand new installed Windows 2003 domain.
> (prior to SP1). I would have this happen all the time when AD
> wouldn't delete the DNS entry. It may have been fixed with SP1
> because I haven't noticed it being that bad for awhile.

But it doesn't really cause problems (certainly not related to anything
we're discussing here) - and you can set up aging/scavenging on the DNS
server.
>
> Anyway Group Policy works mostly but the folder redirection would
> error out in Event Viewer. On another note, it had a problem
> redirecting the Application Data folder because it had a space in it?
> It would always error saying it couldn't find
> "\\server\profiles$\profilename\application"

Hmmmm. Well, you shouldn't be redirecting to your *profile* share, that's
for sure. Keep profiles & data separate. I choose

Basic - redirect everyone to the same location
Create a folder under the root share

.....and for the root share, I use \\server\users$ or whatnot. Permissions on
that folder are set up as per the KB article I already mentioned.

Each user gets \\server\users$\%username%\My Documents, ...\Application
Data, ...\Desktop

>
>>> Also MS has a flaw in their Group Policy that if you don't have the
>>> "wait for network before logging in" Group Policy setting enabled
>>> then it won't load the Group Policy settings, startup scripts etc
>>> either computer or user at all before the user logs in.
>>
>> This is an issue with with XP and perhaps Vista...but this is a
>> default I enable in all my networks. It should be built in, IMO.
>
> Oh, mine too. However, it is not turned on by default and has caused
> many a tech to become frustrated with why GP wasn't working as it
> should. MS does seem to forget some important things though like to
> put on the R2 media that the adprep.exe has to be run off CD2? I had
> to come to these boards for that one.

Yep!

>
>>> Now I have set the path to automatically add computers to the
>>> ComputersAll OU instead so that has cut it out. However, I still
>>> find sometimes with laptops newly joined to the domain sometimes it
>>> takes a gpupdate /force and a few restarts.
>>
>> Are they perhaps using wireless?
>
> Yes, maybe that is the issue. The weird thing is they join the
> domain with no problem and they can login without an issue. The
> wireless NIC is enabled before the startup sequence. All my laptops
> work after forcing though.

Yep. I have problems with wireless too. Make sure you use Windows' wireless
managment, not third party stuff.
>
>>> My users do not have ownership of their root user folder either.
>>
>> No, they don't need it. See http://support.microsoft.com/kb/274443
>> for the parent folder permissions.
>
> Oh, I know they don't need it. If Active Directory adds the folder
> itself through folder redirection they get the ownership
> automatically because they "created" the folder on their first logon.

Oh - you mean to *their* folder? Why would you care about that, honestly?
What does it hurt?


> I also don't like to give my users any priviledges including a
> 'create folder' .

But they'd never be able to make *use* of that. Review the KB article.

> On the upper share my users have "Read" - This
> folder only. Because I create the folders through adding them to the
> AD home drive then I have ownership of them.

Why does this matter?
>
>>> I
>>> prefer it that way for security. I have specific groups that also
>>> have access to users folders.
>>
>> You can add them at the parent level....
>
> Ah, yes you can with Windows 2003. However that was not the case with
> Windows 2000 when you had to do it manually.

Are you 100% sure? Even setting the permissions as per the KB article and
merely *adding* your custom AD security group? You may be right,but I can't
say - haven't tried with W2k for a while.
>
>> Sure, and this would explain your desire to stick with the old
>> school tried and true - but just note that it probably isn't
>> *necessary* and even MS doesn't recommend home directories any
>> longer. I started out with Netware & also NT 3.x way back in the day
>> and also find there are things it took me a long time to abandon,
>> but most of them I no longer miss.
>
> Ah yes but Microsoft also thought that going to DNS meant people
> would stop using NetBios for logging in and mapping drives. However,
> thank goodness they didn't because DNS is so cumbersome with all that
> typing.

I leave NetBIOS enabled for browsing because I like it - and I use WINS. But
remember, even without NetBIOS you can type in \\servername . And this has
nothing to do with mapping drives.
>
> I am actually not sure why they wouldn't recommend "home
> directories". Is it the mapping to the home directories they are
> refering to? My users have home directories on the server
> \\server\users\theirusername. I use GP to redirect (actually via
> group but that is another story). I have the mapping in there for
> the legacy applications and I don't care whether I map via script or
> AD but AD is easier.

