HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

  • Thread starter Thread starter Al
  • Start date Start date
A

Al

Guest
ok now this seems pretty simple but it doesn't work!!

In ADU&C, I can select an AD user, properties, profile and enter a home
folder.

Z: \\SERVERNAME\HOME$\%USERNAME%

Now on the shared server I created a share directory named HOME, then shared
named home$, in there I created the users home folder.

user boots up his/her XP Pro which is on the domain and can see his/her home
folder but can't freaken create or drop any folders/documents in there.

User gets: access denied, you need proper permissions on the folder. User
has full control on their folder!

Tried everything with permissions and google. Still can't get it to work.
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

You need to configure both share permissions and NTFS permissions.
Share permissions and NTFS permissions are combined so that the least
privilege applies. That is, if you set only share permission to full
control, but leave NTFS permissions as default, your (non administrative)
users will only have read permission.

"Al" <Al @discussions.microsoft.com> wrote in message
news:B1B6FD20-BA16-407C-B5C9-8D8DD6BA9B47@microsoft.com...
> ok now this seems pretty simple but it doesn't work!!
>
> In ADU&C, I can select an AD user, properties, profile and enter a home
> folder.
>
> Z: \\SERVERNAME\HOME$\%USERNAME%
>
> Now on the shared server I created a share directory named HOME, then
> shared
> named home$, in there I created the users home folder.
>
> user boots up his/her XP Pro which is on the domain and can see his/her
> home
> folder but can't freaken create or drop any folders/documents in there.
>
> User gets: access denied, you need proper permissions on the folder. User
> has full control on their folder!
>
> Tried everything with permissions and google. Still can't get it to work.
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

Al <Al @discussions.microsoft.com> wrote:
> ok now this seems pretty simple but it doesn't work!!
>
> In ADU&C, I can select an AD user, properties, profile and enter a
> home folder.
>
> Z: \\SERVERNAME\HOME$\%USERNAME%
>
> Now on the shared server I created a share directory named HOME, then
> shared named home$, in there I created the users home folder.
>
> user boots up his/her XP Pro which is on the domain and can see
> his/her home folder but can't freaken create or drop any
> folders/documents in there.
>
> User gets: access denied, you need proper permissions on the folder.
> User has full control on their folder!
>
> Tried everything with permissions and google. Still can't get it to
> work.

In addition to the other advice (your permissions are clearly wrong
somewhere), I suggest you rethink the existing setup a bit. Rather than
using home directories, just use folder redirection. You can still map a
drive letter i your login script if you like. Here's some good info -

"How to dynamically create security-enhanced redirected folders by using
folder redirection in Windows 2000 and in Windows Server 2003"
http://support.microsoft.com/kb/274443

---
SUMMARY
In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an
administrator, you can customize desktops by using Folder Redirection. You
can redirect the following folders by using Active Directory and Group
Policy:
.. Application Data
.. Desktop
.. My Documents
.. My Documents/My Pictures
.. Start Menu
You can find more information about Folder Redirection by searching Windows
Help for Folder Redirection.

When you redirect folders to a shared location on a network, users need both
read and write access to this location so that the users can read the
contents these folders. However, in some scenarios, you may not want to
grant read access.


= Create security-enhanced redirected folders =

To make sure that only the user and the domain administrators have
permissions to open a particular redirected folder, do the following:

1. Select a central location in your environment where you would like to
store Folder Redirection, and then share this folder. In this example,
FLDREDIR is used.

2. Set Share Permissions for the Everyone group to Full Control.

3. Use the following settings for NTFS Permissions:
. CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
. System - Full Control (Apply onto: This Folder, Subfolders and Files)
. Domain Admins - Full Control (Apply onto: This Folder, Subfolders
and Files)
. Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
. Everyone - List Folder/Read Data (Apply onto: This Folder Only)
. Everyone - Read Attributes (Apply onto: This Folder Only)
. Everyone - Traverse Folder/Execute File (Apply onto: This Folder
Only)

4. Configure Folder Redirection Policy as outlined in Windows Help. Use a
path similar to \\server\FLDREDIR\username to create a folder under the
shared folder, FLDREDIR.

Because the Everyone group has the Create Folder/Append Data right, the
group members have the proper permissions to create the folder; however, the
members are not able to read the data afterwards.

