Re: User permissions - Server 2003
- From: "DSEDM" <DSEDM@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 21 Jan 2006 22:46:02 -0800
I followed your directions and entered \\server\home\%username% in the bottom
Home folder box (used the drive letter Z:) Domain Admin was removed from the
account and Domain User has been left in place.
The user folder was created within the shared Home directory after applying
\\server\home\%username%
I logged back in with that user logon and I can still open the computers
that are listed in the domain.
I am on the right track because this seems very familiar but there is a step
missing from what I recall.
And yes indeed I will be going down and picking up the MS Press book, thanks
for the link.
Thank you very much for your time.
"Daniel Heimburg" wrote:
> First of all, remove all users from domain admins. This is a MAJOR
> security breach.
>
> You can deny users access to machines except their own in Active
> Directory Users and Computers (properties of the user).
>
> Create a home folder on the AD machine, share it with full permissions
> to everyone, and again under properties of the users in ADUC put
> \\server\home\%username% in the home folders box. (NTFS permissions will
> not let users browse eachtohers directories).
>
> Check out the 70-290 book from microsoft press, it contains alot of
> useful information about what you are asking.
>
> http://www.microsoft.com/MSPress/books/6469.asp
>
> /daniel heimburg
>
> DSEDM skrev:
> > I am new to setting up Server 2003, please bear with me.
> >
> > I have A.D. installed and have created my user accounts which reside in
> > logicaly named O.U.'s. I have joined all of the machines (28 of them) to the
> > domain.
> >
> > All of the user accounts I have given Domain Admin permissions (on a
> > temporary basis.)
> >
> > I worked of off a server a few years back that had security in place that I
> > would like to duplicate, but alas I do not know how to set this up.
> >
> > What I want to setup is this:
> >
> > 1.) When the users browse the network I want them Denied Access to all
> > machines except their own.
> >
> > 2.) I have a shared Home directory on the server with departmental type
> > folders residing within. (Eg: Warehouse, Mill, Geology ...etc) I want to
> > apply permissions to these folders so that one deptartments users cannot go
> > wandering through the others data.)
> >
> > Right now if a user logs on over at the warehouse the user can browse to the
> > machines on the network and access them. I have removed all shares from all
> > machines so all the see is the Task Schedule and shared printer if
> > applicable.
> >
> > The users can also go to the Home directory and browse through all of the
> > others folders. I understand that I must create user groups and then apply
> > permissions to that group...but do I use Group Policy to do this ?
> >
> > I would love dearly to know how to set this server up properly but am short
> > in the knowledge dept, From what I have been reading on this site this should
> > be an easy post for most of the techs.
> >
> > Thanks for all the help.
> >
> >
> >
> >
> >
> >
>
.
- Follow-Ups:
- Re: User permissions - Server 2003
- From: Daniel Heimburg
- Re: User permissions - Server 2003
- References:
- Re: User permissions - Server 2003
- From: Daniel Heimburg
- Re: User permissions - Server 2003
- Prev by Date: the network request is not supported
- Next by Date: Re: the network request is not supported
- Previous by thread: Re: User permissions - Server 2003
- Next by thread: Re: User permissions - Server 2003
- Index(es):
Relevant Pages
|
