creating folders and grating security permissions

Archived from groups: microsoft.public.win2000.general (More info?)

I need to create over 200 user folders on a network drive abd grant
permissions on the folder based on the user.

so if jane logs on to the network, she will have an "H" drive mapped to the
network server. \\server\users\jane

I need to set permissions under security on this folder jane

like so: Administrators (full)
system (full)
jane (full)


How do I do this?
6 answers Last reply
More about creating folders grating security permissions
  1. Archived from groups: microsoft.public.win2000.general (More info?)

    "tony" <none@none.com> wrote in message
    news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
    > I need to create over 200 user folders on a network drive abd grant
    > permissions on the folder based on the user.
    >
    > so if jane logs on to the network, she will have an "H" drive mapped to
    the
    > network server. \\server\users\jane
    >
    > I need to set permissions under security on this folder jane
    >
    > like so: Administrators (full)
    > system (full)
    > jane (full)
    >
    >
    > How do I do this?
    >

    No, admin should not be given full control to a any user's folder. neither
    should the admin be the creator of that folder. Its a question of principle
    to protect both parties (users and administrator).

    Why go through such a process when the OS does it for you anyway?

    Create the base folder with everyone-full_control or
    domainusers-full_control (remember that you have both share-level and NTFS
    permissions to deal with). Create a template user with a home directory set
    to \\server\users\%username% and disable the template.

    Copy the template, modify the copy, enable the copy. The user's subfolder
    will be automatically generated for you the moment he or she logs on with
    the reinterpreted %username% parameter. Even its permisions will be
    correctly setup to protect the data. The user is the creator and has
    protected access to only that folder.

    No action is required from the admin in order to provide this (other than
    the base-folder creation and the user creation.

    The administrator must take ownership of the folder to view its contents. In
    other words, the user has the piece of mind that even the administrator
    can't access the folder without the user's knowledge.

    Otherwise, anytime someone looses a file, guess who they will blame? The
    only control the admin can provide on that folder should be quota. Thats it.
  2. Archived from groups: microsoft.public.win2000.general (More info?)

    I am trying to avoid using the profile path because i am not using roaming.

    I am using gpos.


    any other ides?


    "codigo" <codigo@codigo.trap.com> wrote in message
    news:lMbee.5783$VL3.501374@news20.bellglobal.com...
    >
    > "tony" <none@none.com> wrote in message
    > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
    >> I need to create over 200 user folders on a network drive abd grant
    >> permissions on the folder based on the user.
    >>
    >> so if jane logs on to the network, she will have an "H" drive mapped to
    > the
    >> network server. \\server\users\jane
    >>
    >> I need to set permissions under security on this folder jane
    >>
    >> like so: Administrators (full)
    >> system (full)
    >> jane (full)
    >>
    >>
    >> How do I do this?
    >>
    >
    > No, admin should not be given full control to a any user's folder. neither
    > should the admin be the creator of that folder. Its a question of
    > principle
    > to protect both parties (users and administrator).
    >
    > Why go through such a process when the OS does it for you anyway?
    >
    > Create the base folder with everyone-full_control or
    > domainusers-full_control (remember that you have both share-level and NTFS
    > permissions to deal with). Create a template user with a home directory
    > set
    > to \\server\users\%username% and disable the template.
    >
    > Copy the template, modify the copy, enable the copy. The user's subfolder
    > will be automatically generated for you the moment he or she logs on with
    > the reinterpreted %username% parameter. Even its permisions will be
    > correctly setup to protect the data. The user is the creator and has
    > protected access to only that folder.
    >
    > No action is required from the admin in order to provide this (other than
    > the base-folder creation and the user creation.
    >
    > The administrator must take ownership of the folder to view its contents.
    > In
    > other words, the user has the piece of mind that even the administrator
    > can't access the folder without the user's knowledge.
    >
    > Otherwise, anytime someone looses a file, guess who they will blame? The
    > only control the admin can provide on that folder should be quota. Thats
    > it.
    >
    >
  3. Archived from groups: microsoft.public.win2000.general (More info?)

    "tony" <none@none.com> wrote in message
    news:OG5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
    > I am trying to avoid using the profile path because i am not using
    roaming.
    >
    > I am using gpos.
    >
    >
    > any other ides?

