Since the other thread died out, (see https://www.techrepublic.com.com/5208-1035-0.html?forumID=101&threadID=314408&messageID=3130578 ) and this is a separate issue than the original reason why it was created, I’ve started a new question.
The situation:
Students are able to UNC to the current home folder share and browse other user folders. (Same deal with teachers).
The solution:
A test-bed where I limit permissions & access to other folders
The setup:
Hard drive partitioned so that the staff & students have their own, separate space for quota management.
Staff$:
Sharing permissions:
Domain Administrator, Domain Admins, Domain Users, Technology : Full control
Students: Deny
NTFS Permissions:
Domain Administrator, Domain Admins, Technology, System, Creator Owner : Full Control
Domain Users: This folder only: List folder/Read Data
So here’s the issue currently: I can set it up so that users cannot UNC to the share path, but when I use AD to populate the home directory mapping, it populates the Server Administrator, and then users can UNC to another users home folder.
Example:
TestTeacher can UNC to TestTeacher1 and create or delete documents after the folders have been populated in AD.
If I go in and uncheck inherit permissions from parent and remove the server admin, then it all works PERFECTLY as planned.
BUT – I cannot MANAGE this solution, since I have some odd 1500 users to deal with!
Please help out with suggestions & solutions! Thanks!