Page 2 of 3 <123>
Topic Options
#125811 - 2005-01-13 01:30 PM Re: Mapping to a subfolder
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Ahh I see now. this comment misled me:
Quote:

so when script runs instead of displaying the user name (H:jdoe's Home Drive) it displays the above folder(H:Users$)




I misunderstood as in XP Explorer it does not show a network path for the mapped drive.

Top
#125812 - 2005-01-13 05:33 PM Re: Mapping to a subfolder
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
indeed.
after your post I tested it too and definitely the label is different in XP in this situation too.
_________________________
!

download KiXnet

Top
#125813 - 2005-01-13 06:04 PM Re: Mapping to a subfolder
bestia Offline
Fresh Scripter

Registered: 2004-08-26
Posts: 36
Loc: Guildford, UK
That's correct guys! I am "pleased" you are getting the same sort of thing, cos was driving me mad! I know it would be easy to upgrade to W2k3 but I got some legacy apps that need NT4 TSE! I have a huge Blade( Over 200) based W2K3 Citrix farm, where I use the sripts that you guys have posted and they work just fine, but are those 10 DL 360 I used for NT4TSE that cause me pain. I am trying to create the home drives automatically using GPO/Folder Redirection method, and don't really want to share users (Hidden shares) home drives!!(Over 200 of them will use NT4 TSE!), but they also use W2k3 apps so I wnat to maintain the same folder structure... That's about it really! If there is no other way I will probably manually share those users Home drive
Thanks for your help
Bestia

Top
#125814 - 2005-01-13 06:42 PM Re: Mapping to a subfolder
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
there are ready made scripts lying around the web and iirc, one was even introduced in some resource kit of NT4!
it was a batch file even...
used it myself to create email accounts and print the account created paper notification thingie...

ja, there are many scripts around and we can create one for you to create those shares.
no problem.
_________________________
!

download KiXnet

Top
#125815 - 2005-01-13 10:52 PM Re: Mapping to a subfolder
bestia Offline
Fresh Scripter

Registered: 2004-08-26
Posts: 36
Loc: Guildford, UK
What, you mean sharing the Home drives !?
Although that will not give me consistency, would be a nice work around... If that is what you mean, Hopefuly I am not asking stupid Q !?
My users share is on the following format (Is a NAS based share, but that's irrelevant)
\\server\Users$\username
At the moment I have shared the Users$ folder with $ of course, but not the user accounts, just to avoid any human errors from security admin team, and simplify the process, specially during the migration!!
Please help if you can,
Best regards,
Bestia

Top
#125816 - 2005-01-13 11:38 PM Re: Mapping to a subfolder
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
On the Server you can run something like this as long as the user folders are named after the users logon ID

The USERS$ does not need to be shared

On the Server have:
D:\USERS

Then even from a CMD console you could run
Code:
for /f "Tokens=*" %%i in ('dir /B D:\users') do NET SHARE %%i$=D:\users\%%i /Y


Top
#125817 - 2005-01-13 11:59 PM Re: Mapping to a subfolder
bestia Offline
Fresh Scripter

Registered: 2004-08-26
Posts: 36
Loc: Guildford, UK
The users share is already share and I can't change that.
Can't I use UNC path instead ?? so instead of D:\Users$..to use \\server\Users$\userid !???

Top
#125818 - 2005-01-14 12:06 AM Re: Mapping to a subfolder
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
GRR.
you can use, but like you have had, you will have problems with deepmapping forever!
and, finally the security aspect. you get better security with loose rights and lazy admins when shared properly than with the tightiest possible security with your current setup.

you have a single line above.
simply running that as batch-file in command prompt will share EACH users folder by their username.
now, you couldn't ask more, could you?
_________________________
!

download KiXnet

Top
#125819 - 2005-01-14 12:14 AM Re: Mapping to a subfolder
bestia Offline
Fresh Scripter

Registered: 2004-08-26
Posts: 36
Loc: Guildford, UK
Interesting!
Hmm, I will certainly give it a try tomorrow at work!
Thank you guys, for you help, I will keep you posted..
Hopefully it works

Top
#125820 - 2005-01-14 12:56 AM Re: Mapping to a subfolder
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Please take a look at this post for further information and analysis of the issues.

How Do I move shares-permissions NT4 to 2000
http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=57147

This may play into what you need as well.

