You have setup a brand new Windows Server 2012 R2 Server and want to share a User folder in the network that will be entered into AD into every user. As we keep a high standard of user integrity we will want to take every necessary precaution to prevent users from accessing/viewing/deleting each others files.
This walk through takes for granted that this server is a part of an active directory environment.
- Create a folder named Users (this can be anywhere on the server but I will put it in D:\)
- Right-click on this folder and select Properties.
- Select the Sharing tab
- Click Advanced Sharing.
- Check “Share this folder”.
- Add a $ sign to the end of the Share name so it says Users$. (This makes this share invisible when browsing the network)
- Click on the Permissions button.
- Remove the Everyone group.
- Click Add, and add the following groups: Administrators, System, Authenticated Users.
- For each group (there should be three) give them full permissions (select allow under full control).
- Click OK.
- Select the tab Security.
- Select Advanced button.
- Select disable inhertiance.
- Click on “Convert inherited permissions into explicit permissions on this object” when the warning prompt pops up.
- Select Users and hit remove (Do this for both if you have two field with user permissions)
- Select Add and under Principal click “Select a principal” and in the search box type authenticated users and hit enter.
- At Applies To: Select: This folder only.
- For the permissions select allow for: Traverse folder / execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions.
- Click OK.
- Now your Security tab should look like the image below.
File and Storage Services:
- Go to Start > Server Manager and click on File and Storage Services in the left menu.
- Click on Shares and select the Users$ share you just created.
- Right click and select Properties.
- Click on Settings + and Select Enable access-based enumeration such as the picture below.
- Click OK.
- Close out the Server Manager window.
On Your Domain Controller.
- Go to Start > Administrative tools > Active directory users and computers.
- Navigate to the User you want to add the User folder to.
- Right click and select properties on the user.
- Select the profile tab.
- Under the section Home folder: Select the Connect radio button.
- Select the letter U:\
- In the To: Text area type: \\YOURSERVER\Users$\%username%(if your server with the share’s name is joe it would be \\JOE\Users$\%username%)
- Click OK
- Close Active Directory Users and Computers.
If you now browse to the Users$ share folder on the server you created it on. You will notice a folder in it with the users username as the folder name. If you check the permissions for the folder the right permissions have automatically been applied. This technique will definitely save you lots of time as if you were doing it via old net use scripts. Congratulations you have successfully added a user folder share and added it to a user.
Please note that this can be done to multiple users at once, all you do is select all the users in active directory and add the user share to the users.
Feel free to post comments if things are unclear or so, it’s very easy to miss certain details when making a guide like this.