I map in the login script as it's easier to set

net use h: "\\server\users$\%username%\My Documents" /persistent:no

....in one place, rather than modify a boatload of user properties in ADUC,
even if I *can* select them all at once.

>
>>
>> Sounds like you have a setup that works for you. I think most
>> offices will do better to abandon home directories & keep things
>> simple unless there are legacy machines or apps which require it. I
>> really don't have any problems with redirection in any of my
>> networks.
>>
>
<dupe paragraph snipped>
>
> Oh, and I also prefer having the H: drive there because I am very
> strict with my Quotas and the users can see how much left of their
> quotas that they have by looking in My Computer.

OK, so you can map a drive. But back to an earlier comment: if you're using
Microsoft's quota implementation, you *have* to have the users set as owners
of their data folders & files, don't you?

>
> If the mapped drive was causing issues or inhibited things in any way
> then of course I would remove it.

The mapped drive isn't the issue. I use that too. The issue I'm talking
about is all the other stuff you've got going :-)


> I prefer GP but if one thing is not
> going to work Folder Redirection would definitely be that one thing.
> I have too many users who rely heavily on my network to risk it.
>
> Cheers,
> Lara
 
Re: Question about mapping a shared folder

> But it doesn't really cause problems (certainly not related to anything
> we're discussing here) - and you can set up aging/scavenging on the DNS
> server.

Not it only causes problems if I reuse a computer name that is still in DNS.
I don't need the aging though as I reimage right after I delete the computer
account.

> Hmmmm. Well, you shouldn't be redirecting to your *profile* share, that's
> for sure. Keep profiles & data separate. I choose
>
> Basic - redirect everyone to the same location
> Create a folder under the root share
>
> .....and for the root share, I use \\server\users$ or whatnot. Permissions on
> that folder are set up as per the KB article I already mentioned.
>
> Each user gets \\server\users$\%username%\My Documents, ...\Application
> Data, ...\Desktop
>
> >

Ah, but this issue with this is I don't want to include 45MB+ of Application
Data in a users quota or give them write access to it. I run the full Adobe
Suite, Paint Shop Pro and the full Macromedia Suite so the Application Data
gets pretty big if they have write access to the profile. One of the reasons
I use mandatory profiles in the first place. I just got a new server with a
300GB SCSI drive and even it is already 1/2 full. It may be because they
only have read access that it is giving an error on redirect.

> Yep. I have problems with wireless too. Make sure you use Windows' wireless
> managment, not third party stuff.

Oh, yes of course. It won't logon to the domain reliably with the 3rd party
stuff.

> Oh - you mean to *their* folder? Why would you care about that, honestly?
> What does it hurt?
>
I prefer them not to have access because the folder is included in their
quota then but doesn't show up in quota manager so I can delete it when I
delete the user. Leaves me with thousands of quota entries with 3kb used.

> > Ah, yes you can with Windows 2003. However that was not the case with
> > Windows 2000 when you had to do it manually.
>
> Are you 100% sure? Even setting the permissions as per the KB article and
> merely *adding* your custom AD security group? You may be right,but I can't
> say - haven't tried with W2k for a while.

Oh yes. I used W2K for years. When we went to Windows 2003 I couldn't figure
out how to give users read access to the list of folders (for my Mac Users)
without giving them read access of everyone's folder. Then after about 3
months they posted that KB article which explained it. I hadn't played around
with the more advanced permissions at that time.

> I leave NetBIOS enabled for browsing because I like it - and I use WINS. But
> remember, even without NetBIOS you can type in \\servername . And this has
> nothing to do with mapping drives.

Now from the documentation I read, I thought to map drives with DNS you had
to use the \\server.domain.local\Sharename ? I never tried it. I always had
WINS and netbios enabled.