    The profile path has nothing to do with home folders. And a home folder has
    nothing to do with roaming profiles.

    >
    >
    > "codigo" <codigo@codigo.trap.com> wrote in message
    > news:lMbee.5783$VL3.501374@news20.bellglobal.com...
    > >
    > > "tony" <none@none.com> wrote in message
    > > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
    > >> I need to create over 200 user folders on a network drive abd grant
    > >> permissions on the folder based on the user.
    > >>
    > >> so if jane logs on to the network, she will have an "H" drive mapped to
    > > the
    > >> network server. \\server\users\jane
    > >>
    > >> I need to set permissions under security on this folder jane
    > >>
    > >> like so: Administrators (full)
    > >> system (full)
    > >> jane (full)
    > >>
    > >>
    > >> How do I do this?
    > >>
    > >
    > > No, admin should not be given full control to a any user's folder.
    neither
    > > should the admin be the creator of that folder. Its a question of
    > > principle
    > > to protect both parties (users and administrator).
    > >
    > > Why go through such a process when the OS does it for you anyway?
    > >
    > > Create the base folder with everyone-full_control or
    > > domainusers-full_control (remember that you have both share-level and
    NTFS
    > > permissions to deal with). Create a template user with a home directory
    > > set
    > > to \\server\users\%username% and disable the template.
    > >
    > > Copy the template, modify the copy, enable the copy. The user's
    subfolder
    > > will be automatically generated for you the moment he or she logs on
    with
    > > the reinterpreted %username% parameter. Even its permisions will be
    > > correctly setup to protect the data. The user is the creator and has
    > > protected access to only that folder.
    > >
    > > No action is required from the admin in order to provide this (other
    than
    > > the base-folder creation and the user creation.
    > >
    > > The administrator must take ownership of the folder to view its
    contents.
    > > In
    > > other words, the user has the piece of mind that even the administrator
    > > can't access the folder without the user's knowledge.
    > >
    > > Otherwise, anytime someone looses a file, guess who they will blame? The
    > > only control the admin can provide on that folder should be quota. Thats
    > > it.
    > >
    > >
    >
    >
  4. Archived from groups: microsoft.public.win2000.general (More info?)

    where do you create a template user and set home profile
    "codigo" <codigo@codigo.trap.com> wrote in message
    news:q4gee.6001$VL3.565361@news20.bellglobal.com...
    >
    > "tony" <none@none.com> wrote in message
    > news:OG5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
    >> I am trying to avoid using the profile path because i am not using
    > roaming.
    >>
    >> I am using gpos.
    >>
    >>
    >> any other ides?
    >
    > The profile path has nothing to do with home folders. And a home folder
    > has
    > nothing to do with roaming profiles.
    >
    >>
    >>
    >> "codigo" <codigo@codigo.trap.com> wrote in message
    >> news:lMbee.5783$VL3.501374@news20.bellglobal.com...
    >> >
    >> > "tony" <none@none.com> wrote in message
    >> > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
    >> >> I need to create over 200 user folders on a network drive abd grant
    >> >> permissions on the folder based on the user.
    >> >>
    >> >> so if jane logs on to the network, she will have an "H" drive mapped
    >> >> to
    >> > the
    >> >> network server. \\server\users\jane
    >> >>
    >> >> I need to set permissions under security on this folder jane
    >> >>
    >> >> like so: Administrators (full)
    >> >> system (full)
    >> >> jane (full)
    >> >>
    >> >>
    >> >> How do I do this?
    >> >>
    >> >
    >> > No, admin should not be given full control to a any user's folder.
    > neither
    >> > should the admin be the creator of that folder. Its a question of
    >> > principle
    >> > to protect both parties (users and administrator).
    >> >
    >> > Why go through such a process when the OS does it for you anyway?
    >> >
    >> > Create the base folder with everyone-full_control or
    >> > domainusers-full_control (remember that you have both share-level and
    > NTFS
    >> > permissions to deal with). Create a template user with a home directory
    >> > set
    >> > to \\server\users\%username% and disable the template.
    >> >
    >> > Copy the template, modify the copy, enable the copy. The user's
    > subfolder
    >> > will be automatically generated for you the moment he or she logs on
    > with
    >> > the reinterpreted %username% parameter. Even its permisions will be
    >> > correctly setup to protect the data. The user is the creator and has
    >> > protected access to only that folder.
    >> >
    >> > No action is required from the admin in order to provide this (other
    > than
    >> > the base-folder creation and the user creation.
    >> >
    >> > The administrator must take ownership of the folder to view its
    > contents.
    >> > In
    >> > other words, the user has the piece of mind that even the administrator
    >> > can't access the folder without the user's knowledge.
    >> >
    >> > Otherwise, anytime someone looses a file, guess who they will blame?
    >> > The
    >> > only control the admin can provide on that folder should be quota.
    >> > Thats
    >> > it.
    >> >
    >> >
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.general (More info?)

