I’ve been looking for a “real” solution for a while, and tested out several different flavors (see my links at the bottom). I am unable to set up home directories on the server so that users are unable to view other users files.
I am a part time IT person at a school, so I cannot have students able to look at other students files – it’s a huge problem. Yes, I have UNC blocked in GP, but they can still create a shortcut on the desktop to go to it.
Also, teachers can not be snooping in other teachers directories due to student confidentiality laws. So I really don’t even want them to see the files themselves.
What I need to do: block userA from seeing userB files on \\server\user$\
How I have it set up now:
Share Permissions:
Domain Admins: Full
Domain Users: Full
Security Permissions:
Domain Admins: Full
Domain Users: This folder only: List folder/Read Data
Creator Owner: Full
When I test this, the home directories are created properly via AD, but once I get a file up under test1 and test2, I can UNC to their directories & see, edit, or delete the files without an access denied.
Does anyone have suggestions for me?
Things I looked at to get here:
https://www.techrepublic.com.com/5208-1035-0.html?forumID=101&threadID=282032&messageID=2668752
http://www.computing.net/answers/windows-nt/creator-owner/18773.html
https://www.techrepublic.com.com/5208-11184-0.html?forumID=55&threadID=190883