Sign in with
Sign up | Sign in
Your question

creating folders and grating security permissions

Last response: in Windows 2000/NT
Share
May 4, 2005 6:01:13 PM

Archived from groups: microsoft.public.win2000.general (More info?)

I need to create over 200 user folders on a network drive abd grant
permissions on the folder based on the user.

so if jane logs on to the network, she will have an "H" drive mapped to the
network server. \\server\users\jane

I need to set permissions under security on this folder jane

like so: Administrators (full)
system (full)
jane (full)


How do I do this?
May 4, 2005 10:13:31 PM

Archived from groups: microsoft.public.win2000.general (More info?)

"tony" <none@none.com> wrote in message
news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
> I need to create over 200 user folders on a network drive abd grant
> permissions on the folder based on the user.
>
> so if jane logs on to the network, she will have an "H" drive mapped to
the
> network server. \\server\users\jane
>
> I need to set permissions under security on this folder jane
>
> like so: Administrators (full)
> system (full)
> jane (full)
>
>
> How do I do this?
>

No, admin should not be given full control to a any user's folder. neither
should the admin be the creator of that folder. Its a question of principle
to protect both parties (users and administrator).

Why go through such a process when the OS does it for you anyway?

Create the base folder with everyone-full_control or
domainusers-full_control (remember that you have both share-level and NTFS
permissions to deal with). Create a template user with a home directory set
to \\server\users\%username% and disable the template.

Copy the template, modify the copy, enable the copy. The user's subfolder
will be automatically generated for you the moment he or she logs on with
the reinterpreted %username% parameter. Even its permisions will be
correctly setup to protect the data. The user is the creator and has
protected access to only that folder.

No action is required from the admin in order to provide this (other than
the base-folder creation and the user creation.

The administrator must take ownership of the folder to view its contents. In
other words, the user has the piece of mind that even the administrator
can't access the folder without the user's knowledge.

Otherwise, anytime someone looses a file, guess who they will blame? The
only control the admin can provide on that folder should be quota. Thats it.
May 4, 2005 11:30:13 PM

Archived from groups: microsoft.public.win2000.general (More info?)

I am trying to avoid using the profile path because i am not using roaming.

I am using gpos.


any other ides?


"codigo" <codigo@codigo.trap.com> wrote in message
news:lMbee.5783$VL3.501374@news20.bellglobal.com...
>
> "tony" <none@none.com> wrote in message
> news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
>> I need to create over 200 user folders on a network drive abd grant
>> permissions on the folder based on the user.
>>
>> so if jane logs on to the network, she will have an "H" drive mapped to
> the
>> network server. \\server\users\jane
>>
>> I need to set permissions under security on this folder jane
>>
>> like so: Administrators (full)
>> system (full)
>> jane (full)
>>
>>
>> How do I do this?
>>
>
> No, admin should not be given full control to a any user's folder. neither
> should the admin be the creator of that folder. Its a question of
> principle
> to protect both parties (users and administrator).
>
> Why go through such a process when the OS does it for you anyway?
>
> Create the base folder with everyone-full_control or
> domainusers-full_control (remember that you have both share-level and NTFS
> permissions to deal with). Create a template user with a home directory
> set
> to \\server\users\%username% and disable the template.
>
> Copy the template, modify the copy, enable the copy. The user's subfolder
> will be automatically generated for you the moment he or she logs on with
> the reinterpreted %username% parameter. Even its permisions will be
> correctly setup to protect the data. The user is the creator and has
> protected access to only that folder.
>
> No action is required from the admin in order to provide this (other than
> the base-folder creation and the user creation.
>
> The administrator must take ownership of the folder to view its contents.
> In
> other words, the user has the piece of mind that even the administrator
> can't access the folder without the user's knowledge.
>
> Otherwise, anytime someone looses a file, guess who they will blame? The
> only control the admin can provide on that folder should be quota. Thats
> it.
>
>
Related resources
May 5, 2005 3:08:00 AM

Archived from groups: microsoft.public.win2000.general (More info?)

