Access based enumeration would be a good idea.
1) 1 share as Users and the all the users shares under them, but the user can only see there own share because only they and the local administrators would have at least read access. 2) Could combine this later with DFS for replication if you want ( just an idea) Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected] Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected] [mailto:[email protected]] On Behalf Of Greg Saunders Sent: Thursday, May 09, 2013 4:08 PM To: [email protected] Subject: Re: [NTSysADM] Home Directory - Security / Share setup recommendations << "X:\Shares\Users\UserName (In this method only 1 share)" >> So you are saying have Home Folder with check next to Connect and use whatever drive letter from drop down and use \\server\users<file:///\\server\users> in the To edit box? Not \\server\users$<file:///\\server\users$> (administrative share). << Make sure you have security set at the level above it (Users) the way you want right off the bat to prevent future issues.>> This may be the area of what I have seen note quite right in the past. Let's say all users are in group called STAFF. What security would you put in the ?:\Shares\Users folder that would prevent other users going to the \\server\users<file:///\\server\users> share from being able to see / read contents of subfolders? Sorry for such a simple question... but it has been a while and I want to be sure I have really been doing it correctly. On Thu, May 9, 2013 at 3:55 PM, Guyer, Don <[email protected]<mailto:[email protected]>> wrote: "X:\Shares\Users\UserName (In this method only 1 share)" Create it through ADUC and it will assign the perms for you. \\shares\Users\%username%<file:///\\shares\Users\%25username%25> Make sure you have security set at the level above it (Users) the way you want right off the bat to prevent future issues. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory & Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: [email protected]<mailto:[email protected]> Office: 610.550.3595<tel:610.550.3595> | Cell: 610.955.6528<tel:610.955.6528> | Fax: 610.271.9440<tel:610.271.9440> For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839<tel:610-492-3839>. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Greg Saunders Sent: Thursday, May 09, 2013 3:51 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Home Directory - Security / Share setup recommendations I know this will be a newbie question, but I don't setup Windows Server very often. What methodology do you use for the Home Folder setup in AD? For example do you have an administrative share like \\server\users$<file:///\\server\users$> and then each user have a folder like this X:\Shares\Users\UserName (In this method only 1 share) Or do you have a share for every single user going to \\server\username<file:///\\server\username> which sits in a place like X:\Shares\Users\UserName (In this method many shares) What method do you use (list another if you have it) and if you use the first method what security do you place on the X:\Users folder and then the actual User folder to protect it from others. I have seen different variations and just wonder what is the standard methodology for setting this up. Thanks Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email.
<<inline: image001.jpg>>
