I think you missed my point about using the same folder and keeping the old permissions for the old domain account.
Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 From: [email protected] [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Tuesday, July 14, 2015 10:27 AM To: [email protected] Subject: RE: [NTSysADM] Change to home folder permissions as part of domain migration Normally you set the permissions on the share the “standard” way, then when you assign the drive to the user account, the user’s folder will be automatically created with the correct perms. The only thing that is different for your desired permissions is that you want Modify instead of Full for each user. So a slight variation from the standard in the NTFS perms on the “home” shared folder: Domain Admins: Full – This folder subfolder and files Authenticated Users: Traverse folder, List folder, read attributes, read permissions - This folder only Creator Owner: *Modify* - Subfolders and files only System: Full Creator Owner is the key. It needs to be “Subfolders and files only”. The standard is Full, but you would use Modify in your case. (I don’t blame you for that, by the way, I see no reason to give users the ability to change perms even on their own data.) Of course the share level perms can just be: Domain Admins: Full Authenticated Users: Change From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Jesse Rink Sent: Tuesday, July 14, 2015 10:24 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Change to home folder permissions as part of domain migration Having some trouble figuring this one out. I have 500 user accounts in Domain A. Those user accounts all have a Home Directory assigned in AD as \\server1\home\%username%<file:///\\server1\home\%25username%25> . The permission on each user’s directory is as follows: Domain A\Domain Admins – FULL Domain A\%username% – MODIFY Those 500 user accounts will be created in Domain B (there already is a 2 way trust in place) because Domain A is going away. Those 500 new accounts in Domain B need to use the SAME home folder path as they did in Domain A (\\server1\home\%username%<file:///\\server1\home\%25username%25>). What I need to figure out is, how I can adjust the permissions on each user’s home folder to merely ADD in MODIFY access for their new account in Domain B, and ADD in FULL access for Domain B\Domain Admins, WITHOUT removing any of the current permissions on their home folder. The permission on each user’s directory should end up as follows: Domain A\Domain Admins – FULL Domain A\%username% – MODIFY Domain B\Domain Admins – FULL (new) Domain B\%username% - MODIFY (new) Any help?
