Security on Home Directories

From: EvanGordey (EvanGordey_at_discussions.microsoft.com)
Date: 02/28/05 

Date: Mon, 28 Feb 2005 13:11:03 -0800

I am trying to integrate some macs into our windows 2003 server environment.
The problem I have is with the security on users home directories. I work in
a school, so the group "teachers" is for teachers and the group "students" is
for students.
The way I currently have it set up is as follows:
I have a share set up on the server for students called "StudentDirectory"
and the Active Directory template for making new students puts their home
directories in that share. The way security is set up on this share is that
Administrators and the Teachers group can administer all folders underneath
it using inheritance, which works awesome in a straight windows environment.
The students group doesnt have read access on the share itself, just on their
own directories created underneath it.

Now the problem. The way the macs seem to work is that when they
authenticate into active directory, they mount shares. As I have it only the
parent folder "StudentDirectory" is shared, and if you log into a student
account on the macs you cant mount your home directory unless you have read
access to the share. I cant give them read access to the share as it stands,
because then they would be able to read into all the other students home
diredtories because of inheritance.

I am wondering if their is a way in AD to set up thorugh policy or something
the default set of permissions and to also disable inheritance on a users
home directory when created. This would allow me to give the students group
read access to the "StudentDirecory" share without being able to browse into
other students home folders

If I am using really bad grammar, I'm sorry. I am trying my best to explain
the problem I am having so that you guys will understand.

Thanks

Relevant Pages

  • Changing default Security on Home Directories
    ... I am trying to integrate some macs into our windows 2003 server environment. ... The problem I have is with the security on users home directories. ... so the group "teachers" is for teachers and the group "students" is ... account on the macs you cant mount your home directory unless you have read ...
    (microsoft.public.win2000.group_policy)
  • Sercurity on Home Directories
    ... I am trying to integrate some macs into our windows 2003 server environment. ... The problem I have is with the security on users home directories. ... so the group "teachers" is for teachers and the group "students" is ... account on the macs you cant mount your home directory unless you have read ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem that has never been resolved, Mapped home directory
    ... So I do not have them on the root of the folder. ... When is fails it maps to the root file students. ... have them map the drive and it will map correctly but this is hard ... I hope you are aware that home directory and profile path are two ...
    (microsoft.public.windows.server.active_directory)
  • Re: Help Needed configuring Samba on Webserver
    ... >> which is not a problem for a class of 5 students, ... chgrp home directory to apache ... input windows password into samba as samba password ... Curriculum Vitae ...
    (Fedora)
  • Re: Students heading back to school want Macs
    ... Sermo Malifer wrote: ... "As students head to school this fall, many are choosing Macs ... If your survey is correct, ...
    (comp.sys.mac.advocacy)