    "tony" <none@none.com> wrote in message
    news:erKUk3SUFHA.4092@TK2MSFTNGP12.phx.gbl...
    > where do you create a template user and set home profile

    AD users and computers on any DC (create template user in an OU, properties,
    profile tab, home folder section, connect to...). Assuming you are on a
    domain. Consider using OUs to partition / test a GPO as well.

    If you aren't on a domain, Users and Computers, same procedure without the
    OU.

    > "codigo" <codigo@codigo.trap.com> wrote in message
    > news:q4gee.6001$VL3.565361@news20.bellglobal.com...
    > >
    > > "tony" <none@none.com> wrote in message
    > > news:OG5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
    > >> I am trying to avoid using the profile path because i am not using
    > > roaming.
    > >>
    > >> I am using gpos.
    > >>
    > >>
    > >> any other ides?
    > >
    > > The profile path has nothing to do with home folders. And a home folder
    > > has
    > > nothing to do with roaming profiles.
    > >
    > >>
    > >>
    > >> "codigo" <codigo@codigo.trap.com> wrote in message
    > >> news:lMbee.5783$VL3.501374@news20.bellglobal.com...
    > >> >
    > >> > "tony" <none@none.com> wrote in message
    > >> > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
    > >> >> I need to create over 200 user folders on a network drive abd grant
    > >> >> permissions on the folder based on the user.
    > >> >>
    > >> >> so if jane logs on to the network, she will have an "H" drive mapped
    > >> >> to
    > >> > the
    > >> >> network server. \\server\users\jane
    > >> >>
    > >> >> I need to set permissions under security on this folder jane
    > >> >>
    > >> >> like so: Administrators (full)
    > >> >> system (full)
    > >> >> jane (full)
    > >> >>
    > >> >>
    > >> >> How do I do this?
    > >> >>
    > >> >
    > >> > No, admin should not be given full control to a any user's folder.
    > > neither
    > >> > should the admin be the creator of that folder. Its a question of
    > >> > principle
    > >> > to protect both parties (users and administrator).
    > >> >
    > >> > Why go through such a process when the OS does it for you anyway?
    > >> >
    > >> > Create the base folder with everyone-full_control or
    > >> > domainusers-full_control (remember that you have both share-level and
    > > NTFS
    > >> > permissions to deal with). Create a template user with a home
    directory
    > >> > set
    > >> > to \\server\users\%username% and disable the template.
    > >> >
    > >> > Copy the template, modify the copy, enable the copy. The user's
    > > subfolder
    > >> > will be automatically generated for you the moment he or she logs on
    > > with
    > >> > the reinterpreted %username% parameter. Even its permisions will be
    > >> > correctly setup to protect the data. The user is the creator and has
    > >> > protected access to only that folder.
    > >> >
    > >> > No action is required from the admin in order to provide this (other
    > > than
    > >> > the base-folder creation and the user creation.
    > >> >
    > >> > The administrator must take ownership of the folder to view its
    > > contents.
    > >> > In
    > >> > other words, the user has the piece of mind that even the
    administrator
    > >> > can't access the folder without the user's knowledge.
    > >> >
    > >> > Otherwise, anytime someone looses a file, guess who they will blame?
    > >> > The
    > >> > only control the admin can provide on that folder should be quota.
    > >> > Thats
    > >> > it.
    > >> >
    > >> >
    > >>
    > >>
    > >
    > >
    >
    >
  6. Archived from groups: microsoft.public.win2000.general (More info?)

    I created a share on my server

    \\server\Users$

    When i go to a userprofile under profile tab

    I map their home drive


    M \\server\users$\%username%

    I click on apply the folder automaticaly got created on the network share.
    But the permissions were that of the creator which is me the domain admin.