The Username group is the name of the user that was logged on when you
created the folder. Because the folder is a child of the parent folder, it
inherits the permissions that you assigned to FLDREDIR. Also, because the
user is creating the folder, the user gains full control of the folder
because of the Creator Owner Permission setting.


REFERENCES
For additional information, click the article number below to view the
article in the Microsoft Knowledge Base:
232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder Redirection
Feature in Windows
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER



"Lanwench [MVP - Exchange]" wrote:

> Al <Al @discussions.microsoft.com> wrote:
> > ok now this seems pretty simple but it doesn't work!!
> >
> > In ADU&C, I can select an AD user, properties, profile and enter a
> > home folder.
> >
> > Z: \\SERVERNAME\HOME$\%USERNAME%
> >
> > Now on the shared server I created a share directory named HOME, then
> > shared named home$, in there I created the users home folder.
> >
> > user boots up his/her XP Pro which is on the domain and can see
> > his/her home folder but can't freaken create or drop any
> > folders/documents in there.
> >
> > User gets: access denied, you need proper permissions on the folder.
> > User has full control on their folder!
> >
> > Tried everything with permissions and google. Still can't get it to
> > work.
>
> In addition to the other advice (your permissions are clearly wrong
> somewhere), I suggest you rethink the existing setup a bit. Rather than
> using home directories, just use folder redirection. You can still map a
> drive letter i your login script if you like. Here's some good info -
>
> "How to dynamically create security-enhanced redirected folders by using
> folder redirection in Windows 2000 and in Windows Server 2003"
> http://support.microsoft.com/kb/274443
>
> ---
> SUMMARY
> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an
> administrator, you can customize desktops by using Folder Redirection. You
> can redirect the following folders by using Active Directory and Group
> Policy:
> .. Application Data
> .. Desktop
> .. My Documents
> .. My Documents/My Pictures
> .. Start Menu
> You can find more information about Folder Redirection by searching Windows
> Help for Folder Redirection.
>
> When you redirect folders to a shared location on a network, users need both
> read and write access to this location so that the users can read the
> contents these folders. However, in some scenarios, you may not want to
> grant read access.
>
>
> = Create security-enhanced redirected folders =
>
> To make sure that only the user and the domain administrators have
> permissions to open a particular redirected folder, do the following:
>
> 1. Select a central location in your environment where you would like to
> store Folder Redirection, and then share this folder. In this example,
> FLDREDIR is used.
>
> 2. Set Share Permissions for the Everyone group to Full Control.
>
> 3. Use the following settings for NTFS Permissions:
> . CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
> . System - Full Control (Apply onto: This Folder, Subfolders and Files)
> . Domain Admins - Full Control (Apply onto: This Folder, Subfolders
> and Files)
> . Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
> . Everyone - List Folder/Read Data (Apply onto: This Folder Only)
> . Everyone - Read Attributes (Apply onto: This Folder Only)
> . Everyone - Traverse Folder/Execute File (Apply onto: This Folder
> Only)
>
> 4. Configure Folder Redirection Policy as outlined in Windows Help. Use a
> path similar to \\server\FLDREDIR\username to create a folder under the
> shared folder, FLDREDIR.
>
> Because the Everyone group has the Create Folder/Append Data right, the
> group members have the proper permissions to create the folder; however, the
> members are not able to read the data afterwards.
>
> The Username group is the name of the user that was logged on when you
> created the folder. Because the folder is a child of the parent folder, it
> inherits the permissions that you assigned to FLDREDIR. Also, because the
> user is creating the folder, the user gains full control of the folder
> because of the Creator Owner Permission setting.
>
>
> REFERENCES
> For additional information, click the article number below to view the
> article in the Microsoft Knowledge Base:
> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder Redirection
> Feature in Windows
>
>

NTFS permissions? I don't see that option.
>
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER



"Al" wrote:

