CisloIT said:
I would use Powershell. But I never learned Powershell, I will learn it when i further my education.
With the information you provided, we are limited in understanding your needs. That said, I saw nothing in your original post or follow-up posts that requires any scripting in a Windows 2012 domain environment. On your file server, create a folder for users' "personal" or home drives (e.g. D:\Home). Share this folder and give the group
Everyone Full Control share permissions. I recommend setting the folder's NTFS permissions as follows:
Domain Admins (this folder, subfolders and files): Full Control
Domain Users (this folder only): Traverse folder / execute file, List folder / read data
On the domain controller or a domain-joined workstation with RSAT (remote server administration tools):
- Open the Active Directory Users and Computers (dsa.msc) Microsoft Management Console snap-in (you need to run it as a domain administrator).
- Locate and select the users that will have a mapped home/"personal" folder/drive.
- Press ALT+Enter or right-click and then click Properties.
- On the Profile tab, check the "Home folder" checkbox and select the Connect radio button.
- Select an appropriate drive letter from the drop-down (e.g. H: ).
- In the To field, type \\ServerName\Home\%username% where ServerName is the file server hostname and Home is the name of the share you created earlier. %username% is a placeholder, environment variable that is automatically replaced with the user name.
- Click OK.
If you didn't manually create individual user subfolders in the home shared drive earlier, the user's subfolders will be created automatically and users will be granted full control over their own subfolder. That's all you need to do for home folders / mapping. Much simpler than scripting. Personally, I'm a bit OCD when it comes to permissions, and to prevent users from accidentally deleting their home folder, I change their home folder permissions (this folder only) to allow them to traverse/execute their home folder, create/edit/delete subfolders and files (of their home folder) and read the home folder's permissions. Then I add another permission to the user's subfolder (subfolders and files only) and grant full control. This way, the user has full control of everything inside their home folder but can't delete their home folder by accident. To ease/centralize data backup, I recommend redirecting user's My Documents folders (or Documents libraries) to their home folder, and enabling offline files (at least for mobile users). You can use group policy to do this.
For the HR/shared directory mapping, I'll assume you've already created the folder and shared it.
- On the domain controller or workstation with RSAT, open Group Policy Management Console (gpmc.msc).
- Expand the Forest/Domain structure.
- Right-click an organizational unit (OU) at or above the level of your users (if you don't have any OUs, right-click your domain) and click Create a GPO in this domain, and Link it here.
- Give the GPO an appropriate name (e.g User Targeted Policies; you'll probably want to use the policy for more than mapping drives).
- Click OK.
- Right-click the new GPO and click Edit. Expand User Configuration\Preferences\Windows Settings, and select Drive Maps.
- Right-click Drive Maps and click New > Mapped Drive. Under Action, select Create.
- In the Location field, type \\FileServer\HRShare where FileServer is the hostname for your file server and HRShare is the share name for the public/HR share.
- You can set the policy to use the first available drive letter or a specific drive letter (my recommendation; easier to provider user support).
- Click OK to save your changes.
If your users are local administrators on their workstations/computers, you may need to change set the registry value (DWORD) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections to 1 for group policy preference-mapped drives to work. If needed, you can also use group policy preferences to push this registry setting to your workstations/computers.
All that and not a single line of script! Before learning scripting, I would recommend putting effort into learning Windows Server 2008/2012 and Active Directory deployment and management (Microsoft Press is a good source for material; for some topics, you may need to go with a book intended for Server 2008). But yes, as you have opportunity, start picking up PowerShell scripting skills. To get started, see:
Hope this is helpful and whets your appetite for group policy!