Creating Multiple Home Directories with Custom Permissions

By -
In this post we will see a way to create multiple home directories, remove inherited permissions, remove other users, and then give the user write access to the folder.
1.

Create Share for Home Directories

On your file server, create a share that will hold all your home directories. Be sure to allow Domain Users to have read access to this share
2.

Get a list of all users

We wanted the home directories to have the same name as the user's login name. I was able to export a list from Active Directory of all the login names. Save this as a text file with the name file.txt
3.

Batch file to create directories

Make a batch file with the following lines to create the home directories:
@echo off
for /f %%i in (file.txt) do mkdir %%i
Place this batch file in the root of the share along with the file.txt. Run the batch to create the folders.
4.

Removing Inheritance


We don't want user's to be able to see the contents of other user's home directories. First we need to break inheritance. I found a program called SetACL and it can be found at http://files.helgeklein.com/downloads/SetACL/current/SetACL%20(executable%20version).zip

Modify the batch file you created and remove "mkdir %%i" and place the following in its place:

setacl -on %%i -ot file -actn setprot -op “dacl:p_c”
5.

Removing Domain Users


Modify the batch file again and place the following after the "do" to remove Domain Users from being able to read the folders:

SetACL -on %%i -ot file -actn trustee -trst “n1:domain users;s1:n;ta:remtrst;w:dacl”
6.

Adding the user with modify permissions

Replace what is after the "do" statement in the batch file with the following command to give the user modify access to their home folder:

setacl -on %%i -ot file -actn ace -ace n:%%i;p:change


Conclusion

After all these steps are completed, you should have multiple directories in your home share with only admins and the user who are able to see and modify their files!


Comments

Post a Comment

Popular posts from this blog

How To Add Print Button to Blogger Posts

By -
This tutorial explains how to add a small print button below the post titles to print It is really necessary to Add Print Button to Blogger Posts, if there were any visitors or viewers want to print one or more posts in a blog. Like this below : Click Here to See the Example  (scroll at the end of post to find printer button icon) How to Add Print Button to Blogger Posts ? ... First Step 1. Go to Dashboard, click Design, click Edit HTML 2. Click Expand Widget Templates 3. Find code of HTML below : </head> you can use (Ctrl+F) to find easily
Read more

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By -
Image
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 installa
Read more