Default permissions on automatically created home directories

[Gareth1978]

Is there any way of defining the permissions applied to the home directories that can be created automatically in NT4 User manager using the %Username% option ?

We use this on one of our networks but am having to remove that option from the user account template we use as when it creates the directory only that user can access it - We the Domain Admins need in too and have to physically take ownership of the directory to get in.

Any suggestions?

Thanks

 

[SteveAudus]

Dear Gareth,

use the little know and well hidden command line funtion.

CACLS

on the command line type cacls /? to find out more.
or search the help files for cacls

Change the setting for folders with out replacing old ones.

I use the command
cacls *.* /T /E /C /R: Administrator:F
all the time.

Check it out, this little command changed my life....

How sad am I..!!!

Steve Audus
Network Manager
Chaucer Community School

http://www.chaucer.sheffield.sch.uk

http://www.educationinternet.co.uk

 

[lifegard2]

Below are a few batch files I use to automate the process. I got them from M$ website and tweaked to suit my needs. They work VERY well to grant the user and Domain Admins perms to the user directories. The only caveat is that the user directory name MUST match the user's name. However, if you are using %USERNAME% when you create the directory from User Mgr 4 Domains, shouldn't be an issue
---

rem ***************************************
rem *** BEGIN addperm.cmd ***
rem ***************************************

REM You can delete/REM the following line for
REM troubleshooting.

IF (%1)==() GOTO NoArgs
Echo Creating directory listing...
dir %1 /A /B > dir.txt
for /F "delims= tokens=1" %%a in (dir.txt) do call addperm2.cmd %1 %%a
echo ---------
echo - Finished.
echo ---------
GOTO End
:NoArgs
REM substitute e:\Home with the default dir that
REM contains all your user home dirs
ECHO usage: ADDPERM <E:\Home>
ECHO.
:End
del dir.txt
pause

rem ***************************************
rem *** END addperm.cmd ***
rem ***************************************

---

rem ***************************************
rem *** BEGIN addperm2.cmd ***
rem ***************************************

if %2==bytes GOTO :End

REM Prefix %2 with the domainname\ if applying
REM permissions to workstations or
REM member server and place Quotes if groups contain
REM a space.

cacls %1\%2 /T /G Administrators:F domainname\%2:F &quot;domainname\Domain Admins&quot;:F <\yes.txt
:End

rem ***************************************
rem *** END addperm.cmd ***
rem ***************************************

---

rem ***************************************
rem *** BEGIN y.txt ***
rem ***************************************

y

rem ***************************************
rem *** END y.txt ***
rem ***************************************

---

Make sure that in the &quot;y.txt&quot; file you do not have the beginning and ending REM statements.

I place these three files in the root of my file server and then place a shortcut on the desktop to addperm.cmd, the first file that kicks it off. I run it each time I add a new user. It will go through ALL home dirs and reset permissions on the home dir and all subfolders so that the user and Domain Admins have access.

Goog luck!

Ryan B.