"tony" <none@none.com> wrote in message
news:o G5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
> I am trying to avoid using the profile path because i am not using
roaming.
>
> I am using gpos.
>
>
> any other ides?

The profile path has nothing to do with home folders. And a home folder has
nothing to do with roaming profiles.

>
>
> "codigo" <codigo@codigo.trap.com> wrote in message
> news:lMbee.5783$VL3.501374@news20.bellglobal.com...
> >
> > "tony" <none@none.com> wrote in message
> > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
> >> I need to create over 200 user folders on a network drive abd grant
> >> permissions on the folder based on the user.
> >>
> >> so if jane logs on to the network, she will have an "H" drive mapped to
> > the
> >> network server. \\server\users\jane
> >>
> >> I need to set permissions under security on this folder jane
> >>
> >> like so: Administrators (full)
> >> system (full)
> >> jane (full)
> >>
> >>
> >> How do I do this?
> >>
> >
> > No, admin should not be given full control to a any user's folder.
neither
> > should the admin be the creator of that folder. Its a question of
> > principle
> > to protect both parties (users and administrator).
> >
> > Why go through such a process when the OS does it for you anyway?
> >
> > Create the base folder with everyone-full_control or
> > domainusers-full_control (remember that you have both share-level and
NTFS
> > permissions to deal with). Create a template user with a home directory
> > set
> > to \\server\users\%username% and disable the template.
> >
> > Copy the template, modify the copy, enable the copy. The user's
subfolder
> > will be automatically generated for you the moment he or she logs on
with
> > the reinterpreted %username% parameter. Even its permisions will be
> > correctly setup to protect the data. The user is the creator and has
> > protected access to only that folder.
> >
> > No action is required from the admin in order to provide this (other
than
> > the base-folder creation and the user creation.
> >
> > The administrator must take ownership of the folder to view its
contents.
> > In
> > other words, the user has the piece of mind that even the administrator
> > can't access the folder without the user's knowledge.
> >
> > Otherwise, anytime someone looses a file, guess who they will blame? The
> > only control the admin can provide on that folder should be quota. Thats
> > it.
> >
> >
>
>
May 5, 2005 3:08:01 AM

Archived from groups: microsoft.public.win2000.general (More info?)

where do you create a template user and set home profile
"codigo" <codigo@codigo.trap.com> wrote in message
news:q4gee.6001$VL3.565361@news20.bellglobal.com...
>
> "tony" <none@none.com> wrote in message
> news:o G5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
>> I am trying to avoid using the profile path because i am not using
> roaming.
>>
>> I am using gpos.
>>
>>
>> any other ides?
>
> The profile path has nothing to do with home folders. And a home folder
> has
> nothing to do with roaming profiles.
>
>>
>>
>> "codigo" <codigo@codigo.trap.com> wrote in message
>> news:lMbee.5783$VL3.501374@news20.bellglobal.com...
>> >
>> > "tony" <none@none.com> wrote in message
>> > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
>> >> I need to create over 200 user folders on a network drive abd grant
>> >> permissions on the folder based on the user.
>> >>
>> >> so if jane logs on to the network, she will have an "H" drive mapped
>> >> to
>> > the
>> >> network server. \\server\users\jane
>> >>
>> >> I need to set permissions under security on this folder jane
>> >>
>> >> like so: Administrators (full)
>> >> system (full)
>> >> jane (full)
>> >>
>> >>
>> >> How do I do this?
>> >>
>> >
>> > No, admin should not be given full control to a any user's folder.
> neither
>> > should the admin be the creator of that folder. Its a question of
>> > principle
>> > to protect both parties (users and administrator).
>> >
>> > Why go through such a process when the OS does it for you anyway?
>> >
>> > Create the base folder with everyone-full_control or
>> > domainusers-full_control (remember that you have both share-level and
> NTFS
>> > permissions to deal with). Create a template user with a home directory
>> > set
>> > to \\server\users\%username% and disable the template.
>> >
>> > Copy the template, modify the copy, enable the copy. The user's
> subfolder
>> > will be automatically generated for you the moment he or she logs on
> with
>> > the reinterpreted %username% parameter. Even its permisions will be
>> > correctly setup to protect the data. The user is the creator and has
>> > protected access to only that folder.
>> >
>> > No action is required from the admin in order to provide this (other
> than
>> > the base-folder creation and the user creation.
>> >
>> > The administrator must take ownership of the folder to view its
> contents.
>> > In
>> > other words, the user has the piece of mind that even the administrator
>> > can't access the folder without the user's knowledge.
>> >
>> > Otherwise, anytime someone looses a file, guess who they will blame?
>> > The
>> > only control the admin can provide on that folder should be quota.
>> > Thats
>> > it.
>> >
>> >
>>
>>
>
>
May 5, 2005 6:55:50 PM

