Sign in with
Sign up | Sign in
Your question

Last response: in Windows 2000/NT
Share
Anonymous
February 28, 2005 4:10:06 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

HEllo,

Havea quick question. I am using the %USERNAME% to create home folders for
the users. Issue I am having is that if I perform this action from a
workstation in the domain using the USER AND COMPUTER adminpak tools...the
home folder is not created with the usual permissions. When I do this from
the DC as the domain admin...the home folder gets created as required...with
the user as the owner and with administrators and the user with full
control. THe newly created folder also does not inhetit from it's parent
(also what I want it to do). When this same function is done from a
workstation and using the RUN AS and utilizing the domain admin...the folder
is created...but the administrator is the owner and the permissions are
inherited from the parent.

I'm sure this has been asked before...just couldn't find an answer anywhere.

Thanks.

Dan
Anonymous
February 28, 2005 7:28:24 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Are you doing this from XP or W2K pro.
If XP, have you tried from W2K pro? vice versa?


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Deaker00@hotmail.com" <deaker00@hotmail.com> wrote in message
news:o Ic79BcHFHA.4060@TK2MSFTNGP14.phx.gbl...
> HEllo,
>
> Havea quick question. I am using the %USERNAME% to create home folders for
> the users. Issue I am having is that if I perform this action from a
> workstation in the domain using the USER AND COMPUTER adminpak tools...the
> home folder is not created with the usual permissions. When I do this from
> the DC as the domain admin...the home folder gets created as
> required...with
> the user as the owner and with administrators and the user with full
> control. THe newly created folder also does not inhetit from it's parent
> (also what I want it to do). When this same function is done from a
> workstation and using the RUN AS and utilizing the domain admin...the
> folder
> is created...but the administrator is the owner and the permissions are
> inherited from the parent.
>
> I'm sure this has been asked before...just couldn't find an answer
> anywhere.
>
> Thanks.
>
> Dan
>
>
Anonymous
March 1, 2005 11:47:15 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I Have only tried it from XP as that is our workstation of choice ...

Dan

"Glenn L" <the.only(delete)@gmail dot com> wrote in message
news:e5oeVWfHFHA.3484@TK2MSFTNGP12.phx.gbl...
> Are you doing this from XP or W2K pro.
> If XP, have you tried from W2K pro? vice versa?
>
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Deaker00@hotmail.com" <deaker00@hotmail.com> wrote in message
> news:o Ic79BcHFHA.4060@TK2MSFTNGP14.phx.gbl...
>> HEllo,
>>
>> Havea quick question. I am using the %USERNAME% to create home folders
>> for
>> the users. Issue I am having is that if I perform this action from a
>> workstation in the domain using the USER AND COMPUTER adminpak
>> tools...the
>> home folder is not created with the usual permissions. When I do this
>> from
>> the DC as the domain admin...the home folder gets created as
>> required...with
>> the user as the owner and with administrators and the user with full
>> control. THe newly created folder also does not inhetit from it's parent
>> (also what I want it to do). When this same function is done from a
>> workstation and using the RUN AS and utilizing the domain admin...the
>> folder
>> is created...but the administrator is the owner and the permissions are
>> inherited from the parent.
>>
>> I'm sure this has been asked before...just couldn't find an answer
>> anywhere.
>>
>> Thanks.
>>
>> Dan
>>
>>
>
>
Related resources
Anonymous
March 1, 2005 6:04:11 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"DEAKER00" wrote:
> I Have only tried it from XP as that is our workstation of
> choice ...
>
> Dan
>
> "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> news:e5oeVWfHFHA.3484@TK2MSFTNGP12.phx.gbl...
> > Are you doing this from XP or W2K pro.
> > If XP, have you tried from W2K pro? vice versa?
> >
> >
> > --
> > Glenn L
> > CCNA, MCSE 2000/2003 + Security
> >
> > "Deaker00@hotmail.com" <deaker00@hotmail.com> wrote in message
> > news:o Ic79BcHFHA.4060@TK2MSFTNGP14.phx.gbl...
>  >> HEllo,
>  >>
>  >> Havea quick question. I am using the %USERNAME% to
> create home folders
>  >> for
>  >> the users. Issue I am having is that if I perform
> this action from a
>  >> workstation in the domain using the USER AND COMPUTER
> adminpak
>  >> tools...the
>  >> home folder is not created with the usual
> permissions. When I do this
>  >> from
>  >> the DC as the domain admin...the home folder gets
> created as
>  >> required...with
>  >> the user as the owner and with administrators and the
> user with full
>  >> control. THe newly created folder also does not
> inhetit from it's parent
>  >> (also what I want it to do). When this same function
> is done from a
>  >> workstation and using the RUN AS and utilizing the
> domain admin...the
>  >> folder
>  >> is created...but the administrator is the owner and
> the permissions are
>  >> inherited from the parent.
>  >>
>  >> I'm sure this has been asked before...just couldn't
> find an answer
>  >> anywhere.
>  >>
>  >> Thanks.
>  >>
>  >> Dan
>  >>
>  >>
> >
> >

