Set profile on fileserver but not let other users access the folder

0

OK, so I want to set the profile path and have it mapped to a drive letter, but I don't want everyone else to be able to access that folder. Just maybe admins and the actual user.

\server\home-directories\%username%

That's what I put in. But the problem is that anyone can just go to \server\home-directories and then have their pick any anyone else's home directory/profile folder. How do I block them and have active directory/gpo do it? I am using windows 7 and a few xp pro's and all server 2008 R2.

user277244

Posted 2014-02-03T05:09:34.790

Reputation: 251

Answers

0

The trick is to use creator owner permissions. In fact it means that users are allowed to create any folder within root of home directories \\server\home-directories but can access only those created by themselves. I recommend you do not to try this guide straight on your production \\server\home-directories folder, but create test one due you may have broken inheritance or other permission stuff I'm not aware:

Open security tab from properties of \\server\home-directories. In this tab hit Advanced to edit special permissions:

1.) Leave there only admin permissions so you can later administer this folder

2.) Add Authenticated Users, but set flowing permissions:

Apply to: This folder only
Allow: Traverse folder, list folder, read attributes, read extended attributes, create folders, read permissions

3.) Add CREATOR OWNER, but set folowing permissions:

Apply to: Subfolders and files only
Allow: Full control (or some limited access for user to their home directory dependant on company policy)

Laky

Posted 2014-02-03T05:09:34.790

Reputation: 101

Asked: 2014-02-03T05:09:34.790

Viewed: 75 times

Active: 2014-02-06T10:45:07.920