> I map in the login script as it's easier to set
>
> net use h: "\\server\users$\%username%\My Documents" /persistent:no
>
Ah, yes but I have 2500 users that are Not in one user folder. If I did that
then I would go bug eyed with the addition and removal (add and remove about
300 per year). I have ABC Users, DEF Users, GHI Users etc. Also I have a few
Windows 2000 machines that don't work with the newer Windows 2003 options for
folder redirection.

Therefore I left everything as I had for Windows 2000 redirecting via group.
I also upgraded my Domain from 2000 to 2003. I didn't do a clean install
simply because it would have been offline for too long rebuilding. I have
since replaced the Windows 2000 servers that were upgraded and am running all
newer 2003 servers but the settings I never changed. It works and so I leave
it.

> ....in one place, rather than modify a boatload of user properties in ADUC,
> even if I *can* select them all at once.

>
> OK, so you can map a drive. But back to an earlier comment: if you're using
> Microsoft's quota implementation, you *have* to have the users set as owners
> of their data folders & files, don't you?

Just need ownership of their files but that happens when the create them.
Don't need ownership of their home folder.
>

> The mapped drive isn't the issue. I use that too. The issue I'm talking
> about is all the other stuff you've got going :-)
>

Cheers,
Lara
 
Re: Question about mapping a shared folder

lforbes <lforbes@discussions.microsoft.com> wrote:
>> But it doesn't really cause problems (certainly not related to
>> anything we're discussing here) - and you can set up
>> aging/scavenging on the DNS server.
>
> Not it only causes problems if I reuse a computer name that is still
> in DNS. I don't need the aging though as I reimage right after I
> delete the computer account.
>
>> Hmmmm. Well, you shouldn't be redirecting to your *profile* share,
>> that's for sure. Keep profiles & data separate. I choose
>>
>> Basic - redirect everyone to the same location
>> Create a folder under the root share
>>
>> .....and for the root share, I use \\server\users$ or whatnot.
>> Permissions on that folder are set up as per the KB article I
>> already mentioned.
>>
>> Each user gets \\server\users$\%username%\My Documents,
>> ...\Application Data, ...\Desktop
>>
>>>
>
> Ah, but this issue with this is I don't want to include 45MB+ of
> Application Data in a users quota or give them write access to it.

So don't redirect Application Data.

> I
> run the full Adobe Suite, Paint Shop Pro and the full Macromedia
> Suite so the Application Data gets pretty big if they have write
> access to the profile. One of the reasons I use mandatory profiles in
> the first place. I just got a new server with a 300GB SCSI drive and
> even it is already 1/2 full. It may be because they only have read
> access that it is giving an error on redirect.

Yes.
>
>> Yep. I have problems with wireless too. Make sure you use Windows'
>> wireless managment, not third party stuff.
>
> Oh, yes of course. It won't logon to the domain reliably with the 3rd
> party stuff.
>
>> Oh - you mean to *their* folder? Why would you care about that,
>> honestly? What does it hurt?
>>
> I prefer them not to have access because the folder is included in
> their quota

You could redirect it to an entirely different volume.

> then but doesn't show up in quota manager so I can delete
> it when I delete the user. Leaves me with thousands of quota entries
> with 3kb used.

I guess this is veering off topic, but I personally hate the native MS quota
stuff. I don't want to control my data based on the user who owns the file.
If I were to use quota management I'd go with third party kit that can base
it on other things, such as the *folder*.
>
>>> Ah, yes you can with Windows 2003. However that was not the case
>>> with Windows 2000 when you had to do it manually.
>>
>> Are you 100% sure? Even setting the permissions as per the KB
>> article and merely *adding* your custom AD security group? You may
>> be right,but I can't say - haven't tried with W2k for a while.
>
> Oh yes. I used W2K for years. When we went to Windows 2003 I couldn't
> figure out how to give users read access to the list of folders (for
> my Mac Users) without giving them read access of everyone's folder.
> Then after about 3 months they posted that KB article which explained
> it. I hadn't played around with the more advanced permissions at that
> time.