Hi,

You must have a Windows 2000 Server. With Windows 2003 and with
Windows XP, Microsoft has changed the way it creates the users home
folders. Yep, it blew me away too. So much for "added" security.
Basically with Windows 2003 Server when you create a users home folder
inside Active Directory using the %username%, it creates the folder
with the Inherited permissions. Therefore you must set the Users at
the Root Folder as read "This folder only" to make sure they aren’t
inherited.

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-usage-USE...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=857377
Anonymous
March 2, 2005 1:47:41 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

OK...SO I have tested it...and it is as you say. If I use the Admin tools on
a Windows 2000 workstation as the domain admin...it creates the user folder
as required. If I do the exact same thing on an XP Pro workstation....the
permissions get inherited and the owner is the administrator. This is
WHACKED!!!!

Is there any way around this? I need the user folders created as they are in
Windows 2000 with the user as the owner of the folder and the permissions
set as the Administartors groups and user with full control...NOT
inheriting.

Dan
"lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:4224cabb$1_5@alt.athenanews.com...
> "DEAKER00" wrote:
> > I Have only tried it from XP as that is our workstation of
> > choice ...
> >
> > Dan
> >
> > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> > news:e5oeVWfHFHA.3484@TK2MSFTNGP12.phx.gbl...
> > > Are you doing this from XP or W2K pro.
> > > If XP, have you tried from W2K pro? vice versa?
> > >
> > >
> > > --
> > > Glenn L
> > > CCNA, MCSE 2000/2003 + Security
> > >
> > > "Deaker00@hotmail.com" <deaker00@hotmail.com> wrote in message
> > > news:o Ic79BcHFHA.4060@TK2MSFTNGP14.phx.gbl...
> >  >> HEllo,
> >  >>
> >  >> Havea quick question. I am using the %USERNAME% to
> > create home folders
> >  >> for
> >  >> the users. Issue I am having is that if I perform
> > this action from a
> >  >> workstation in the domain using the USER AND COMPUTER
> > adminpak
> >  >> tools...the
> >  >> home folder is not created with the usual
> > permissions. When I do this
> >  >> from
> >  >> the DC as the domain admin...the home folder gets
> > created as
> >  >> required...with
> >  >> the user as the owner and with administrators and the
> > user with full
> >  >> control. THe newly created folder also does not
> > inhetit from it's parent
> >  >> (also what I want it to do). When this same function
> > is done from a
> >  >> workstation and using the RUN AS and utilizing the
> > domain admin...the
> >  >> folder
> >  >> is created...but the administrator is the owner and
> > the permissions are
> >  >> inherited from the parent.
> >  >>
> >  >> I'm sure this has been asked before...just couldn't
> > find an answer
> >  >> anywhere.
> >  >>
> >  >> Thanks.
> >  >>
> >  >> Dan
> >  >>
> >  >>
> > >
> > >
>
> Hi,
>
> You must have a Windows 2000 Server. With Windows 2003 and with
> Windows XP, Microsoft has changed the way it creates the users home
> folders. Yep, it blew me away too. So much for "added" security.
> Basically with Windows 2003 Server when you create a users home folder
> inside Active Directory using the %username%, it creates the folder
> with the Inherited permissions. Therefore you must set the Users at
> the Root Folder as read "This folder only" to make sure they aren't
> inherited.
>
> Cheers,
>
> Lara
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
request
> Articles individually checked for conformance to usenet standards
> Topic URL:
http://www.windowsforumz.com/Active-Directory-usage-USE...
> Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=857377