Take Ownership using XCACLS
http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=129459


Edited by NTDOC (2005-01-14 01:05 AM)

Top
#125821 - 2005-01-14 12:16 PM Re: Mapping to a subfolder
bestia Offline
Fresh Scripter

Registered: 2004-08-26
Posts: 36
Loc: Guildford, UK
The Hidden user share creation definetly worked! It creates the hidden share, but it only gives everyone "Read" access! I know I should be looking around and find the right syntax, but if you guys have it handy would be much apprechiated!
the one I am using at the mo is:
for /F "Tokens=*" %%i in ('Dir /B E:\Users') do NET SHARE %%i$=E:Users\%%i /Y /G im\%%i :F
As you can see I am trying to put Grant access with Full switch, but is not working..!?
Heelppppp
So close but yet sooooo faaar!

Top
#125822 - 2005-01-14 04:07 PM Re: Mapping to a subfolder
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
can't do the hidden stuff with net share.
lookie at:
http://www.petri.co.il/download_free_reskit_tools.htm (should be part of usefull links faq too!)

pick the rmtshare
with it you can do your share security with ease.
as a matter of fact, I have a habit of using it when I create my user accounts.
_________________________
!

download KiXnet

Top
#125823 - 2005-01-14 06:16 PM Re: Mapping to a subfolder
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Or don't worry about the Share permissions. If a user has FULL permission on the share but NO permissions on NTFS they can't read/write/traverse or anything. They basically have access denied.

In my opinion the permissions on Shares is a hold over from Windows 9x which has no ACL (Access Control List) on FAT16 or FAT32

As the other post I linked to showed, just set the correct NTFS permissions as part of the whole thing.

Top
#125824 - 2005-01-14 06:35 PM Re: Mapping to a subfolder
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
doc, I think he already said that it automatically created him some stupid permissions.
and he needs to fix them.

and it's actually darn silly to leave share permissions open.
it's same as pulling out your firewall and hoping that user's local computers can handle the possible threads.
_________________________
!

download KiXnet

Top
#125825 - 2005-01-14 08:19 PM Re: Mapping to a subfolder
bestia Offline
Fresh Scripter

Registered: 2004-08-26
Posts: 36
Loc: Guildford, UK
Guys,
I used /Grant:im\%%i,F using your net share script abovve, and it worked ! It gave the user Full Controll. Which is just fine. If I wanted to be picky, I would wanted some sort of check in place to see what permission the share has, before it gives the user Full Controll, the only problem is the this script doesn't check for permission if the share already exist!?

To clarify things a bit, I am talking aout Share permissions, the Security/NTFS permissions are set through Folder Redirection, using Microsoft best practices, and I think by setting Share permission for only the relevant user, it's as good as it gets as far as this project is concerned. I defenitely would not have done this without you guys... Thank you


Edited by bestia (2005-01-14 08:26 PM)

Top
#125826 - 2005-01-14 08:25 PM Re: Mapping to a subfolder
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
IMHO, users should not have full control.

My 2 cents (Canadian)
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#125827 - 2005-01-14 08:31 PM Re: Mapping to a subfolder
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
to be honest, best practise would be to let the folder permissions alone.

imho.

2 cents (EUR)

(makes 4 cents Canadian D, no?)
_________________________
!

download KiXnet

Top
#125828 - 2005-01-14 08:40 PM Re: Mapping to a subfolder
bestia Offline
Fresh Scripter

Registered: 2004-08-26
Posts: 36
Loc: Guildford, UK
the only problem with that, is that the default Share permission on 2003 is Read for everyone, and since MS stuff work on cumulative basis, it becomes a bit to resticted even for paranoid geezers, like myself... , specially when it comes to laptop users and their offline stuff, never seems to work properly without proper permission on the Share, but I still would welcome some sort of permission checking option.
Top
#125829 - 2005-01-14 08:42 PM Re: Mapping to a subfolder
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
share perm are one thing and folder perms yet another. I think jooel was talking ntfs (folder) perms.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#125830 - 2005-01-14 08:44 PM Re: Mapping to a subfolder
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
I agree with Les. Users should only have Modify rights.

Leaving NTFS permissions alone I would NOT agree with myself, but to each his own.

As for setting Share permissions, yes "Best Practice" is to set them appropriately, never know when someone might come along and modify the NTFS permissions and - ooops someone has access that shouldn't have access.

Top
Page 2 of 3 <123>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 248 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.076 seconds in which 0.023 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org