Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Age old question of home directory setup and permissions? 1

Status
Not open for further replies.
cajuntank

cajuntank

IS-IT--Management
May 20, 2003
947
US
What is the best way to setup home directories for users in a medium/large network. I have done, seen, and read several variations. In the network I have taken over, we have several of those variations ranging from the share being the users directory (\\server\users\jpublic) to the share being the actual user him/herself(\\server\jpublic).

I would like to standardize on something across the board and would like some input/suggestions.

1.What I'm looking for is what permissions to set for the folder and NTFS on the share itself?
2.What is usually done so that users can't see other users folders (I know doing the sharing of the username itself would do this, ie... \\server\jpublic) but is there another way to handle this?
3.Will I have to touch each users profile property tab under ADUC to change this is can it all be done via a login script?

Thanks.
 
Sort by date Sort by votes
We use a single share for all of our home folders and set it so the users have 'change' share permissions this prevents the users from being able to mess with NTFS permissions, if they need to be able to do that then they will need 'full' share permissions. If you have users with different requirements you can group them under different shares or create a second share at the same point.

We then control home folder access using NTFS permissions so they can't open each others folders. You can also use 'access based enumeration' on 2003 SP1 and above servers, this will hide folders that users don't have any permissions to but it can add a small overhead. (We’ve never had any issues with performance)

Be aware that clients before 2000 Pro (read 9x) have trouble accessing home folders through a root share which is probably why you still have some individually shared home folders.
 
Upvote 0 Downvote
Do I just do a google search for access based enumeration? Is this an additional service I load (add/remove programs)?
What's your thoughts on doing hidden shares? I see a lot of people using them as well. I know this does not address from a security standpoint, but more from "smoke and mirrors".
 
Upvote 0 Downvote
Also, one of the reasons I'm hot on this is because all of a sudden some of my sites when the user logs in, they get their folder mapped up a directory level. When we reboot the machine, it might fix it then and there or it might take several reboots. I have seen this addressed a little on other forums and except for a GPO property to enable of (and I'm paraphrasing) make sure network connections are finished before logging in... or something like that.
Again, I'm taking this network over so I'm dicovering all kind of nice things that were done this way and that. Some of my sites don't even have login scripts running at all. It was done as a persistant drive mapping from the desktop itself.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
153
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
794
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
898
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
563
DrB0b
DrB0b
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
185
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top