Anonymous
March 2, 2005 10:02:14 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"deaker00" wrote:
> OK...SO I have tested it...and it is as you say. If I use the
> Admin tools on
> a Windows 2000 workstation as the domain admin...it creates
> the user folder
> as required. If I do the exact same thing on an XP Pro
> workstation....the
> permissions get inherited and the owner is the administrator.
> This is
> WHACKED!!!!
>
> Is there any way around this? I need the user folders created
> as they are in
> Windows 2000 with the user as the owner of the folder and the
> permissions
> set as the Administartors groups and user with full
> control...NOT
> inheriting.
>
> Dan
> "lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
> news:4224cabb$1_5@alt.athenanews.com...
> > "DEAKER00" wrote:
>  > > I Have only tried it from XP as that is our
> workstation of
>  > > choice ...
>  > >
>  > > Dan
>  > >
>  > > "Glenn L" <the.only(delete)@gmail dot com>
> wrote in message
>  > > news:e5oeVWfHFHA.3484@TK2MSFTNGP12.phx.gbl...
>   > > > Are you doing this from XP or W2K pro.
>   > > > If XP, have you tried from W2K pro? vice
> versa?
>   > > >
>   > > >
>   > > > --
>   > > > Glenn L
>   > > > CCNA, MCSE 2000/2003 + Security
>   > > >
>   > > > "Deaker00@hotmail.com"
> <deaker00@hotmail.com> wrote in message
>   > > >
> news:o Ic79BcHFHA.4060@TK2MSFTNGP14.phx.gbl...
>  > >  >> HEllo,
>  > >  >>
>  > >  >> Havea quick question. I am using the
> %USERNAME% to
>  > > create home folders
>  > >  >> for
>  > >  >> the users. Issue I am having is that
> if I perform
>  > > this action from a
>  > >  >> workstation in the domain using the
> USER AND COMPUTER
>  > > adminpak
>  > >  >> tools...the
>  > >  >> home folder is not created with the
> usual
>  > > permissions. When I do this
>  > >  >> from
>  > >  >> the DC as the domain admin...the
> home folder gets
>  > > created as
>  > >  >> required...with
>  > >  >> the user as the owner and with
> administrators and the
>  > > user with full
>  > >  >> control. THe newly created folder
> also does not
>  > > inhetit from it's parent
>  > >  >> (also what I want it to do). When
> this same function
>  > > is done from a
>  > >  >> workstation and using the RUN AS and
> utilizing the
>  > > domain admin...the
>  > >  >> folder
>  > >  >> is created...but the administrator
> is the owner and
>  > > the permissions are
>  > >  >> inherited from the parent.
>  > >  >>
>  > >  >> I'm sure this has been asked
> before...just couldn't
>  > > find an answer
>  > >  >> anywhere.
>  > >  >>
>  > >  >> Thanks.
>  > >  >>
>  > >  >> Dan
>  > >  >>
>  > >  >>
>   > > >
>   > > >
> >
> > Hi,
> >
> > You must have a Windows 2000 Server. With Windows 2003 and
> with
> > Windows XP, Microsoft has changed the way it creates the
> users home
> > folders. Yep, it blew me away too. So much for "added"
> security.
> > Basically with Windows 2003 Server when you create a users
> home folder
> > inside Active Directory using the %username%, it creates the
> folder
> > with the Inherited permissions. Therefore you must set the
> Users at
> > the Root Folder as read "This folder only" to make sure they
> aren't
> > inherited.
> >
> > Cheers,
> >
> > Lara
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's
> request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> http://www.windowsforumz.com/Active-Directory-usage-USE...
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> http://www.windowsforumz.com/eform.php?p=857377

Hi,

I couldn’t find a way around it. With Windows 2003 server, it does
make the user the owner of the folder and Full-control on the folder,
but it does inherit now. I think they changed the way folder creation
was scripted.

Cheers,

Lara
!