Setting shared directory permissions

All users who are set up with a network home or portable home directory must have proper permissions to the shared directory in which the home directories are created. Initially, you can provide access to the shared directory through the Windows built-in security group, Authenticated Users. Later on, you can fine tune permissions for this group based on your company’s file sharing needs. For example, if an administrator pre-creates home directories for each user before they log in, users only need Read access to the shared directory in order to access their home directories.

To set permissions for the shared directory for network home and portable home directories:

  1. On the network share computer, select the directory to share (for example, MacUsers). Right-click, click Properties and click the Sharing tab; then click Advanced Sharing; for example:

  2. Make certain that Share this folder is selected. Click Permissions, then click Add:

  3. Type auth and click OK to return the Authenticated Users group. Select Authenticated Users, then click Allow for Full Control. Click OK to set permissions for authenticated users, then OK again to close the properties page.

  4. Verify that Authenticated Users have proper permissions on the Security tab as well as on Share Permissions.

    Ordinarily, this is automatic because the Active Directory Users group, which includes authenticated users, inherits Full Control to the shared folder, but if permissions were altered on the Security tab, and are not sufficient, users may not be able to log in.

    Click the Security tab and select Authenticated Users (or click Add to add it if it is not already in the Group or user names box).

  5. Select Full control and click OK to save and close the Properties page.

    Assigning permissions to Authenticated Users on the network home share directory means that each home folder will inherit the proper permissions to allow logged-in users to access their home directories. It also means that every user will have access to every other user’s home directory. To change this, you can set permissions on the individual home directories. See Limiting users access to other users’ home folders for information about fining tuning permissions for individual users.

Limiting users access to other users’ home folders

The previous section showed how to assign permissions to a network-home shared folder, which are consequently inherited by the home folders created in the shared folder. Because permissions are inherited, each user has equal access to every other user’s home folder. This section shows how to fine-tune permissions to limit user’s access to their own home folder.

To limit users access to their own home directory:

  1. Select the network share you assigned permissions to in the previous section.
  2. Select one of the user home directories in the network share.
  3. Click the Security tab. Then click Advanced and Change Permissions. Deselect Include inheritable permissions from the object’s parent and click Remove when prompted.
  4. Click Add and type users and click Return. Select the following permissions for Users:
    • Traverse folder / execute file

    • Read Attributes

    • Read Extended Attributes

    • Create files / Write Data

    • Create Folder / Append Data

  5. Click OK, and OK again until you have saved all the open dialogs and closed the Properties page.