    The thing is the folder does not get created on user logon


    "codigo" <codigo@codigo.trap.com> wrote in message
    news:_Ytee.6302$VL3.635784@news20.bellglobal.com...
    > "tony" <none@none.com> wrote in message
    > news:erKUk3SUFHA.4092@TK2MSFTNGP12.phx.gbl...
    >> where do you create a template user and set home profile
    >
    > AD users and computers on any DC (create template user in an OU,
    > properties,
    > profile tab, home folder section, connect to...). Assuming you are on a
    > domain. Consider using OUs to partition / test a GPO as well.
    >
    > If you aren't on a domain, Users and Computers, same procedure without the
    > OU.
    >
    >> "codigo" <codigo@codigo.trap.com> wrote in message
    >> news:q4gee.6001$VL3.565361@news20.bellglobal.com...
    >> >
    >> > "tony" <none@none.com> wrote in message
    >> > news:OG5zQpRUFHA.260@TK2MSFTNGP12.phx.gbl...
    >> >> I am trying to avoid using the profile path because i am not using
    >> > roaming.
    >> >>
    >> >> I am using gpos.
    >> >>
    >> >>
    >> >> any other ides?
    >> >
    >> > The profile path has nothing to do with home folders. And a home folder
    >> > has
    >> > nothing to do with roaming profiles.
    >> >
    >> >>
    >> >>
    >> >> "codigo" <codigo@codigo.trap.com> wrote in message
    >> >> news:lMbee.5783$VL3.501374@news20.bellglobal.com...
    >> >> >
    >> >> > "tony" <none@none.com> wrote in message
    >> >> > news:ewLusxOUFHA.2128@TK2MSFTNGP15.phx.gbl...
    >> >> >> I need to create over 200 user folders on a network drive abd grant
    >> >> >> permissions on the folder based on the user.
    >> >> >>
    >> >> >> so if jane logs on to the network, she will have an "H" drive
    >> >> >> mapped
    >> >> >> to
    >> >> > the
    >> >> >> network server. \\server\users\jane
    >> >> >>
    >> >> >> I need to set permissions under security on this folder jane
    >> >> >>
    >> >> >> like so: Administrators (full)
    >> >> >> system (full)
    >> >> >> jane (full)
    >> >> >>
    >> >> >>
    >> >> >> How do I do this?
    >> >> >>
    >> >> >
    >> >> > No, admin should not be given full control to a any user's folder.
    >> > neither
    >> >> > should the admin be the creator of that folder. Its a question of
    >> >> > principle
    >> >> > to protect both parties (users and administrator).
    >> >> >
    >> >> > Why go through such a process when the OS does it for you anyway?
    >> >> >
    >> >> > Create the base folder with everyone-full_control or
    >> >> > domainusers-full_control (remember that you have both share-level
    >> >> > and
    >> > NTFS
    >> >> > permissions to deal with). Create a template user with a home
    > directory
    >> >> > set
    >> >> > to \\server\users\%username% and disable the template.
    >> >> >
    >> >> > Copy the template, modify the copy, enable the copy. The user's
    >> > subfolder
    >> >> > will be automatically generated for you the moment he or she logs on
    >> > with
    >> >> > the reinterpreted %username% parameter. Even its permisions will be
    >> >> > correctly setup to protect the data. The user is the creator and has
    >> >> > protected access to only that folder.
    >> >> >
    >> >> > No action is required from the admin in order to provide this (other
    >> > than
    >> >> > the base-folder creation and the user creation.
    >> >> >
    >> >> > The administrator must take ownership of the folder to view its
    >> > contents.
    >> >> > In
    >> >> > other words, the user has the piece of mind that even the
    > administrator
    >> >> > can't access the folder without the user's knowledge.
    >> >> >
    >> >> > Otherwise, anytime someone looses a file, guess who they will blame?
    >> >> > The
    >> >> > only control the admin can provide on that folder should be quota.
    >> >> > Thats
    >> >> > it.
    >> >> >
    >> >> >
    >> >>
    >> >>
    >> >
    >> >
    >>
    >>
    >
    >
Ask a new question

Read More

Security Permissions Servers Windows