Creating Multiple Home Directories with Custom Permissions
In this post we will see a way to create multiple home directories, remove inherited permissions, remove other users, and then give the user write access to the folder.
1. | Create Share for Home DirectoriesOn your file server, create a share that will hold all your home directories. Be sure to allow Domain Users to have read access to this share | |
---|---|---|
2. | Get a list of all usersWe wanted the home directories to have the same name as the user's login name. I was able to export a list from Active Directory of all the login names. Save this as a text file with the name file.txt | |
3. | Batch file to create directories
Make a batch file with the following lines to create the home directories:
@echo off
for /f %%i in (file.txt) do mkdir %%i
Place this batch file in the root of the share along with the file.txt. Run the batch to create the folders.
| |
4. | Removing InheritanceWe don't want user's to be able to see the contents of other user's home directories. First we need to break inheritance. I found a program called SetACL and it can be found at http://files.helgeklein.com/downloads/SetACL/current/SetACL%20(executable%20version).zip Modify the batch file you created and remove "mkdir %%i" and place the following in its place: setacl -on %%i -ot file -actn setprot -op “dacl:p_c” | |
5. | Removing Domain UsersModify the batch file again and place the following after the "do" to remove Domain Users from being able to read the folders: SetACL -on %%i -ot file -actn trustee -trst “n1:domain users;s1:n;ta:remtrst;w:dacl” | |
6. |
Adding the user with modify permissions
|
Comments