>
>
> "Lanwench [MVP - Exchange]" wrote:
>
> > Al <Al @discussions.microsoft.com> wrote:
> > > ok now this seems pretty simple but it doesn't work!!
> > >
> > > In ADU&C, I can select an AD user, properties, profile and enter a
> > > home folder.
> > >
> > > Z: \\SERVERNAME\HOME$\%USERNAME%
> > >
> > > Now on the shared server I created a share directory named HOME, then
> > > shared named home$, in there I created the users home folder.
> > >
> > > user boots up his/her XP Pro which is on the domain and can see
> > > his/her home folder but can't freaken create or drop any
> > > folders/documents in there.
> > >
> > > User gets: access denied, you need proper permissions on the folder.
> > > User has full control on their folder!
> > >
> > > Tried everything with permissions and google. Still can't get it to
> > > work.
> >
> > In addition to the other advice (your permissions are clearly wrong
> > somewhere), I suggest you rethink the existing setup a bit. Rather than
> > using home directories, just use folder redirection. You can still map a
> > drive letter i your login script if you like. Here's some good info -
> >
> > "How to dynamically create security-enhanced redirected folders by using
> > folder redirection in Windows 2000 and in Windows Server 2003"
> > http://support.microsoft.com/kb/274443
> >
> > ---
> > SUMMARY
> > In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an
> > administrator, you can customize desktops by using Folder Redirection. You
> > can redirect the following folders by using Active Directory and Group
> > Policy:
> > .. Application Data
> > .. Desktop
> > .. My Documents
> > .. My Documents/My Pictures
> > .. Start Menu
> > You can find more information about Folder Redirection by searching Windows
> > Help for Folder Redirection.
> >
> > When you redirect folders to a shared location on a network, users need both
> > read and write access to this location so that the users can read the
> > contents these folders. However, in some scenarios, you may not want to
> > grant read access.
> >
> >
> > = Create security-enhanced redirected folders =
> >
> > To make sure that only the user and the domain administrators have
> > permissions to open a particular redirected folder, do the following:
> >
> > 1. Select a central location in your environment where you would like to
> > store Folder Redirection, and then share this folder. In this example,
> > FLDREDIR is used.
> >
> > 2. Set Share Permissions for the Everyone group to Full Control.
> >
> > 3. Use the following settings for NTFS Permissions:
> > . CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
> > . System - Full Control (Apply onto: This Folder, Subfolders and Files)
> > . Domain Admins - Full Control (Apply onto: This Folder, Subfolders
> > and Files)
> > . Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
> > . Everyone - List Folder/Read Data (Apply onto: This Folder Only)
> > . Everyone - Read Attributes (Apply onto: This Folder Only)
> > . Everyone - Traverse Folder/Execute File (Apply onto: This Folder
> > Only)
> >
> > 4. Configure Folder Redirection Policy as outlined in Windows Help. Use a
> > path similar to \\server\FLDREDIR\username to create a folder under the
> > shared folder, FLDREDIR.
> >
> > Because the Everyone group has the Create Folder/Append Data right, the
> > group members have the proper permissions to create the folder; however, the
> > members are not able to read the data afterwards.
> >
> > The Username group is the name of the user that was logged on when you
> > created the folder. Because the folder is a child of the parent folder, it
> > inherits the permissions that you assigned to FLDREDIR. Also, because the
> > user is creating the folder, the user gains full control of the folder
> > because of the Creator Owner Permission setting.
> >
> >
> > REFERENCES
> > For additional information, click the article number below to view the
> > article in the Microsoft Knowledge Base:
> > 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder Redirection
> > Feature in Windows
> >
> >
>
> NTFS permissions? I don't see that option.
> >

Ok I created the share directory and the home folder as below:

\\servername\home$\%username%

now I shared the HOME directory and everyone has read rights. I got the
users folder in the case my folder.

I share my folder (username) and then I click on the Security tab add myself
again and select Modify, but I still can't create or save anything in my
folder. I even gave myself Full control. Still same results.
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

