I think Jim is using Group Policy Folder Redirection to create the folder with the correct permissions. Then using the GPP to do the drive mapping.
Jim already provided the link. http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx Scroll down to 4. Configuring Folder Redirection settings within Group Policy: Instead of picking Basic - Redirect everyone's folder to the same location, select Advanced which allows you to use security groups so you can redirect folders to different locations for different users depending on their AD Security group membership. The process I use is:- 1. Create the folder and share such as "Usersfolder" on the file servers. So for example d:\Userfolders. I use the permissions specified in the link above. This is important so follow it carefully. 2. Create AD Security groups and add users to them. So for example the groups might be FDR - Sydney, FDR - Brisbane. Users in the Sydney folder will have the their redirected user folders (my documents, pictures, etc. whatever you specify in step 3) created on the Sydney file server in d:\Userfolders\username 3. Create Group Policy folder redirection policies specifying the advanced option and entering the path for that particular location based on the security group specified. So the path for FDR-Sydney might be \\SYDFILESERV\USERFOLDERS<file:///\\SYDFILESERV\USERFOLDERS> 4. Create GPP drive mappings if required. For My documents redirection I don't see the point in this but if your users cant' get their head around clicking on Documents then you can create a map drive such as U: to \\SYDFILESERV\USERFOLDERS\%USERNAME%<file:///\\SYDFILESERV\USERFOLDERS\%25USERNAME%25> As James R said the idea of creating home shares in ADUC is old school :) James. From: [email protected] [mailto:[email protected]] On Behalf Of Greg Saunders Sent: Saturday, 11 May 2013 12:54 AM To: ntsysadm Subject: Re: [NTSysADM] Home Directory - Security / Share setup recommendations Jim, << I redirect My Docs to create the folder...then map that via GPP Drive mappings. But the Drive mapping is really legacy for the long timers that still prefer to work off a mapped drive rather than My Docs from time to time. >> Can you expand on this? Right now we have the U: drive mapped to \\server\users$\%username%<file:///\\server\users$\%25username%25>. Then we do redirect My Documents and maybe one of the My Folders to the U:\ If you don't mind explain further how you are doing what you described please. Are you doing redirect via GPP or manually doing it. And where are you creating this redirected folder? Is it under something like \\server\users\%username%<file:///\\server\users\%25username%25>. Any details you have or could point me to would be appreciated. Thanks On Thu, May 9, 2013 at 4:19 PM, Kennedy, Jim <[email protected]<mailto:[email protected]>> wrote: I redirect My Docs to create the folder...then map that via GPP Drive mappings. But the Drive mapping is really legacy for the long timers that still prefer to work off a mapped drive rather than My Docs from time to time. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of [email protected]<mailto:[email protected]> Sent: Thursday, May 09, 2013 4:17 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Home Directory - Security / Share setup recommendations Don't people use GPP Drive Maps to assign this now just substituting the environment variable %username%? Admittedly it won't create the folder but a GPP Folder action could do that. Perms might need some slightly more complex jiggery-pokery though. I thought setting stuff like profile paths and home drives through ADUC was considered legacy now? I may be completely wrong though, its not something I do much these days. Cheers, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: "Guyer, Don" <[email protected]<mailto:[email protected]>> Sender: [email protected]<mailto:[email protected]> Date: Thu, 9 May 2013 15:55:07 -0400 To: [email protected]<[email protected]<mailto:[email protected]%[email protected]>> ReplyTo: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Home Directory - Security / Share setup recommendations "X:\Shares\Users\UserName (In this method only 1 share)" Create it through ADUC and it will assign the perms for you. \\shares\Users\%username%<file:///\\shares\Users\%25username%25> Make sure you have security set at the level above it (Users) the way you want right off the bat to prevent future issues. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory & Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: [email protected]<mailto:[email protected]> Office: 610.550.3595<tel:610.550.3595> | Cell: 610.955.6528<tel:610.955.6528> | Fax: 610.271.9440<tel:610.271.9440> For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839<tel:610-492-3839>. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Greg Saunders Sent: Thursday, May 09, 2013 3:51 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Home Directory - Security / Share setup recommendations I know this will be a newbie question, but I don't setup Windows Server very often. What methodology do you use for the Home Folder setup in AD? For example do you have an administrative share like \\server\users$<file:///\\server\users$> and then each user have a folder like this X:\Shares\Users\UserName (In this method only 1 share) Or do you have a share for every single user going to \\server\username<file:///\\server\username> which sits in a place like X:\Shares\Users\UserName (In this method many shares) What method do you use (list another if you have it) and if you use the first method what security do you place on the X:\Users folder and then the actual User folder to protect it from others. I have seen different variations and just wonder what is the standard methodology for setting this up. Thanks Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email.
