0

Good Day.

i learned server 2008 r2 in college and trying to setup a small server for a college.

I have set up AD with DNS,DHCP and WSUS. I am trying to Map 2 x Network drives to each user in a specific group (hereby known as Students). Each student should have a public folder (Course material) and a private folder (his work) mapped to his account.

Is there a way to automatically let the GPO create folders using the %USERNAME% variable for the private folders and share them with the student aswell?

I am able to create the public folder and private folders manually, just keen on if it is possible and how i would go about it?

Renier Swart
  • 13
  • 1
  • 4

2 Answers2

0

I believe that using the GPO Preferences will not create the folder structure for you, but you can use the environment Variables such as %USERNAME% to allow everyone there own sub-folder on a shared path.

I would use the "AD Users and computers" console to configure each users Home Drive on the "Profiles" tab, although this could also be achieved by using powershell.


  1. set the drive letter and the UNC path such as

\\server1\home\%USERNAME%

local path would possibly be C:\NetworkData\Home\

NOTE: ensure that permissions allow authenticated users access to this level to enure the drive can be mapped on logon. you can do this on the folders ACL. allow everybody all rights on the share permissions and tighten down with the usual folder ACL.

this will then create the directory structure for you, you will still need to set the permissions on the directory yourself once its created. or get a script to go across them after.

i would suggest the top level. i.e.

\\server1\home\joe.blogs\

will allow others read/write


  1. you could put a subfolder below it:

\\server1\home\joe.blogs\Documents

Which you would remove inheritance of permissions, and allow only admins and the person that the folder belongs. therefore making it private.

  1. you could then Map that personal folder using GPO preferences and mapping it to a different letter and the %USERNAME% variable again.


Although i am wondering how you intend other users to access there peers "public" folders?

this is all a lot quicker if you are proficient at Powershell, as you can set the AD props, create the subdirectory and set the permissions for all users in your AD/Site/OU at once. here is how to set the home directory. use the get-aduser commandlet to get your given set of users and go over it like so

`
$Users = Get-ADUser  -SearchBase "OU=Accounts,OU=RootOU,DC=ChildDomain,DC=RootDomain,DC=com" -Filter *;

foreach($User in $users)
{
    Set-ADUser -Identity $User.SamAccountName -HomeDirectory \\server1\home\$User.SamAccountName -HomeDrive H;

}

`

Lee Hill
  • 30
  • 1
  • 7
  • The public folder will properly be a mapped folder such as //server/public/files where everybody has read rights but only allows the teacher security group can write to them. I will try this way tomorrow morning and give feedback – Renier Swart May 25 '17 at 14:37
  • ah, ok so the teacher can submit assignments, and the students can take a copy from there? in that case, instead of doing step 2, once you have done step 1, remove the inheritance on that folder for each student, and make private no need for the subdirectory for each student.. //server/public/files is a straight forward map using GP Peferences. – Lee Hill May 25 '17 at 15:06
  • Are you refering to the Profile Home Drive Preference or Mapped Drive on GPO? – Renier Swart May 26 '17 at 13:34
  • Map the home Drive via the AD properties and the //server/public/files would be done via the GP Preferences – Lee Hill May 26 '17 at 14:57
  • Would the settings change if I had set up this server as a RD Host (having thin clients connect to it)? – Renier Swart May 27 '17 at 16:33
  • i cannot comment on experience, but given the MS philosophy, i would assume not. – Lee Hill May 30 '17 at 13:13
0

You can do it in a login batch script for the students; this can map any number of network drives you like on any criteria you wish. Write and test the script, then put it in "%windir%\SYSVOL\sysvol\<domain name>\Scripts\".

To test it, create a test OU within your AD, and put a single test user within that. Create a group policy for that test OU and in "\User Configuration\Windows Settings\Scripts (Logon/Logoff)" entry, edit the "Logon" entry, and add a Logon script, pointing to your script.

You should be able to test it by logging in as your test user to see if it does what you intended. If so, replicate the change to an appropriate Group Policy for the your Students OU.

With regards to automatically creating the student's private folders, they should already have a "My Documents" folder which is private to them. If you need a second private folder, you'll probably have to create it manually, or if you create your user accounts via some script, modify the script to create those private folders for each user account and grant the appropriate permissions.

Pak
  • 919
  • 5
  • 10