Al <Al@discussions.microsoft.com> wrote:
> "Al" wrote:
>
>>
>>
>> "Lanwench [MVP - Exchange]" wrote:
>>
>>> Al <Al @discussions.microsoft.com> wrote:
>>>> ok now this seems pretty simple but it doesn't work!!
>>>>
>>>> In ADU&C, I can select an AD user, properties, profile and enter a
>>>> home folder.
>>>>
>>>> Z: \\SERVERNAME\HOME$\%USERNAME%
>>>>
>>>> Now on the shared server I created a share directory named HOME,
>>>> then shared named home$, in there I created the users home folder.
>>>>
>>>> user boots up his/her XP Pro which is on the domain and can see
>>>> his/her home folder but can't freaken create or drop any
>>>> folders/documents in there.
>>>>
>>>> User gets: access denied, you need proper permissions on the
>>>> folder. User has full control on their folder!
>>>>
>>>> Tried everything with permissions and google. Still can't get it to
>>>> work.
>>>
>>> In addition to the other advice (your permissions are clearly wrong
>>> somewhere), I suggest you rethink the existing setup a bit. Rather
>>> than using home directories, just use folder redirection. You can
>>> still map a drive letter i your login script if you like. Here's
>>> some good info -
>>>
>>> "How to dynamically create security-enhanced redirected folders by
>>> using folder redirection in Windows 2000 and in Windows Server 2003"
>>> http://support.microsoft.com/kb/274443
>>>
>>> ---
>>> SUMMARY
>>> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as
>>> an administrator, you can customize desktops by using Folder
>>> Redirection. You can redirect the following folders by using Active
>>> Directory and Group Policy:
>>> .. Application Data
>>> .. Desktop
>>> .. My Documents
>>> .. My Documents/My Pictures
>>> .. Start Menu
>>> You can find more information about Folder Redirection by searching
>>> Windows Help for Folder Redirection.
>>>
>>> When you redirect folders to a shared location on a network, users
>>> need both read and write access to this location so that the users
>>> can read the contents these folders. However, in some scenarios,
>>> you may not want to grant read access.
>>>
>>>
>>> = Create security-enhanced redirected folders =
>>>
>>> To make sure that only the user and the domain administrators have
>>> permissions to open a particular redirected folder, do the
>>> following:
>>>
>>> 1. Select a central location in your environment where you would
>>> like to store Folder Redirection, and then share this folder. In
>>> this example, FLDREDIR is used.
>>>
>>> 2. Set Share Permissions for the Everyone group to Full Control.
>>>
>>> 3. Use the following settings for NTFS Permissions:
>>> . CREATOR OWNER - Full Control (Apply onto: Subfolders and
>>> Files Only) . System - Full Control (Apply onto: This Folder,
>>> Subfolders and Files) . Domain Admins - Full Control (Apply
>>> onto: This Folder, Subfolders and Files)
>>> . Everyone - Create Folder/Append Data (Apply onto: This
>>> Folder Only) . Everyone - List Folder/Read Data (Apply onto:
>>> This Folder Only) . Everyone - Read Attributes (Apply onto:
>>> This Folder Only) . Everyone - Traverse Folder/Execute File
>>> (Apply onto: This Folder
>>> Only)
>>>
>>> 4. Configure Folder Redirection Policy as outlined in Windows Help.
>>> Use a path similar to \\server\FLDREDIR\username to create a folder
>>> under the shared folder, FLDREDIR.
>>>
>>> Because the Everyone group has the Create Folder/Append Data right,
>>> the group members have the proper permissions to create the folder;
>>> however, the members are not able to read the data afterwards.
>>>
>>> The Username group is the name of the user that was logged on when
>>> you created the folder. Because the folder is a child of the parent
>>> folder, it inherits the permissions that you assigned to FLDREDIR.
>>> Also, because the user is creating the folder, the user gains full
>>> control of the folder because of the Creator Owner Permission
>>> setting.
>>>
>>>
>>> REFERENCES
>>> For additional information, click the article number below to view
>>> the article in the Microsoft Knowledge Base:
>>> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder
>>> Redirection Feature in Windows
>>>
>>>
>>
>> NTFS permissions? I don't see that option.
>>>
>
> Ok I created the share directory and the home folder as below:
>
> \\servername\home$\%username%

You didn't create the %username% folder, did you? Don't do that.
>
> now I shared the HOME directory and everyone has read rights. I got
> the users folder in the case my folder.

You have to share home as home$ and grant everyone Full Control here.
>
> I share my folder (username) and then I click on the Security tab add
> myself again and select Modify, but I still can't create or save
> anything in my folder. I even gave myself Full control. Still same
> results.

The share permissions must not be more restrictive than the NTFS permissions
or you won't get the results you think. ;-)
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER



"Lanwench [MVP - Exchange]" wrote:

