Re: User Folders created by the system
From: Infotech (adsf)
Date: 02/11/05
- Next message: [-=Dan=-]: "Re: Locked out of Win2k Server"
- Previous message: Don Wilwol: "Re: Locked out of Win2k Server"
- In reply to: Stuart Mackie [MCSE MCSA]: "Re: User Folders created by the system"
- Next in thread: Steven L Umbach: "Re: User Folders created by the system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Feb 2005 08:26:44 -0600
Thanks! I was afraid I would have to change them on the parent folder then
go a reset all the other permissions. Thankfully that's not the case.
Thanks.
-- Infotech "Stuart Mackie [MCSE MCSA]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> wrote in message news:ek2GKE9DFHA.2756@TK2MSFTNGP15.phx.gbl... > Hi. When using the AD users and computers console the default behaviour > in Win2k3 is to inherit parent permissions. To make sure future users have > the correct permissions without having to manually adjust them you will > need to alter your parent folder permissions. An example of permissions > you could use would be: > > 'Parent Folder' NTFS Permissions > System - Full Control > Domain users - Read & Execute (see below before applying) > List Folder Contents > Read > Domain Admins - Full Control (This depend on company policy) > > Before Accepting/Applying the above changes, click Advanced, select the > Domain Users entry, click Edit and set Apply onto to 'This Folder and > Files' (i.e. NOT This Folder, Subfolder and Files). > Adjust the above permissions to accomodate your company policy i.e. Admin > permissions on user home folders etc. > > > Share Permissions > Domain Users - Full Control > Domain Admins - Full Control > > > When you now create a new user, for the home folder section use > \\fileserver\\users\\%username% The AD console will create the %username% > folder which will inherit the parent permissions. Since the Domain Users > permission only applies to the Parent folder only, this permission will > not be inherited and the AD console will add the Full Control permission > for the user. > "Infotech" <adsf> wrote in message > news:u3Tvcg8DFHA.2608@TK2MSFTNGP10.phx.gbl... >>I have local users Home Folder (in User properties) set to connect to a >>share on our file server. Microsoft recommends using >>\\fileserver\users\userfolder. I decided to do that for all our users. >>The security problem arises when the system creates the folder it inherits >>file permissions from the parent folder, adding "Authenticated Users" >>group with Read permission on every user folder it creates inside "Users".
- Next message: [-=Dan=-]: "Re: Locked out of Win2k Server"
- Previous message: Don Wilwol: "Re: Locked out of Win2k Server"
- In reply to: Stuart Mackie [MCSE MCSA]: "Re: User Folders created by the system"
- Next in thread: Steven L Umbach: "Re: User Folders created by the system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
