1) You can not do that, however you can control a bit
through group policy (IIRC Admin access to Home folders), and you may be able to
experiment with the permissions of the folder above, and modify the parent share
not to have full control, then ADUC is not able to modify permissions. However I
doubt that you are able to accomblish what you want. You'll propably have to
create the users or at least the home folders with a different mechanism, or run
2) regulary.
2) You can do that with subinacls, download it from
Microsoft and do not use the version which is in the resource kit. The new
download works pretty well, and subinacl is very good in changing
ACEs.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz
Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile: http://mvp.support.microsoft.com/profile="">
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, February 17, 2006 4:36 PM
To: [email protected]
Subject: [ActiveDir] Setting up Home Folder Gives User Full AccessWe create a home folder for each of our users in ADUC by adding the server path to the Profile Tab. When we setup the home folder, ADUC by default grants the user "Full Control" to this folder, which we would like to stop. We would prefer that they have the ability to read-write, but not to modify the permissions. Two questions here:1) How do we stop ADUC from automatically granting full access to the end user on their home folder?2) We have about 2000 home folders that have already been created with the incorrect permissions already setup. Is there a script or utility that can be used to remove the "Full Access" check box from the individual user accounts on the folders? (just for a bit of background, only the domain admins and the user have access to each home folder).Any guidance would be much appreciated.Bonnie Pohlschneider
