Permissions that need to be set to allow automate users home directory creations

Author:

Yuval Sinay MVP

COMMUNITY SOLUTIONS CONTENT DISCLAIMER

MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

SYMPTOMS

When you configure home directory for user (from "Active directory users and computers" - in Windows 2000/2003 domain or "User manager for domains" - in NT4 domain), you should add root share that will contain the user home directory - \\servername\sharename\%username%. To allow automatic creation of this home folder, there need to configure correct NTFS and Share permissions on home folder root share.

RESOLUTION

To allow automate home directory creations, please make sure to apply this security settings on the root folder that should contain the user home directory.
 
NTFS - Add Special Permissions to "Authenticated Users" group:
 
        Traverse Folder / Execute File

        List Folder / Read Data

        Read Attributes

        Read Permission
 
             You may need to disable permission inheritance and make sure that the speical permissions dont apply to subfolders of the root
             folder ("Apply Onto:" "This Folder Only").
 
Share - Add: Change - permission to "Authenticated Users" group.
 
 
Tip 1: If the operating system of the file server are Windows 2000 server, remove any NTFS/Share permission for "Everyone" group.
 
Tip 2: You should to consider to use DFS or/and Windows Storage Server 2003 to store user gome folder.

MORE INFORMATION

HOW TO: Configure Client User Profile Information for a Roaming User on Windows 2000
 

 
Simplifying Infrastructure Complexity with Windows Distributed File System
 

 
Windows Storage Server 2003
 

 
Properties

Article ID: 555046 - Last Review: 14 Feb 2017 - Revision: 1

Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Small Business Server 2000 Standard Edition

Feedback