Permissions that need to be set to allow automate users home directory creations

share1When you configure home directory for user (from “Active directory users and computers” – in Windows 2000/2003/2008/2012 domain or “User manager for domains” – in NT4 domain), you should add root share that will contain the user home directory – \\servername\users$\%username%. To allow automatic creation of this home folder, there need to configure correct NTFS and Share permissions on home folder root share.

Right click the folder > Properties > Sharing > Advanced Sharing. Name the share and add a “$” to the end to make it a hidden share.

Click Permissions on the share.

share2

To allow automate home directory creations, please make sure to apply this security settings on the root folder that should contain the user home directory.

Administrators: Full Control
System: Full Control
Authenticated Users: Full Control

Now click OK > OK to get back to the Folder Properties.

Now we need to configure the NTFS permissions, so we need to be on the “Security” tab of the folder we created earlier.

1. Turn off inheritance on the folder and copy the permissions. You do this by:

a. Click the Advanced button found on the Security tab.
b. Clear Allow inheritable permissions to propagate to this object check box in the Advanced Security Settings dialog box.
c. Click Copy when prompted by the Security dialog box.

2. Click OK to return to the Security tab. Ensure we have the following permissions set:

Administrators: Full Control
System: Full Control
Creator Owner: Full Control
Authenticated Users: Read & Execute, List Folder Contents, Read

3. Change permissions for Authenticated Users so they cannot access other users’ folders. You do this by:

a. Click Advanced on the Security tab.
b. Click Authenticated Users, and then click Edit.
c. On the Permissions Entry for HOME dialog box, drop down the Apply onto and select This folder only.
d. Click OK twice.