Server 2012 / 2008R2 Policies / Shared Drives / Mapped folders

By zeta_immersion
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

zeta_immersion

Posted
Posted

I have a Standard 2012, but the server version not that important. 

 

Basically what I would like to do is this.

 

\\serverName\ (I get prompted for a Username/Password). Now!!!! .. based on that Username I would like to have certain folders with specific read/write access and nothing else visible. (The user can have the computer added to the domain but since it is a local network, I can chose to leave it on WORKGROUP and have it access the server on a per map basis.

 

I have read I need a GPO ... which I believe I created one (with 2 mapped drives and nothing else changed) but not sure how to link a GP to a folder and give it specific rights (read/write). 

Is there a tutorial? or something to look at as a reference? 

Grand Master

zeta_immersion

Posted
  • Author
Posted

Create your shared folders as "username" then use GPO to map with "\\server\%username%" is that what you are trying to do?

 

So lets have the following scenario:

 

Username1 and Username2 are 2 different distinct users 

Folder1, Folder2, Folder3 are 3 distinct folders (not shared)

 

I would like Username1 to have read/write access to folder1(2,3)

I would like Username2 to have read access to folder1 and read/write access to folder2 (no access and not shown folder3)

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

It doesn't matter if it is 1 user, 2 users, 5 users, 1000 users, or a billion users.  This is the point of Active Directory, to be able to assign permissions based on who logs in and/or what groups they belong into. 

 

Set it up right and you will be able to do exactly how you want it.  It takes all of 15 minutes, if you know how to do it.

 

I could remote in and have this done in no time for you.

 

 

Otherwise you will have to have local policies or scripts that run that maps to the folders to make life simple.  Cant run a domain gpo to map a drive when they aren't on the domain unless you are using a local gpo to run a logon script which you could also put in the startup folder, negating the need for a logon script gpo entry.

 

something like this in a logon script would work

 

net use o: \\servername\username /user:servername\username password

 

or

 

net use o: \\servername\username /user:domainname\username password

Grand Master

zeta_immersion

Posted
  • Author
Posted

although I can use scripts, for home use I have other options. however, I wold like to explore others to learn more:

 

At the moment I have the following.

 

In AD I have a group Called Home Users, in chich I have placed Computers and users (both populated with 2 of each).

In GPM (Group Policy management) I Have created an OU Home users with Computers and users in it. Under users I have created a Policy Everyone where I have mapped it to one folder for testing with  only one user in AD.

 

That guy is not getting the map, not sure why.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

First you need to have all computers joined to the domain and make sure that you are logging in with a domain user not a local user.

 

It will be easier to keep the users and the computers separate, you will never see them co-mingle in a corp environment even in a sbs environment you will not see this. 

 

When you assign a group policy to an OU, only those under that OU will be effected.   It is much better practice to use a top level OU and apply policies based on groups (taking out authenticated users).  Groups can include computers or users, I would not recommend using both in the same group.  Separate the policies out based on computers or based on users.  The Computer Configuration portion of group policies only get applied to computers, regardless if you are trying to apply the policy to users, the User Configuration  portion of group policy only gets applied to users regardless if you are trying to apply the policy to computers.

 

Basically, the user section will only ever get applied to users, the computer policy will only get applied to computers and servers.

 

Keep it simple, keep the tree simple and you will not have problems.  It looks like you are starting to over complicate things without knowing the ramifications of doing so.  The defaults are plenty simple enough.  Everything in AD trickles down not up.  As you start in the tree and start drilling down, anything that is getting applied to the top level will trickle down to the levels you are opening....if you are opening things below and are trying to get them to apply above, it will not work...and it will not cross over to other OU's, it needs to be above the ou you are in to trickle down to it.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

also, if you are using the map drives gpo it will not get applied to windows xp computers/users.  It is for Vista or above.

 

You are much better doing it with a kix script or a vbs script if you have that old of a computer.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

One thing that I forgot to mention and it is every novice admins #1 mistake...the DNS on the network can only be that of the AD server. There should be no other Dns entry in the tcp/ip properties of any computer including the server. The server should only point to itself. All Dns requests are handled by the DNS server which is the AD server, including Internet DNS requests. This is handled out of the box without any other config, just point Dns to the AD server and have no other DNS servers listed, not even as a secondary Dns.

Grand Master

zeta_immersion

Posted
  • Author
Posted

was able to get it going through the script net use. so far so good, will get back to the GPOs later when I'll have more time to experiment.

 

I do have 2 DNS's, though the server DNS so far deals with the same subnet as the router one but have placed it 1 octet above

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

Anything that is on the domain must have the server as its only Dns. Internet name servers do not know anything about your internal network and will not be able to resolve computer names. The domain controller knows about the Internet root servers and will redirect any requests to them if it cannot resolve internally.

If you want a show and tell session we can setup a http://join.me session and I can walk you through/help troubleshoot anything that doesn't work or make sense.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Politically funny images of the World