> Al <Al@discussions.microsoft.com> wrote:
> > "Al" wrote:
> >
> >>
> >>
> >> "Lanwench [MVP - Exchange]" wrote:
> >>
> >>> Al <Al @discussions.microsoft.com> wrote:
> >>>> ok now this seems pretty simple but it doesn't work!!
> >>>>
> >>>> In ADU&C, I can select an AD user, properties, profile and enter a
> >>>> home folder.
> >>>>
> >>>> Z: \\SERVERNAME\HOME$\%USERNAME%
> >>>>
> >>>> Now on the shared server I created a share directory named HOME,
> >>>> then shared named home$, in there I created the users home folder.
> >>>>
> >>>> user boots up his/her XP Pro which is on the domain and can see
> >>>> his/her home folder but can't freaken create or drop any
> >>>> folders/documents in there.
> >>>>
> >>>> User gets: access denied, you need proper permissions on the
> >>>> folder. User has full control on their folder!
> >>>>
> >>>> Tried everything with permissions and google. Still can't get it to
> >>>> work.
> >>>
> >>> In addition to the other advice (your permissions are clearly wrong
> >>> somewhere), I suggest you rethink the existing setup a bit. Rather
> >>> than using home directories, just use folder redirection. You can
> >>> still map a drive letter i your login script if you like. Here's
> >>> some good info -
> >>>
> >>> "How to dynamically create security-enhanced redirected folders by
> >>> using folder redirection in Windows 2000 and in Windows Server 2003"
> >>> http://support.microsoft.com/kb/274443
> >>>
> >>> ---
> >>> SUMMARY
> >>> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as
> >>> an administrator, you can customize desktops by using Folder
> >>> Redirection. You can redirect the following folders by using Active
> >>> Directory and Group Policy:
> >>> .. Application Data
> >>> .. Desktop
> >>> .. My Documents
> >>> .. My Documents/My Pictures
> >>> .. Start Menu
> >>> You can find more information about Folder Redirection by searching
> >>> Windows Help for Folder Redirection.
> >>>
> >>> When you redirect folders to a shared location on a network, users
> >>> need both read and write access to this location so that the users
> >>> can read the contents these folders. However, in some scenarios,
> >>> you may not want to grant read access.
> >>>
> >>>
> >>> = Create security-enhanced redirected folders =
> >>>
> >>> To make sure that only the user and the domain administrators have
> >>> permissions to open a particular redirected folder, do the
> >>> following:
> >>>
> >>> 1. Select a central location in your environment where you would
> >>> like to store Folder Redirection, and then share this folder. In
> >>> this example, FLDREDIR is used.
> >>>
> >>> 2. Set Share Permissions for the Everyone group to Full Control.
> >>>
> >>> 3. Use the following settings for NTFS Permissions:
> >>> . CREATOR OWNER - Full Control (Apply onto: Subfolders and
> >>> Files Only) . System - Full Control (Apply onto: This Folder,
> >>> Subfolders and Files) . Domain Admins - Full Control (Apply
> >>> onto: This Folder, Subfolders and Files)
> >>> . Everyone - Create Folder/Append Data (Apply onto: This
> >>> Folder Only) . Everyone - List Folder/Read Data (Apply onto:
> >>> This Folder Only) . Everyone - Read Attributes (Apply onto:
> >>> This Folder Only) . Everyone - Traverse Folder/Execute File
> >>> (Apply onto: This Folder
> >>> Only)
> >>>
> >>> 4. Configure Folder Redirection Policy as outlined in Windows Help.
> >>> Use a path similar to \\server\FLDREDIR\username to create a folder
> >>> under the shared folder, FLDREDIR.
> >>>
> >>> Because the Everyone group has the Create Folder/Append Data right,
> >>> the group members have the proper permissions to create the folder;
> >>> however, the members are not able to read the data afterwards.
> >>>
> >>> The Username group is the name of the user that was logged on when
> >>> you created the folder. Because the folder is a child of the parent
> >>> folder, it inherits the permissions that you assigned to FLDREDIR.
> >>> Also, because the user is creating the folder, the user gains full
> >>> control of the folder because of the Creator Owner Permission
> >>> setting.
> >>>
> >>>
> >>> REFERENCES
> >>> For additional information, click the article number below to view
> >>> the article in the Microsoft Knowledge Base:
> >>> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder
> >>> Redirection Feature in Windows
> >>>
> >>>
> >>
> >> NTFS permissions? I don't see that option.
> >>>
> >
> > Ok I created the share directory and the home folder as below:
> >
> > \\servername\home$\%username%
>
> You didn't create the %username% folder, did you? Don't do that.
> >
> > now I shared the HOME directory and everyone has read rights. I got
> > the users folder in the case my folder.
>
> You have to share home as home$ and grant everyone Full Control here.
> >
> > I share my folder (username) and then I click on the Security tab add
> > myself again and select Modify, but I still can't create or save
> > anything in my folder. I even gave myself Full control. Still same
> > results.
>
> The share permissions must not be more restrictive than the NTFS permissions
> or you won't get the results you think. ;-)
>

ok lets see if I follow. No I didn't share %username%

now if I grant everyone full perms on HOME, then I creat subfolders with
their username (which I already have done) wouldn't everyone be able to read
everyone's folder? That would defeat the purpose. I will try it your way and
see.

