Posts Tagged ‘windows 7’

Setting up user home directories in a Windows file server – 2

October 13, 2012

In Part 1 of this post, I explained some of the importan factors that you need to be considered when setting up home directories for users in  a Windows file server. In this post, I will explain step by step how a setup a home drectory strucure in Server 2008 file server, using a test scenario.

1. If you haven’t already setup the file server, you need to add the File Server role from the server manager.

You will notice File Server role service is automatically selected and in this case, I have selected File Server Resource Manager which is an optional role service. The  File Server Resource Manager  is useful in setting up notifications and disk quotas etc …

2. Now we need to set up a folder that will be the root folder for user home directories. Each user will have individual sub folders under this root folder with active directory user id as the folder name. For this example, I have created a folder called “Home” in the E drive of my test file server. Next we need to Share this folder.

3. To share the folder, go to folder properties and select File Sharing. At this stage you need to give only local administrators the share permissions to the folder. I prefer to set up rest of the permissions in the Share and Storage Management tool.

4. Go to administrative tools and open Share and Storage Management. You will notice that the shared folder that was created in step 3 among the list of shared. Go to the properties of this shared folder. In properties click Permissions tab and click  Share permissions. In this example, I would like all the Domain Users to have individual home directories and Helpdesk group to have the ability to create home directories. Also, I would like to give local administrators of the server full permissions. Accordingly following are my share permissions;

Helpdesk (is an Active Directory Group) – Full permissions.
Domain Users – Change and Read permissions.
Administrators – Full Permissions.

Click Apply button to apply the permissions.

Now click the NTFS permissions button. I have assigned the following NTFS permissions according the test scenario explained above.

Local System – Full Control
Helpdesk – Modify
Administrators – Full Control.

Note that Domain Users do not have NTFS permissions to the root folder and that’s fine. Users only need to have permissions to their own home directories. Click OK to Apply NTFS permissions and click the sharing tab.

5. In the sharing tab, click Advanced and make sure “Enable access-based enumeration” is selected. When the access-based enumeration is enabled, the folder becomes hidden to the users who do not have permissions to the folder. I prefer this option enabled in a file server, however, it’s an optional setting.

6. Now open the Active Directory Users and Computers and create a new user (or open the properties of an existing user). In this example, I use an account with user id “testuser”. In the user properties, go to Profile tab and specify the home directory as shown below.

Click Apply and OK. This creates a new folder called “testuser” under the root Home and gives the “testuser” full permissions to the directory. No manual work required. Now if you open the UNC path of the home directory, you will notice that a new folder called “testuser” have been created under the “Home” folder. Note the permissions of this folder.

7. Now, go to a workstation and login as the “testuser”. You will notice that a new personal drive has been mapped to the user.

There are two more points I would like to mention before closing this post;

1. You can make this process further simple for creating new users by using a user account template. User account template is just another active directory account and  when you create a new user, you can right-mouse click on the template account and click copy. This copies the default settings of the template account to the new user being created. Now to make the home directory creation process simpler, go to the properties of the template user account and in the profile tab, assign the home folder in the following format;

Now, when you create a new user using this template, %USERNAME% is replaced by the user name of the new account being created and home directory gets  automatically setup.

2. Second point is, if you migrating existing home directories (may be from a NetWare server) to a new Windows file server, you can first copy all the directories under the root home folder and then you can use a PowerShell script to change the user profile settings and assign permissions as a bulk process.

Thanks

Dilruk Jayanetti

Advertisements

Setting up user home directories in a Windows file server – 1

October 13, 2012

Setting up home directories is one of the tasks that server admins need to perform at some stage during a file server setup. Typically, home directories (or sometimes called personal drives) are  network drives assigned to domain users mapped using a common drive letter (commonly H). Following are some of the important factors that need to be considered in setting up home directories;

1. Security: This is one of the first things that the server admins need to sort out when setting up home directories. Given that home directories are assigned to each user, for a given home directory, in addition to the server admins group, only the particular user the home directory has been assigned to should have the permissions to the directory. I will explain more about setting up permissions in part 2 of this post.

2. Storage: It can be a challenging task for server admins to manage the storage when users start storing their favourite music and kids birthday photos in their personal drives.  Some organisations tends to give more flexibility  and freedom to end users and would  expect server admins to monitor the disk space  and may inform or  arrange with users to free-up disk space on ad-hoc basis. Other option is to use disk quotas which assigns a fixed amount of megabytes or gigabytes to each user. This make server admin’s life much easier and probably a better way to manage storage.

3. Performance : Performance is one of the factors that server admins need to consider specially if the file server is migrated from one environment to another (such as NetWare to Windows). Usually, people expect network drives to perform similar to the local drives in their computers, specially when it comes to opening and saving files.  Depending on the server environment, network setup, client OS etc… certain configuration changes may be required  in the file server as well as other environments to optimise the performance. The following article explains some of the TCP/IP changes that could improve the performance, but these changes need to be considered based on the nature of the environment and specific performance issue;

http://www.speedguide.net/articles/windows-7-vista-2008-tweaks-2574

Also, worth looking at SMB packet signing issue explained in the following Microsoft article;

http://www.speedguide.net/articles/windows-7-vista-2008-tweaks-2574

Another potential performance issue may be due the authentication provider order. Especially, this is applicable if you are migrating from one enviroment to another. Usually, the Authentication Provider order can be found in the following registry location in Windows 7 and XP;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order]

If you are originally connected to a NetWare server, the order may appear as “ProviderOrder”=”NCFSD,RDPNP,LanmanWorkstation,webclient” where NCFSD represents the Netware provider. YOu can test the network drive performance by moving the NCFSD from first to last i.e. “RDPNP,LanmanWorkstation,webclient,NCFSD”.

In addition to these fixes; server monitoring, event logs and network monitoring may provide some assistance in troubleshooting issues specific to an environment.

4. Easy to Administer : provisioning personal drives for users is an ongoing and may be a regular excercise for the IT department in an organisation. Typically, creating a home directory for a user is a part of the process of creating a users account, an email address etc…  for a new employee to an organisation, usually, performed by a helpdesk officer. Therefore, it’s important that a simple and well-defined process is maintained. Also, if you are migrating home directories from an existing environment to a new environment, you may need to explore some of the tools and scripting techniques that could make the process simpler, faster and yield more accurate results.

Now that we have looked at some of the important aspects of designing home directory structure in a file server, in Part-2 of this post, I will explain step by step on how to set up a home directory structure using a  Server 2008 file server in an Active Directory environment.

Bye for now.

Dilruk Jayanetti