Windows server 2012 home directories

T

Triden

Limp Gawd
Joined
May 8, 2002
Messages
296
I'm having a lot of trouble trying to configure user home directories on a Windows 2012 R2 server running active directory.

What I've currently done is created a share on the drive called "home" and made it read/write accessible to "authenticated users".

In the user profile where I set up the user home directory, I select the drive letter (this case H:) and put in the path as "\\fs1\home\%username%".

On my windows 2008 server, after I hit apply, it would create a folder with the username in the home share that I created. It doesn't do this on the 2012 server. Am I doing something wrong? I verified that \\fs1\home\ was accessible remotely, and it is.

Any ideas? Thanks!
 
You need to make permission changes twice:

One at the share. Sounds like you have this one already. This basically grants users rights to read/write data in \\fs1\home.

The second permission change is at the folder level -- so locally on \\fs1 on whatever folder is represented by the share home. You need to make some fancy permission edits here, but it's not that bad. You're going to give Authenticated Users rights to read/write to the folder, but you'll probably want to break inheritance to make sure authenticated users don't have rights to traverse the folder structure (users only get access to their home directory).

Here's an MS KB Article describing the permissions.

On a side note -- it works fine on 2012. I recently set this up in my environment, too.
 
If you create a shared directory, leave the Share permission to Everyone Full control. On the NTFS permissions for the folder you create, under advanced simply uncheck "inherit permissions", click Add existing permissions when prompted, then click users and remove, then leave the folder alone. When you use the profiles tab (using the %username% method) on a user account, that will set permissions for you. All you need to use is remove Users from inheriting down (as I described) to stop people from viewing others folders. It's a lot easier than you think.

At this point you can add one user and set the profile, then simply r-click Copy the account to create new users and each will have their own profile created (because %username% is copied) Or you can bulk import users using LDIFDE and a CSV. Then highlight everyone, and go into properties to set their profiles all at once and add them to groups, etc.

Once you know how to do it, it literally takes a few moments to create a folder, share it, and import hundreds of users with the correct permissions without any batch files or other methods to set permissions.
 
Last edited:
Thanks for the answer so far, I will try that this evening.

My primary concern was that when I click "ok" after entering the home folder information for the user, the folder itself is not created. Do you think the permissions modification will fix this?
 
Triden said:
Thanks for the answer so far, I will try that this evening.

My primary concern was that when I click "ok" after entering the home folder information for the user, the folder itself is not created. Do you think the permissions modification will fix this?
Click to expand...
You can either type in the users name or use %username%. If the folder exist it will prompt you to allow it to set the proper permissions.
 
bigdogchris said:
You can either type in the users name or use %username%. If the folder exist it will prompt you to allow it to set the proper permissions.
Click to expand...

This is the issue. When I type in \\fs1\home\%username% in the path and hit OK, no folder is created.
 
I think you may need to set up a template user in AD with the \\fs1\home\%username% home directory entry then copy the template entry to the new user.

I would suggest you grant Authenticated Users Change access to the Home share at the Share level and Read access at the File level, then Change access to their Home directory.
 
Triden said:
This is the issue. When I type in \\fs1\home\%username% in the path and hit OK, no folder is created.
Click to expand...
Do this for me:

  • In the same root directory of the Home share, create a new folder called Test
  • Go into the security properties of Test and go to Advanced.
  • Check Change permissions
  • Uncheck Include Inheritable permissions
  • click Add on the popup
  • Click on Users and remove them
  • Go back to the folder properties and click Sharing tab
  • Click Advanced Sharing
  • Share this folder
  • Share name: Test
  • Permissions Everyone Full Control

Then try to set profiles Connect H: to \\fs1\test\%username% then click Apply.
 
I got it creating home directories which is great. It was a permission thing I guess. I had to give SYSTEM full permission to the home folder and then it started making the directories. It's weird that it didn't allow the system to do it by default.

Now my problem is that the home directories don't automatically map when the user logs in. The user can manually access \\fs1\home\their_username and created/delete files, but it doesn't seem to be mapping.

The goal in the end is to have folder redirection turned on for the documents and desktop, but I need this to automatically map first.
 
You must log in or register to reply here.
Back
Top