so again to recap.

home is shared (full permissions)
username folders are created

\\servername\home$\%username%



>
>
>
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER



"Al" wrote:

>
>
> "Lanwench [MVP - Exchange]" wrote:
>
> > Al <Al@discussions.microsoft.com> wrote:
> > > "Al" wrote:
> > >
> > >>
> > >>
> > >> "Lanwench [MVP - Exchange]" wrote:
> > >>
> > >>> Al <Al @discussions.microsoft.com> wrote:
> > >>>> ok now this seems pretty simple but it doesn't work!!
> > >>>>
> > >>>> In ADU&C, I can select an AD user, properties, profile and enter a
> > >>>> home folder.
> > >>>>
> > >>>> Z: \\SERVERNAME\HOME$\%USERNAME%
> > >>>>
> > >>>> Now on the shared server I created a share directory named HOME,
> > >>>> then shared named home$, in there I created the users home folder.
> > >>>>
> > >>>> user boots up his/her XP Pro which is on the domain and can see
> > >>>> his/her home folder but can't freaken create or drop any
> > >>>> folders/documents in there.
> > >>>>
> > >>>> User gets: access denied, you need proper permissions on the
> > >>>> folder. User has full control on their folder!
> > >>>>
> > >>>> Tried everything with permissions and google. Still can't get it to
> > >>>> work.
> > >>>
> > >>> In addition to the other advice (your permissions are clearly wrong
> > >>> somewhere), I suggest you rethink the existing setup a bit. Rather
> > >>> than using home directories, just use folder redirection. You can
> > >>> still map a drive letter i your login script if you like. Here's
> > >>> some good info -
> > >>>
> > >>> "How to dynamically create security-enhanced redirected folders by
> > >>> using folder redirection in Windows 2000 and in Windows Server 2003"
> > >>> http://support.microsoft.com/kb/274443
> > >>>
> > >>> ---
> > >>> SUMMARY
> > >>> In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as
> > >>> an administrator, you can customize desktops by using Folder
> > >>> Redirection. You can redirect the following folders by using Active
> > >>> Directory and Group Policy:
> > >>> .. Application Data
> > >>> .. Desktop
> > >>> .. My Documents
> > >>> .. My Documents/My Pictures
> > >>> .. Start Menu
> > >>> You can find more information about Folder Redirection by searching
> > >>> Windows Help for Folder Redirection.
> > >>>
> > >>> When you redirect folders to a shared location on a network, users
> > >>> need both read and write access to this location so that the users
> > >>> can read the contents these folders. However, in some scenarios,
> > >>> you may not want to grant read access.
> > >>>
> > >>>
> > >>> = Create security-enhanced redirected folders =
> > >>>
> > >>> To make sure that only the user and the domain administrators have
> > >>> permissions to open a particular redirected folder, do the
> > >>> following:
> > >>>
> > >>> 1. Select a central location in your environment where you would
> > >>> like to store Folder Redirection, and then share this folder. In
> > >>> this example, FLDREDIR is used.
> > >>>
> > >>> 2. Set Share Permissions for the Everyone group to Full Control.
> > >>>
> > >>> 3. Use the following settings for NTFS Permissions:
> > >>> . CREATOR OWNER - Full Control (Apply onto: Subfolders and
> > >>> Files Only) . System - Full Control (Apply onto: This Folder,
> > >>> Subfolders and Files) . Domain Admins - Full Control (Apply
> > >>> onto: This Folder, Subfolders and Files)
> > >>> . Everyone - Create Folder/Append Data (Apply onto: This
> > >>> Folder Only) . Everyone - List Folder/Read Data (Apply onto:
> > >>> This Folder Only) . Everyone - Read Attributes (Apply onto:
> > >>> This Folder Only) . Everyone - Traverse Folder/Execute File
> > >>> (Apply onto: This Folder
> > >>> Only)
> > >>>
> > >>> 4. Configure Folder Redirection Policy as outlined in Windows Help.
> > >>> Use a path similar to \\server\FLDREDIR\username to create a folder
> > >>> under the shared folder, FLDREDIR.
> > >>>
> > >>> Because the Everyone group has the Create Folder/Append Data right,
> > >>> the group members have the proper permissions to create the folder;
> > >>> however, the members are not able to read the data afterwards.
> > >>>
> > >>> The Username group is the name of the user that was logged on when
> > >>> you created the folder. Because the folder is a child of the parent
> > >>> folder, it inherits the permissions that you assigned to FLDREDIR.
> > >>> Also, because the user is creating the folder, the user gains full
> > >>> control of the folder because of the Creator Owner Permission
> > >>> setting.
> > >>>
> > >>>
> > >>> REFERENCES
> > >>> For additional information, click the article number below to view
> > >>> the article in the Microsoft Knowledge Base:
> > >>> 232692 (http://support.microsoft.com/kb/232692/EN-US/) Folder
> > >>> Redirection Feature in Windows
> > >>>
> > >>>
> > >>
> > >> NTFS permissions? I don't see that option.
> > >>>
> > >
> > > Ok I created the share directory and the home folder as below:
> > >
> > > \\servername\home$\%username%
> >
> > You didn't create the %username% folder, did you? Don't do that.
> > >
> > > now I shared the HOME directory and everyone has read rights. I got
> > > the users folder in the case my folder.
> >
> > You have to share home as home$ and grant everyone Full Control here.
> > >
> > > I share my folder (username) and then I click on the Security tab add
> > > myself again and select Modify, but I still can't create or save
> > > anything in my folder. I even gave myself Full control. Still same
> > > results.
> >
> > The share permissions must not be more restrictive than the NTFS permissions
> > or you won't get the results you think. ;-)
> >
>
> ok lets see if I follow. No I didn't share %username%
>
> now if I grant everyone full perms on HOME, then I creat subfolders with
> their username (which I already have done) wouldn't everyone be able to read
> everyone's folder? That would defeat the purpose. I will try it your way and
> see.
>
> so again to recap.
>
> home is shared (full permissions)
> username folders are created
>
> \\servername\home$\%username%