Archived from groups: microsoft.public.win2000.general (More info?)

"tony" <none@none.com> wrote in message
news:erKUk3SUFHA.4092@TK2MSFTNGP12.phx.gbl...
> where do you create a template user and set home profile

AD users and computers on any DC (create template user in an OU, properties,
profile tab, home folder section, connect to...). Assuming you are on a
domain. Consider using OUs to partition / test a GPO as well.

If you aren't on a domain, Users and Computers, same procedure without the
OU.

> "codigo" <codigo@codigo.trap.com> wrote in message
> news:q4gee.6001$VL3.565361@news20.bellglobal.com...
> >
> > "tony" <none@none.com> wrote in message
> > news:o G5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
> >> I am trying to avoid using the profile path because i am not using
> > roaming.
> >>
> >> I am using gpos.
> >>
> >>
> >> any other ides?
> >
> > The profile path has nothing to do with home folders. And a home folder
> > has
> > nothing to do with roaming profiles.
> >
> >>
> >>
> >> "codigo" <codigo@codigo.trap.com> wrote in message
> >> news:lMbee.5783$VL3.501374@news20.bellglobal.com...
> >> >
> >> > "tony" <none@none.com> wrote in message
> >> > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
> >> >> I need to create over 200 user folders on a network drive abd grant
> >> >> permissions on the folder based on the user.
> >> >>
> >> >> so if jane logs on to the network, she will have an "H" drive mapped
> >> >> to
> >> > the
> >> >> network server. \\server\users\jane
> >> >>
> >> >> I need to set permissions under security on this folder jane
> >> >>
> >> >> like so: Administrators (full)
> >> >> system (full)
> >> >> jane (full)
> >> >>
> >> >>
> >> >> How do I do this?
> >> >>
> >> >
> >> > No, admin should not be given full control to a any user's folder.
> > neither
> >> > should the admin be the creator of that folder. Its a question of
> >> > principle
> >> > to protect both parties (users and administrator).
> >> >
> >> > Why go through such a process when the OS does it for you anyway?
> >> >
> >> > Create the base folder with everyone-full_control or
> >> > domainusers-full_control (remember that you have both share-level and
> > NTFS
> >> > permissions to deal with). Create a template user with a home
directory
> >> > set
> >> > to \\server\users\%username% and disable the template.
> >> >
> >> > Copy the template, modify the copy, enable the copy. The user's
> > subfolder
> >> > will be automatically generated for you the moment he or she logs on
> > with
> >> > the reinterpreted %username% parameter. Even its permisions will be
> >> > correctly setup to protect the data. The user is the creator and has
> >> > protected access to only that folder.
> >> >
> >> > No action is required from the admin in order to provide this (other
> > than
> >> > the base-folder creation and the user creation.
> >> >
> >> > The administrator must take ownership of the folder to view its
> > contents.
> >> > In
> >> > other words, the user has the piece of mind that even the
administrator
> >> > can't access the folder without the user's knowledge.
> >> >
> >> > Otherwise, anytime someone looses a file, guess who they will blame?
> >> > The
> >> > only control the admin can provide on that folder should be quota.
> >> > Thats
> >> > it.
> >> >
> >> >
> >>
> >>
> >
> >
>
>
May 20, 2005 3:26:35 PM

Archived from groups: microsoft.public.win2000.general (More info?)