They can be a little intimidating, for sure.
>
>> I leave NetBIOS enabled for browsing because I like it - and I use
>> WINS. But remember, even without NetBIOS you can type in
>> \\servername . And this has nothing to do with mapping drives.
>
> Now from the documentation I read, I thought to map drives with DNS
> you had to use the \\server.domain.local\Sharename ?

Nope.

net use \\server\share


> I never tried
> it. I always had WINS and netbios enabled.

Me too, but not for this purpose. Just for ease of browsing.
>
>> I map in the login script as it's easier to set
>>
>> net use h: "\\server\users$\%username%\My Documents" /persistent:no
>>
> Ah, yes but I have 2500 users that are Not in one user folder.

OK, so a vbscript or kixtart script and different group policies.

>If I
> did that then I would go bug eyed with the addition and removal (add
> and remove about 300 per year). I have ABC Users, DEF Users, GHI
> Users etc. Also I have a few Windows 2000 machines that don't work
> with the newer Windows 2003 options for folder redirection.

Which ones, just out of curiosity ?
>
> Therefore I left everything as I had for Windows 2000 redirecting via
> group. I also upgraded my Domain from 2000 to 2003. I didn't do a
> clean install simply because it would have been offline for too long
> rebuilding.

Probably wise....

> I have since replaced the Windows 2000 servers that were
> upgraded and am running all newer 2003 servers but the settings I
> never changed. It works and so I leave it.

Sure. I understand.
>
>> ....in one place, rather than modify a boatload of user properties
>> in ADUC, even if I *can* select them all at once.
>
>>
>> OK, so you can map a drive. But back to an earlier comment: if
>> you're using Microsoft's quota implementation, you *have* to have
>> the users set as owners of their data folders & files, don't you?
>
> Just need ownership of their files but that happens when the create
> them. Don't need ownership of their home folder.
>>
>
>> The mapped drive isn't the issue. I use that too. The issue I'm
>> talking about is all the other stuff you've got going :-)

Again, I know you have a system that works well for you - just curious as to
whether or not you might be able to simplify your life a bit. :-)

>>
>
> Cheers,
> Lara
 
Re: Question about mapping a shared folder

I did reply a few days ago but somehow it didn't post. Maybe there is a limit
to a thread?

> I guess this is veering off topic, but I personally hate the native MS quota
> stuff. I don't want to control my data based on the user who owns the file.
> If I were to use quota management I'd go with third party kit that can base
> it on other things, such as the *folder*.

Actually I have R2 quotas which does redirect via folder but hate it so I
stick with the drives. It works well for me as I do base it on ownership and
with servers I can record who is doing what as well. It flags me when users
are filling up their directories fast that they may be doing it with apps
they aren't allowed. I have R2 blocking most file types but some groups need
access to the file types for game development.
> >If I
> > did that then I would go bug eyed with the addition and removal (add
> > and remove about 300 per year). I have ABC Users, DEF Users, GHI
> > Users etc. Also I have a few Windows 2000 machines that don't work
> > with the newer Windows 2003 options for folder redirection.
>
> Which ones, just out of curiosity ?
> >

It was the new Folder Redirection options added with 2003. Redirect to Home
Folder and another one. With Windows 2000 clients the only one that works is
Redirect via Group (which I use) and redirect all users to one location.

> Again, I know you have a system that works well for you - just curious as to
> whether or not you might be able to simplify your life a bit. :-)
>

Thanks. I always am trying to do that. I may test it out for future. I just
don't want to create too many Group Policies because the amout of server
space they take up.

Thanks for the input. I notice you post a lot on these boards so I am sure
we will converse again.

Cheers,
Lara
 

Similar threads

A
WAS service unable to start with the error 'the data is invalid'
Replies
0
Views
259
ashfana
A
A
IIS Admin Service unable to start - How and Why it can happen?
Replies
0
Views
248
ashfana
A
S
Hi, I need help with a very stubborn virus who keeps reappearing no matter what I try.
Replies
0
Views
152
Straciuc Vlad
S
B
What does it mean "put nuspec file into your output folder with the correct format" ?
Replies
0
Views
126
Bhadurudeen
B
N
Windows 10 Created a folder now I can't delete it?
Replies
0
Views
206
NormAtHome
N
Back
Top