Create User folders in Windows Server 2008 R2 and add them to Active Directory


rate 1 star rate 2 star rate 3 star rate 4 star rate 5 star
Your rating: none, Average: 3.6 (5 votes)

This article have been viewed 31566 times

Scenario:

You have setup a brand new Windows Server 2008 R2 Server and want to share a User folder in the network that will be entered into AD into every user. As we keep a high standard of user integrity we will want to take every necessary precaution to prevent users from accessing/viewing/deleting each others files.

 


Share Permissions:

This walk through takes for granted that this server is a part of an active directory environment.

      1. Create a folder named Users (this can be anywhere on the server but I will put it in D:\)
      2. Right-click on this folder and select Properties.
      3. Select the Sharing tab
        Sharing tab
      4. Click Advanced Sharing.
        Advanced Sharing
      5. Check “Share this folder”.
      6. Add a $ sign to the end of the Share name so it says Users$. (This makes this share invisible when browsing the network)
      7. Click on the Permissions button.
        Permissions button
      8. Remove the Everyone group.
      9. Click Add, and add the following groups: Administrators, System, Authenticated Users.
      10. For each group (there should be three) give them full permissions (select allow under full control).
        Full Control
      11. Click OK.

 


NTFS Permissions:

      1. Select the tab Security.
        Security tab
      2. Select Advanced button.
        Security tab
      3. Select change permissions.
      4. Uncheck “Include inheritable permissions from this object’s parent”.
      5. Click on Add when the warning prompt pops up.
        Warning box
      6. Select Users and hit remove (Do this for both if you have two field with user permissions)
      7. Select Add and add the Authenticated Users group.
      8. At Apply To: Select: This folder only.
      9. For the permissions select allow for: Traverse folder / execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions.
        Permissions Authenticated Users
      10. Click OK, Click OK, and Click OK again.
      11. Now your Security tab should look like the image below.
        Security Tab 2

 


Share and storage management:

  1.  Go to Start > Administrative Tools > Share and storage management.
    Share and storage management
  2. Select the share you just created: Users$.
  3. Right click and select Properties.
  4. Click on the Advanced button.
    Share and storage management advanced
  5. Check the check box Enable access-based enumeration.
    Share and storage management access
  6. Click OK.
  7. Close out the Share and storage management console.

Active Directory:

On Your Domain Controller.

  1. Go to Start > Administrative tools > Active directory users and computers.
  2. Navigate to the User you want to add the User folder to.
  3. Right click and select properties on the user.
  4. Select the profile tab.
  5. Under the section Home folder: Select the Connect radio button.
  6. Select the letter U:\
  7. In the To: Text area type: \\YOURSERVER\Users$\%username%(if your server with the share’s name is joe it would be \\JOE\Users$\%username%)
  8. Click OK
  9. Close Active Directory Users and Computers.

If you now browse to the Users$ share folder on the server you created it on. You will notice a folder in it with the users username as the folder name. If you check the permissions for the folder the right permissions have automatically been applied. This technique will definitely save you lots of time as if you were doing it via old net use scripts. Congratulations you have successfully added a user folder share and added it to a user.

Please note that this can be done to multiple users at once, all you do is select all the users in active directory and add the user share to the users.

Feel free to post comments if things are unclear or so, it’s very easy to miss certain details when making a guide like this.