I created a share on my server

\\server\Users$

When i go to a userprofile under profile tab

I map their home drive


M \\server\users$\%username%

I click on apply the folder automaticaly got created on the network share.
But the permissions were that of the creator which is me the domain admin.

The thing is the folder does not get created on user logon




"codigo" <codigo@codigo.trap.com> wrote in message
news:_Ytee.6302$VL3.635784@news20.bellglobal.com...
> "tony" <none@none.com> wrote in message
> news:erKUk3SUFHA.4092@TK2MSFTNGP12.phx.gbl...
>> where do you create a template user and set home profile
>
> AD users and computers on any DC (create template user in an OU,
> properties,
> profile tab, home folder section, connect to...). Assuming you are on a
> domain. Consider using OUs to partition / test a GPO as well.
>
> If you aren't on a domain, Users and Computers, same procedure without the
> OU.
>
>> "codigo" <codigo@codigo.trap.com> wrote in message
>> news:q4gee.6001$VL3.565361@news20.bellglobal.com...
>> >
>> > "tony" <none@none.com> wrote in message
>> > news:o G5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
>> >> I am trying to avoid using the profile path because i am not using
>> > roaming.
>> >>
>> >> I am using gpos.
>> >>
>> >>
>> >> any other ides?
>> >
>> > The profile path has nothing to do with home folders. And a home folder
>> > has
>> > nothing to do with roaming profiles.
>> >
>> >>
>> >>
>> >> "codigo" <codigo@codigo.trap.com> wrote in message
>> >> news:lMbee.5783$VL3.501374@news20.bellglobal.com...
>> >> >
>> >> > "tony" <none@none.com> wrote in message
>> >> > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
>> >> >> I need to create over 200 user folders on a network drive abd grant
>> >> >> permissions on the folder based on the user.
>> >> >>
>> >> >> so if jane logs on to the network, she will have an "H" drive
>> >> >> mapped
>> >> >> to
>> >> > the
>> >> >> network server. \\server\users\jane
>> >> >>
>> >> >> I need to set permissions under security on this folder jane
>> >> >>
>> >> >> like so: Administrators (full)
>> >> >> system (full)
>> >> >> jane (full)
>> >> >>
>> >> >>
>> >> >> How do I do this?
>> >> >>
>> >> >
>> >> > No, admin should not be given full control to a any user's folder.
>> > neither
>> >> > should the admin be the creator of that folder. Its a question of
>> >> > principle
>> >> > to protect both parties (users and administrator).
>> >> >
>> >> > Why go through such a process when the OS does it for you anyway?
>> >> >
>> >> > Create the base folder with everyone-full_control or
>> >> > domainusers-full_control (remember that you have both share-level
>> >> > and
>> > NTFS
>> >> > permissions to deal with). Create a template user with a home
> directory
>> >> > set
>> >> > to \\server\users\%username% and disable the template.
>> >> >
>> >> > Copy the template, modify the copy, enable the copy. The user's
>> > subfolder
>> >> > will be automatically generated for you the moment he or she logs on
>> > with
>> >> > the reinterpreted %username% parameter. Even its permisions will be
>> >> > correctly setup to protect the data. The user is the creator and has
>> >> > protected access to only that folder.
>> >> >
>> >> > No action is required from the admin in order to provide this (other
>> > than
>> >> > the base-folder creation and the user creation.
>> >> >
>> >> > The administrator must take ownership of the folder to view its
>> > contents.
>> >> > In
>> >> > other words, the user has the piece of mind that even the
> administrator
>> >> > can't access the folder without the user's knowledge.
>> >> >
>> >> > Otherwise, anytime someone looses a file, guess who they will blame?
>> >> > The
>> >> > only control the admin can provide on that folder should be quota.
>> >> > Thats
>> >> > it.
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
!