Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » active_directory » home_directories
Trace: home_directories
networking:windows:active_directory:home_directories

Table of Contents

Windows Home Directories

See also Windows Roaming Profiles

See also Folder Redirection

http://support.microsoft.com/kb/555046

Windows 2008 R2

The Plan

  1. Create a top-level share to hold all user home directories
  2. Home directories are created automatically

Top Level Homes Folder

Folder Structure

This folder structure supports implementation of these four functions and permits the functions to be implemented separately at different times or together at once.

  • Shares
  • Home Directories
  • Roaming Profiles
  • Folder Redirection
E:\Shares
        \Share1
        \Share2
          
E:\Homes
        \User1
        \User2

E:\Profiles
        \User1
        \User2
                      
E:\Redirected
        \User1
        \User2
             \My Documents
             \Application Data

Top-Level 'Homes' Folder Configuration

User or Group File/Folder Permissions (Security Tab) Comment
Administrators Full Control This Folder, Subfolders and Files
SYSTEM Full Control This Folder, Subfolders and Files
CREATOR OWNER Full Control Subfolders and Files Only
Authenticated Users Read & Execute, List Folder Contents, Read Perms This Folder Only
User or Group Share Permissions (Sharing Tab)
Administrators Full Control
SYSTEM Full Control
Authenticated Users Full Control
These settings allow for the automatic creation of per-user home directories as sub-folders of the top-level 'Homes' folder and forbid users from accessing other users' data.
Use a VSS-aware backup tool to make backups.

Top-Level 'Homes' Folder Creation

  1. Create a folder 'Homes'
    1. Disable permissions inheritance
    2. Set folder permissions per the table above
      1. Use the Advanced option to edit permissions
  2. Share the folder 'Homes'
    1. Set the share name as 'Homes$'
      1. The dollar symbol hides the share for better security
      2. Leave off the $ if you prefer
      3. Use Properties → Sharing → Advanced to create hidden shares
    2. Set the share permissions per the table

Enable Home Directories for Users

Modify each user with the Active Directory Users and Computers (ADUC) tool.

  1. Browse to the container holding user objects
  2. Hold the control key down and select all users you want to modify
  3. Right-click one of the selected accounts → Properties
  4. Select the Profile tab
  5. Select the button next to Connect
    1. Choose a drive letter (same for all users)
    2. \\DC1\Homes$\%username%
    3. Click OK to save
  6. Verify the user's home directory was created and that the user has write access to his/her mapped drive

Troubleshooting

Check Workstation Event Log

The first troubleshooting step should be to examine the Application event log on the client computer, and determine the error.

If this is a roaming profile, be sure to check for the correct permissions on the 'Profiles' folder. Check share permissions as well as NTFS permissions.

Enable Advanced Logging

In addition to logging events in the Application Event log, User Profiles can provide a detailed log to aid troubleshooting. To create a detailed log file for user profiles, use regedit and locate the following path:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon

Create a new value called UserEnvDebugLevel as a REG_DWORD and set the value to 30002 in hexadecimal format.

The log file can be found at: %windir%\debug\usermode\userenv.log.

View All Shares

View all shares including hidden shares (share name ending with $ symbol): 

net share
networking/windows/active_directory/home_directories.txt · Last modified: 2023/08/18 11:34 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki