Windows NT4 Domain Home Directories

by Johannes Helmig [Published on 16 July 1999 / Last Updated on 16 July 1999]

When being connected to a Server, each user is usually assigned a location /
directory on the server to store his private files (file, which nobody else is allowed to access). Although a user could keep such private files on his local
harddisk, it is preferred to store such files on a server, because files on the server are at most installations properly backed-up (while for files on local harddisk, far too often never a backup is made).

Such a directory on the server is called: "Home Directory"

To ensure the privacy of such files, Home-Directories should be placed
on server disks with NTFS-formatting, where the Administrator has first to
create a directory for these Home-directories and then to Share it:

In this example, the Home-directories
will be stored on the G-drive in the
directory "Users", which is shared
under the name "Users" and for which
"Everybody" needs "Full Access"
(otherwise the users are NOT able
to store their files via the network)
To avoid users to create additional
directories themselves, it is now
required to define under "Security"
(ONLY available on NTFS drives)
in "Permissions", that :
- the Administrator has "Full Access"
(because when creating users, a home
directory needs to be created, so the
Administrator needs the Create-Right)

- "Everybody" else has "Read Access"
(so that get can get to their own Home
Directory)


In the "Domain User-Manager", the Home-Directory is defined using
the UNC-path (using the Server-name , share-name and username),
so that the Client can locate it via the Network (and NOT the local path,
since that is unknown to the client trying to access it via the network):



When defining the Home-directory in the User-manager (above) and all
rights are properly defined to the USERS-directory, then the User-Manager
will create automatically the Home-Directory for this user and assign all
required Security:

Even the Administrator is not allowed
to view inside this Home-Directory,
since the User-manager assigned
ONLY to the user the "Full Control"



Via the "Network Neighborhood", the user is able to access his Home-Directory:
You can see the name of the other Home-Directories, but the Security
does not allow you to even view the content of other user's data.


Instead of the users having to browse the Network Neighborhood to access their home-directory, on most servers a network-drive is mapped via the
Logon-Script.
A network drive can be mapped using the NET- USE- command, defining
the UNC to the Users-directory, but often the Logon-Script uses Environment
variable defined during the Logon.

To view them, open a DOS-window (or "Command prompt" window) and type: SET

The HOMEDRIVE and HOMESHARE variable are used in the sample
Logon-Script below to map the Home-Directory:


As a result of the above Logon-Script, a message is displayed
(using NOTEPAD) and 2 network drives are mapped, where drive H:
is the user's Home-Directory:



There is a nice short-cut, when having to create a lot of users in the "User-Manager", by using the Environment variables also in the User-Profile:

Instead of defining in the "User Environment Profile" the username in
the Home-Directory UNC-path:


use here also the %USERNAME% variable:

you can now use in User-Manager the COPY-function
(very fast using the F8-key) to quickly create users
with the same profile, but still assigning to all of them
their own Home-Directory.

See Also

Advertisement

Featured Links