      By snowy owl · Posted

    • BleachBit 6.0.1 Beta

      By Copernic · Posted

      BleachBit 6.0.1 Beta by Razvan Serea When your computer is getting full, BleachBit quickly frees disk space. When your information is only your business, BleachBit guards your privacy. With BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean thousands of applications including Firefox, Microsoft Edge, Google Chrome, Opera, Safari, and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source. BleachBit has many useful features: Delete your private files so completely that "even God can't read them" according to South Carolina Representative Trey Gowdy. Simple operation: read the descriptions, check the boxes you want, click preview, and click delete. Multi-platform: Linux and Windows Free of charge and no money trail Free to share, learn, and modify (open source) No adware, spyware, malware, browser toolbars, or "value-added software" Translated to 64 languages besides American English Shred files to hide their contents and prevent data recovery Shred any file (such as a spreadsheet on your desktop) Overwrite free disk space to hide previously deleted files Portable app for Windows: run without installation Command line interface for scripting and automation CleanerML allows anyone to write a new cleaner using XML Automatically import and update winapp2.ini cleaner files (a separate download) giving Windows users access to 2500+ additional cleaners Frequent software updates with new features Going beyond standard deletion of files, BleachBit has several advanced cleaners: Clear the memory and swap on Linux Delete broken shortcuts on Linux Delete the Firefox URL history without deleting the whole file—with optional shredding Delete Linux localizations: delete languages you don't use. More powerful than localepurge and available on more Linux distributions. Clean APT for Debian, Ubuntu, Kubuntu, Xubuntu, and Linux Mint Find widely-scattered junk such as Thumbs.db and .DS_Store files. Execute yum clean for CentOS, Fedora, and Red Hat to remove cached package data Delete Windows registry keys—often where MRU (most recently used) lists are stored Delete the OpenOffice.org recent documents list without deleting the whole Common.xcu file Overwrite free disk space to hide previously files Vacuum Firefox, Google Chrome, Liferea, Thunderbird, and Yum databases: shrink files without removing data to save space and improve speed Surgically remove private information from .ini and JSON configuration files and SQLite3 databases without deleting the whole file Overwrite data in SQLite3 before deleting it to prevent recovery (optional) BleachBit 6.0.1 Beta release notes: BleachBit 6.0.1 beta is now available for testing. This maintenance-focused release includes bug fixes, updated translations, and a range of safe enhancements. This release fixes a Windows security issue that could allow arbitrary file deletion during privileged cleaning (reported by Zeze with TeamT5). It also adds new cleaners (including a DNS cache cleaner, Claude Code, and Visual Studio Code forks), support for multiple Chrome and Edge profiles, new deep scan options for developer directories like node_modules and venv, and safer, faster file shredding. All Platforms Added cleaners for Claude Code, DNS cache, and many Visual Studio Code forks. Added support for multiple Chrome and Edge profiles. Chrome can now clean downloaded AI models. Deep Scan can optionally remove venv, __pycache__, node_modules, and .angular directories. Deep Scan is faster by skipping directories on the keep list. File shredding is safer, faster, and leaves fewer recoverable traces. Improved handling of cookies, symlinks, Unicode filenames, external processes, and configuration files. Improved Expert Mode warnings and long warning dialogs. Fixed crashes related to cleaner detection, invalid Unicode, and malformed cleaner data. Clipboard is now cleared automatically after shredding files via paste operations. Linux Added AppImage support. Added cleaners for Visual Studio Code, Codeium, Librewolf (.deb), Transmission (Flatpak), and Profanity. Improved Linux trash detection, including Snap-installed applications and mounted drives. Fixed Wayland root CLI issues and several Snap-related problems. Improved package dependencies, AppStream metadata, and desktop file handling. Fixed startup crashes when Python Requests is unavailable. Windows Fixed a security vulnerability that could allow arbitrary file deletion when cleaning with elevated privileges. Added %WindowsSystem% variable support. Improved clipboard clearing using native Windows APIs. Improved installer experience on unsupported Windows versions. Reduced installer size and improved application robustness. Fixed Unicode handling, filename anonymization, Git revision reporting, and splash screen stability. [full release notes] Download: BleachBit 6.0 | Portable | ~20.0 MB (Open Source) View: BleachBit Home page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • DriversCloud 12.1.6

      By Copernic · Posted

      DriversCloud 12.1.6 by Razvan Serea With DriversCloud (formerly My-Config.com), you can explore your computer easily, safely and free. The application quickly scans your PC and identifies the hardware and software components. DriversCloud then establishes a list of the different drivers compatible with your OS and hardware. Download the drivers needed for the proper functioning of your computer. To detect your drivers, DriversCloud also displays a detailed summary of your hardware and software configuration, analyzes your BSOD, monitors in real-time your PC voltages and temperatures and lets you share your configuration online. Once the hardware components have been detected, you will be able to obtain with just a few clicks the latest drivers corresponding to the identified hardware. You can record your configuration on the site for free, and can get the corresponding URL to post the configuration to technical forums, e-mail and social networks. You can also download the detection result (the configuration) as a PDF file. To protect the user's privacy and data confidentiality, a 4-level confidentiality system was created that filters the XML marks and gives control to the user. The default level can be modified in the preferences. Using the maximum level will prevent the user from publishing his configuration and generating a corresponding PDF file. In non-connected mode, each XML configuration is stored on the server for one day (for practical reasons). However, you are given the opportunity to manually delete it. Created in 2004, and continually improved, My-Config.com has established itself on the web as a free service to PC users running Windows and Linux operating systems. The service is designed to work with the most common Internet browsers (Edge, Firefox, Chrome, Safari). Download: DriversCloud 64-bit | 20.0 MB (Freeware) Download: DriversCloud 32-bit | 18.9 MB Link: DriversCloud Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Microsoft about to radically change how often your Edge browser updates

      By +mram · Posted

      Ummmm Read my comment again.
    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • One Month Later
      AndreaB earned a badge
      One Month Later
    • One Month Later
      agatameier earned a badge
      One Month Later
    • Week One Done
      agatameier earned a badge
      Week One Done
    • Week One Done
      ssd21345 earned a badge
      Week One Done
    • Contributor
      MarkHughes4096 went up a rank
      Contributor

  • Popular Contributors

    1. 1
      +primortal
      516
    2. 2
      +Edouard
      189
    3. 3
      PsYcHoKiLLa
      148
    4. 4
      ATLien_0
      96
    5. 5
      Steven P.
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!