Making home/users directories private

[MeanJim]

Six months ago, we added a Windows2000 Server to a Novell 5.1 network. We got everyone to log into both servers fine, with most applications being on the 2K and the users' home directories and some shared directories on the Novell server.

Yesterday, we had four hard drives fail on the Novell server! It was a mess for a while, (Win98 clients locked up trying to log in) but everyone is up and running on the 2K server again, without their important home and shared directories.

We are moving all these files over to the 2K server rather than bringing the Novell server back into service, at the request of management (it's an old Pentium2 server, the 2K is a newer dual Xeon)

How can we set the permissions so a user can only see his own user folder, like it was on Novell? Is it possible? I can make it so everyone can see everyone's user folder, but only access his own, but that's not what the boss wants. He wants user1 to only see, for example, F:\Shared\User1, rather than seeing F:\Shared\"everyuser".

Any help would be much appreciated. Have a great holiday weekend!

 

[ReddLefty]

Well, I currently have a setup like so, but it requires alot of hands on work.

I setup each user with a hidden share. I have a section for all the users. Example: E:\USERS\JoeSmith

I share JoeSmith with a share called JoeSmith$ (the $ hides it) and leave it with Everyone right. Then I set the NTFS security for Change to the specific user.

Then I set their home folder to \\<server>\JoeSmith$ with the letter H: (for example). Or you can do \\server\%USERNAME%$ if you have alot and do a multiple edit.

The logon on script has a line: NET USE H: /home . If your in an active directory and Windows 2000 Pro and up, I think the home drive automatically maps itself without the help of the script, but to be backward compatible, I added it anyways.




&quot;In space, nobody can hear you click...&quot;

 

[MeanJim]

Thanks for the help. I set up the hidden shares and set permissions for only the user and Administrators. I then mapped the directory as U for user and it seems to work out well.

One question....Where do you set NTFS security to change to specific user?

 

[exklusve]

To save yourself some time,
Try this.
Make a share called 'user'/etc.
Inside that folder create all your folders for each user.
This way you just have one share instead of X number of shares off the server.
Set the permissions on the share to everyone.
and set the NTFS permissions to each user folder to full control for them, and deny access to all other users.

The way you have it now, it looks like anyone can access eachothers folders, they just cant see it. Try to be more security oriented as in, instead of hiding something lock it down. You can hide candy from a baby, but it will find it....if you lock it in a drawer (the candy ) the baby will never get it.
It doesn't matter if everyone can see everyone else's folder, it just matters who can read them.

eXklusve

 

[Demtro]

These are all good ideas but the easiest and most effective way to accomplish this is to create a folder named users or whatever you want. setup the profile tab and the connect button under home directory to the path to the users folder with %username% this will automatically create the folder with there username. you can then go into the folder and remove all permissions with the exception of the user and the administrator. this way only the user and admin have access to the folder. if the folder is still visible to everybody goto the permissions on the users folder and remove the permission list folder contents. This should take care of the problem. let me know if you have any problems.