RE: Home Directory Permissions

From: Alex Zhang (v-qiz_at_online.microsoft.com)
Date: 04/21/04

  • Next message: karendavis_at_optonline.net: "My new nipple and vagina piercings" 
    Date: Wed, 21 Apr 2004 08:21:16 GMT

    Hello Don,

    Thank you for posting here.

    I suggest that you refer to the following article to configure proper
    permission for the folder Users which you shared as Error! Hyperlink
    reference not valid. name>\users

    Q274443 HOW TO: Dynamically Create Secure Redirected Folders By Using
    Folder."
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;274443

    Please perform the following steps to test the situation:

     1. Set Share Permissions for the Everyone group to Full Control.
     2. Use the following settings for NTFS Permissions:
            CREATOR OWNER - Full Control
            System - Full Control
            Domain Admins - Full Control
            Everyone - List Folder/Read Data (Apply onto: This Folder,
    subfolders, and files)
            Everyone - Read Attributes (Apply onto: This Folder, subfolders,
    and files)
            Everyone - Create Folder/Append Data (Apply onto: Subfolders, and
    files only)

    NOTE: That in the modified permissions, the Create Folder/Append Data
    permission is only applied to "Subfolders, and files only" not "This
    Folder, subfolders,and files."

    Note: You can right click the folder->Properties->Security->Advanced, and
    uncheck ˇ°inherited from parent permissionˇ± to remove all inherited
    permission from parent folder and then add proper users as described above.

    You can add permission for Everyone by:

    1). Right click the users folder->properties->security->Advanced
    2). Click Add, type Everyone, click OK, select Apply onto: This Folder,
    subfolders, and file, check List Folder/Read Data and Read Attributes.
    3). Click Add, type Everyone, click OK, select Apply onto: Subfolders, and
    files only, check Create Folder/Append Data

    Then you can try to create users by using your template to test the
    situation, the user shall have proper permissions at this time.

    For more information about home directory:
    Home-Directory
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad
    schema/a_homedirectory.asp
    Managing Existing User and Group Accounts
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
    09w2kada.mspx
    HOW TO: Assign a Home Directory to a User
    http://support.microsoft.com/default.aspx?kbid=320043
    How Windows NT Determines a User's Home Directory
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;101507

    I hope this information proves helpful to you.
    If you have any questions or concerns, please do not hesitate to let me
    know. I am happy to be of assistance.

    Thanks and regards,
    Alex Zhang
    Microsoft Partner Online Support
    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    | Content-Class: urn:content-classes:message
    | From: "Don Jones" <jonesds1@comcast.net>
    | Sender: "Don Jones" <jonesds1@comcast.net>
    | Subject: Home Directory Permissions
    | Date: Tue, 20 Apr 2004 17:19:57 -0700
    | Lines: 19
    | Message-ID: <1e2301c42736$6084a700$a401280a@phx.gbl>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="iso-8859-1"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    | Thread-Index: AcQnNmCE67BdYRHaSEW1R8l5F3rnnA==
    | Newsgroups: microsoft.public.win2000.security
    | Path: cpmsftngxa10.phx.gbl
    | Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.security:25599
    | NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
    | X-Tomcat-NG: microsoft.public.win2000.security
    |
    | What should the user's home directories permissions be?
    |
    | Using a Windows NT 4.0 Domain, and adding users with Home
    | Directories, the end permissions are UserName with Full
    | Control and no other users have access.
    |
    | Under Windows 2000 Domain, The user's home directory is
    | inheriting the permissions of the parent folder. Admin
    | Full Control, System Full Control, Users Full Control,
    | and the username full control. The folder has the box
    | checked to to inheirt permissions from the parent.
    |
    | I was under the impression, that home directories should
    | only be accessible by the "user" and no one else unless
    | the user gave them access. Am I missing something?
    |
    | Thanks.
    |
    | Don Jones
    |

  • Next message: karendavis_at_optonline.net: "My new nipple and vagina piercings"

    Relevant Pages