I can't do it that way. I can't have users reading each others home
folders.

I have done this in the past so I know it works.

\\server\home\%username%

users can't read/write to another users folder.
>
>
>
> >
> >
> >
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

Al <Al@discussions.microsoft.com> wrote:

<snipped for length>

> ok lets see if I follow. No I didn't share %username%

*No*. I meant, do not *create* the <user> folder. Let it be created
automatically. All you do is create home$ and set the permissions there, in
NTFS and on the share. See the link I posted for the permissions.
>
> now if I grant everyone full perms on HOME, then I creat subfolders
> with their username (which I already have done) '


No, don't do that.

> wouldn't everyone be
> able to read everyone's folder? That would defeat the purpose. I
> will try it your way and see.
>
> so again to recap.
>
> home is shared (full permissions)
> username folders are created
>
> \\servername\home$\%username%

See the link I posted - I suggest you start over.
 
Re: HOME FOLDER ON 2003 ENTERPRISE ED .64 BIT SERVER

Al <Al@discussions.microsoft.com> wrote:
<snip>
> I can't do it that way. I can't have users reading each others home
> folders.
>
Of course not. They won't, if you follow the instructions I sent in that
link.

> I have done this in the past so I know it works.
>
> \\server\home\%username%
>
> users can't read/write to another users folder.

You never create the users folders themselves. They should be created
automatically. See my prior message.
 

Similar threads

K
Windows 10 GPO System/User Profiles Delete user profiles older than a specified number of days on system restart - malfunctioning
Replies
0
Views
199
KJSTech1
K
N
Windows 10 Problem with Windows 10 Pro upgrades to Enterprise in Hybrid Azure AD Environment
Replies
0
Views
178
Nick Baird
N
J
Windows 10 Folder Redirection don't work on Windows 10 (Server2012R2)
Replies
0
Views
112
Jesse__
J
R
Windows 10 Windows Voice Recorder not working other forums on this of no help...Need can't fail way to fix it NO MS ID LOGIN NEEDED!
Replies
0
Views
104
Ralph Malph 2
R
R
Windows 7 cannot access windows shared folder in windows 7 and win 8.1 32 bit clients
Replies
0
Views
184
Royal TMB
R
Back
Top