Re: Changing default Security on Home Directories
From: lforbes (UseLinkToEmail_at_WindowsForumz.com)
Date: 03/01/05
- Next message: lforbes: "Re: Re: How to split a GPO"
- Previous message: lforbes: "Re: Desktop redirection"
- In reply to: EvanGordey: "Changing default Security on Home Directories"
- Next in thread: lforbes: "Re: Changing default Security on Home Directories"
- Messages sorted by: [ date ] [ thread ]
Date: 28 Feb 2005 23:09:15 -0500
"EvanGordey" wrote:
> I am trying to integrate some macs into our windows 2003
> server environment.
> The problem I have is with the security on users home
> directories. I work in
> a school, so the group "teachers" is for teachers and the
> group "students" is
> for students.
> The way I currently have it set up is as follows:
> I have a share set up on the server for students called
> "StudentDirectory"
> and the Active Directory template for making new students puts
> their home
> directories in that share. The way security is set up on this
> share is that
> Administrators and the Teachers group can administer all
> folders underneath
> it using inheritance, which works awesome in a straight
> windows environment.
> The students group doesnt have read access on the share
> itself, just on their
> own directories created underneath it.
>
> Now the problem. The way the macs seem to work is that when
> they
> authenticate into active directory, they mount shares. As I
> have it only the
> parent folder "StudentDirectory" is shared, and if you log
> into a student
> account on the macs you cant mount your home directory unless
> you have read
> access to the share. I cant give them read access to the share
> as it stands,
> because then they would be able to read into all the other
> students home
> diredtories because of inheritance.
>
> I am wondering if their is a way in AD to set up thorugh
> policy or something
> the default set of permissions and to also disable inheritance
> on a users
> home directory when created. This would allow me to give the
> students group
> read access to the "StudentDirecory" share without being able
> to browse into
> other students home folders
>
> If I am using really bad grammar, I'm sorry. I am trying my
> best to explain
> the problem I am having so that you guys will understand.
>
> Thanks
Hi,
The tip is to give them "Read Access" in the Upper Folder
permissions and then go into Advanced and change FROM "This folder,
subfolders and files" TO "This Folder only". This gives them read
access to the upper folder but is NOT inherited to subfolders.
Therefore they can see the list of users folders and the names, but
can’t enter into them.
This is the way the home folders should be setup with Window 2003. As
Windows 2003 sets up users folders with inheritance whereas Windows
2000 didn’t.
Cheers,
Lara
-- Posted using the http://www.windowsforumz.com interface, at author's request Articles individually checked for conformance to usenet standards Topic URL: http://www.windowsforumz.com/Group-Policy-Changing-default-Security-Home-Directories-ftopict271438.html Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=856265
- Next message: lforbes: "Re: Re: How to split a GPO"
- Previous message: lforbes: "Re: Desktop redirection"
- In reply to: EvanGordey: "Changing default Security on Home Directories"
- Next in thread: lforbes: "Re: Changing default Security on Home Directories"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
