Saturday, March 26, 2011

Configuring home directory for domain users

Configuring home directory for domain users, you should add root share that will contain the user home directory, and configure the permissions on home folder.

1. At file server, log in as Domain Administrator.
2. Launch "Windows Explorer", create a new folder which is named "Home" in C drive.
3. Right-click "Home", select "Properties".
4. Select "Sharing" tab.
5. Click "Advanced Sharing".

Remark: For Windows Server 2003, you should select "Share this folder".

Figure 1: The sharing option of Windows Server 2003

6. Check "Share this folder".
7. Next to "Share name", type "Home$".

Figure 2: The share name of the folder

Remark: For security reason, you should use hidden share.
8. Click "Permissions".
9. Remove "Everyone", add "Authenticated Users".
10. Check Allow "Read" and "Change".

Figure 3: The share permissions of the folder

11. Click "OK" twice.
12. Select "Security" tab.
13. Click "Advanced".
14. Click "Change Permissions".
15. Un-check "Include inheritable permissions from this object's parent".

Figure 4: "Include inheritable permissions from this object's parent" option

16. Click "Add".
17. Remove "Users" in the permission entries.
18. Add "Authenticated Users".
19. In the "Permission Entry for Home", check Allow "Traverse folder / execute file", "List folder / read data", "Read attributes" and "Read extended attributes".
20. Next to "Apply to", select "This folder only".

Figure 5: The NTFS permissions of the folder

21. Click "OK".

Figure 6: The NTFS permissions of the permission entries

22. Click "OK" twice.
23. Click "Close".
24. Launch "Active Directory Users and Computers", select a user's properties.
25. Select "Profile" tab.
26. Next to "Home folder", select "Connect".
27. Next to "To", type \\<Server Name>\home$\%username%.

Figure 7: Home folder path

28. Click "OK".

As a result, the user's home folder is created in the home folder of the file server.

This posting is provided “AS IS” with no warranties, and confers no rights!

No comments:

Post a Comment