• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win2K3 easy way to create home folders?

jfunk

Golden Member
How does everybody create private home folders for new users without having to manually create each one by hand?

The basic instructions here work fine:
http://support.microsoft.com/kb/816313/en-us

However, if you follow this procedure, every user has read/write access to the entire "users\" folder.

I'm going to assume there is a way to have Windows create home folders for users automatically without giving access to everybody. I can't imagine one is expected to manually create and share hundreds (or in some cases thousands) of folders.
 
You'd need to give the user permissions to read/write to the parent directory, that is just a given (the home folder is created at user logon). However, what you'd want to do is apply those permissions to the folder only (an advanced option) instead of "Folders/files and all subfolders" which is the default option.
 
Originally posted by: Rilex
You'd need to give the user permissions to read/write to the parent directory, that is just a given (the home folder is created at user logon). However, what you'd want to do is apply those permissions to the folder only (an advanced option) instead of "Folders/files and all subfolders" which is the default option.
Actually here are the specific privilages to assign to the root directory:
System ? Full Control
Domain Admins (or your admin group) ? Full Control
Authenticated Users ? List Folders / Read Data & Create Folders / Append Data (Applied to ?this folder only?)
Creator Owner ? Full Control (Applied to ?Subfolders and Files only?)
 
The folder is not created at user login, it is created the moment you hit "apply" after entering the home folder into the user properties. For this reason, I don't even see why the user would need permissions to the parent folder, but oh well.

I thought turning off inheritable permissions on the parent folder may fix it, but it seems that it automatically matched those permissions when it creates the new folder anyway.

So, the answer then is no, I take it? Windows just assumes you want all your users to be able to read & delete each others documents? Strange.

Yeah, I know I'll have to create scripts eventually, just seems silly that really basic simple user setup stuff like this is completely missing. One of the first things in the most basic setup for a new network user should be to create a home folder with permissions only for that user and administrators. This has been as simple as a checkbox in Novell for what, 15 years?

Am I missing something or is there no templates for new users either? Have to manually add each user to any groups you want them in?

This just seems really strange and annoying that I have to go and write scripts to do all of this extremely basic stuff. Isn't Windows supposed to have a "lower TCO because it's so easy to administer from a GUI"? ;-)

I mean, for god's sake all I'm trying to do is get a test domain setup to see how we can implement this instead of our current Novell stuff and I'm having to get into scripting for the simple task of creating some user accounts?
 
Ahh, thank you spyordie, that is exactly what I'm looking for. I knew this seemed too simple of a task to require manual settings. Do the users even really need List/Read access?


Originally posted by: spyordie007
Originally posted by: Rilex
You'd need to give the user permissions to read/write to the parent directory, that is just a given (the home folder is created at user logon). However, what you'd want to do is apply those permissions to the folder only (an advanced option) instead of "Folders/files and all subfolders" which is the default option.
Actually here are the specific privilages to assign to the root directory:
System ? Full Control
Domain Admins (or your admin group) ? Full Control
Authenticated Users ? List Folders / Read Data & Create Folders / Append Data (Applied to ?this folder only?)
Creator Owner ? Full Control (Applied to ?Subfolders and Files only?)

 
The folder is not created at user login, it is created the moment you hit "apply" after entering the home folder into the user properties. For this reason, I don't even see why the user would need permissions to the parent folder, but oh well.

So, the answer then is no, I take it? Windows just assumes you want all your users to be able to read & delete each others documents? Strange.
I dont use home folders on the network however you should only have to setup the initial folder and privilages on it and than setup the user accounts (and you can do this in bulk by selecting them from the MMC) using the variable %username% when setting the home directory path. If you do this and set the privilages as I have listed above the folder will be created with the user's account and the administrators group recieving full control of the folder and all other privilages will get removed.

You shouldnt be manually creating the folders and you shouldnt have to write scripts to do this; when the user logs on for the first time it's created under the context of their account.
One of the first things in the most basic setup for a new network user should be to create a home folder with permissions only for that user and administrators. This has been as simple as a checkbox in Novell for what, 15 years?
I dont like to use home folders; I much prefer folder redirection of their "my documents". Folder redirection setup is fairly similar but it's easier to control via group policy and can be setup so it is available offline.
 
Originally posted by: spyordie007
The folder is not created at user login, it is created the moment you hit "apply" after entering the home folder into the user properties. For this reason, I don't even see why the user would need permissions to the parent folder, but oh well.

So, the answer then is no, I take it? Windows just assumes you want all your users to be able to read & delete each others documents? Strange.
I dont use home folders on the network however you should only have to setup the initial folder and privilages on it and than setup the user accounts (and you can do this in bulk by selecting them from the MMC) using the variable %username% when setting the home directory path. If you do this and set the privilages as I have listed above the folder will be created with the user's account and the administrators group recieving full control of the folder and all other privilages will get removed.

You shouldnt be manually creating the folders and you shouldnt have to write scripts to do this; when the user logs on for the first time it's created under the context of their account.
One of the first things in the most basic setup for a new network user should be to create a home folder with permissions only for that user and administrators. This has been as simple as a checkbox in Novell for what, 15 years?
I dont like to use home folders; I much prefer folder redirection of their "my documents". Folder redirection setup is fairly similar but it's easier to control via group policy and can be setup so it is available offline.


Yeah, I am definately going to be using redirection for My Documents, but I haven't gotten that far yet. I was just assuming that I would be redirecting it TO their home folder. You're saying these are two different and independent things?
 
Yeah, I am definately going to be using redirection for My Documents, but I haven't gotten that far yet. I was just assuming that I would be redirecting it TO their home folder. You're saying these are two different and independent things?
Yes, if all you want is for them to use their my documents and have that on the network use folder redirection.
 
Originally posted by: spyordie007
Yeah, I am definately going to be using redirection for My Documents, but I haven't gotten that far yet. I was just assuming that I would be redirecting it TO their home folder. You're saying these are two different and independent things?
Yes, if all you want is for them to use their my documents and have that on the network use folder redirection.


Out of curiousity, why don't you like home folders? What exactly do they do besides store user's files?

 
Originally posted by: jfunk
Originally posted by: spyordie007
Yeah, I am definately going to be using redirection for My Documents, but I haven't gotten that far yet. I was just assuming that I would be redirecting it TO their home folder. You're saying these are two different and independent things?
Yes, if all you want is for them to use their my documents and have that on the network use folder redirection.


Out of curiousity, why don't you like home folders? What exactly do they do besides store user's files?
There isnt anything I dislike specifically about home folders. I just like to give users a consistant single place to store data so rather than giving them "my documents" and their "home folder" I would rather just give them "my documents" and use folder redirection to store/backup on the server side.

I just find it's less confusing to have 1 place rather than 2.
 
A lot of my users come from legacy environment where they are used to I: or H: being their home network drive. Back in the Novell days, you know?

Younger users are far more inclined to use 'My Documents'. I basically redirect both to their home drive.
 
Ahh, I gotcha. Yeah, all my users are used to saving their documents to the "U:\" drive, but I've been redirecting the My Docs folder to U:\ so that they still get there when they forget. We use Deep Freeze, so users would lose their files when they accidently saved to My Docs instead of U:\ and shutdown the computer.

Are there any new user templates in Windows? I don't see any. I figure you could just create generic user accounts and use the copy function to do the same thing, but I was curious if there was actually a template setup or not.
 
Back
Top