Server 2012 R2

Discussion in 'Operating Systems' started by DigitalCancer, Jul 5, 2016.

  1. DigitalCancer

    DigitalCancer Gawd

    Messages:
    948
    Joined:
    May 15, 2006
    Hello everyone,

    I'm in the process of updating our environment to Server 2012 R2 and I've also added (2) Hyper-V clusters (2-nodes each) and all is going amazingly well honestly.

    My one issue however, is that I've re-built our file server but I can't seem to figure out how to re-build the structure that I had for the user home drives.

    A brief run-down, I have FILE\HOME\%username% - the file share that is setup for this has Domain User permissions on the file structure (I think, I'm assuming that's the Permissions tab in 2012) and for the Share permissions I have it set to Everyone (full).

    I'm not sure what I'm missing although I know it's a permissions thing - I want to set it up so that each user has permissions to their folder only - right now, they are getting permissions to all folders - although they don't know this as they're only seeing their own folders but they could easily navigate to the other users if they knew how.

    Can someone run down what permissions needs to be setup for Server 2012 (most of what I can find are for Server 08).
     
  2. bigdogchris

    bigdogchris Wii was a Novelty

    Messages:
    17,591
    Joined:
    Feb 19, 2008
    There may be a few missing details because each environment is different.

    • Create a folder that will hold the user home drives
    • Edit the NTFS permissions for that folder (security tab) and go into advanced,disable inherit and convert to explicit.
    • Remove Users group permissions
    • Add principal Domain User (or another group all your users are in) and set this folder only then add permissions read, list, read permissions, read extended attributes
    • Go back to advanced sharing and share the folder and give Full Control to Everyone group
    • Add DFS Namespaces and Replication (optional) under file and storage services role
    • Create a domain DFS root named whatever you want then add the share into that root
    • Select all users in ADDS and edit home profile, then point <drive letter> to \\domain\dfs\share\%username%
    When you do this it will automatically assign user permissions when you type in the home drive and hit OK. I add read to the top level folder just so users don't get errors if they try to back out of their folder. They can't read anything just see the folders (you can even set it to they cannot see the folders but it's more complicated).

    This system also works good because you can change file servers in the future without having to edit users again. You just add a new share with the same name to DFS and replicate everything over, then remove the old share.
     
    Last edited: Jul 5, 2016
  3. DigitalCancer

    DigitalCancer Gawd

    Messages:
    948
    Joined:
    May 15, 2006
    Thanks BigDog! I was able to finally get it where I needed it, I had a previous setup and so it was a bit confusing as I couldn't seem to get the permissions just right. However, I do have it setup perfectly now.