Personnal folder Windows file share Server

Jérémy MUNOZ 36 Reputation points
2020-11-17T14:31:39.843+00:00

Hi,

We are using a NAS QNAP as file server and we are going to migrate data in a 2016 Windows File Server.
I have problem with private users folders

In QNAP, all users use \NAS-SERVER\home to access to their data.
In Windows explorer, the map name folder is Home

NAS is configuring like :
Homes folder
Home sub-folder
username personnal folder

I want to do the same thing in my Windows Server, I don't know how configure my folders permissions.

Windows file Server :
Home folder
username personnal folder

I succeed to share and have Home in map folder, but I access to all private user folder

Thanks for you answers and your help

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,507 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. MotoX80 33,636 Reputation points
    2020-11-18T13:43:24.58+00:00

    Here is a suggestion based on my experience. I don't know all of your requirements, so you may need to adjust.

    Assuming that you are using a separate drive, like E:.... On the root of E: I would grant System and Administrators full control. If you have UAC enabled on the server, I would define another group and add in the administrator accounts and any other support team accounts that might need to help manage the files/folders. Call the group ShareAdmins or something meaningful to you.

    Then create the E:\Home directory and share it out as Home. In the share permissions, grant Administrators and ShareAdmins full control, and Everyone Change control. You want to use "Change", because you don't want to let users update security permissions on folders that they may have update access to.

    In the folder permissions for E:\Home you will see System, ShareAmins and Administrators being inherited. Add the Everyone account and grant it List access. In the Advanced permissions, set the "Applies to:" to "This folder only". That will allow users to traverse the Home folder to get to their own data folder, but not allow them to see files and folders in other users directories.

    Create a folder for each user. It will inherit the permissions for System, ShareAmins and Administrators. Add the users account and grant it Modify access.

    In group policy or the user's logon script map their home drive to \ServerName\Home\UserName. If the users would happen to browse the \ServerName\Home share, they will be able to see other users folders, but they should not be able to access files and subfolders.

    If you do not have the guest account disabled, then use Authenticated Users instead of the Everyone account.

    0 comments No comments

  2. Jérémy MUNOZ 36 Reputation points
    2020-11-18T16:03:04.633+00:00

    Hi @MotoX80

    Thanks for your answer.
    I understand that I don't have the choice to have : \ServerName\Home\UserName
    Shortcuts file in my NAS QNAP are \Servername\home\filename and succeed to point in current user directory, so I'm curious to know how it works !

    So I don't have the choice to tell my users their home folder shortcuts will change.

    To resume :

    I share Home folder read only
    I create sub user folder with user permission Full R/W

    Finally the path will be \Servername\Home\username and all users will see others users folders but couldn't access

    That's right ?

    0 comments No comments

  3. MotoX80 33,636 Reputation points
    2020-11-19T00:11:45.553+00:00

    I understand that I don't have the choice to have : \ServerName\Home\UserName

    Why not? How are you mapping the drive on the end users computers?

    Shortcuts file in my NAS QNAP are \Servername\home\filename and succeed to point in current user directory, so I'm curious to know how it works !

    So I don't have the choice to tell my users their home folder shortcuts will change.

    Again, I do not understand your reply. Sorry. Please be more specific about how your users access this network drive. Is it a shortcut on their desktop? Who creates that? Is it a mapped network drive? How is that managed?

    0 comments No comments

  4. Jérémy MUNOZ 36 Reputation points
    2020-11-19T10:46:44.287+00:00

    Hi,

    I don't want to map home folder in Windows explorer with a drive.

    Today we (IT staff) configure manually the shortcut \Servername\Home on the left panel in Windows Explorer (in fast access). Users can add in their desktop if they want.
    There is no map drive today. Only network path \Servername\networkfolder.....
    Share folder are managed in the QNAP NAS and home folders manage by QNAP system :

    When a new user go to first time \Servername\home, home folder is automatically created in the NAS with his username. If he want to access the network path is not \Servername\home\username it's \Servername\home.

    It looks like an alias or redirection,

    I want to do same thing in Windows Server 2016

    Best Regards,

    0 comments No comments

  5. MotoX80 33,636 Reputation points
    2020-11-19T14:08:02.413+00:00

    Thanks, I think I understand now. Your users just browse \NAS-Server\Home, and they scroll down to find their name (user ID) in the folder list. Correct? It should work the same way with a Windows server.

    You need to mirror the rights that your users currently have, When the users access \NAS-Server\Home, what rights do they have to that folder? Can they add a file to the Home folder? Can they create a new directory? Can they access (read? write?) another users folder?

    When a new user go to first time \Servername\home, home folder is automatically created in the NAS with his username.

    I am not aware of any Windows capability that exactly functions like the NAS. Typically this is accomplished with an Active Directory logon script or a Group Policy setting. Here is one example that shows the use of Active Directory.

    https://learn.microsoft.com/en-us/archive/blogs/askds/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders

    You might be able to just add "CREATOR OWNER" with Modify rights to E:\Home on the Windows server. Then in Active Directory define a logon script for the users that does a "make directory \WindowsServer\Home\%username%". Either with a .bat file or a Powershell script.

    Then when the user logs on to their desktop, it will create the folder for them if one does not already exist on the server.

    The downside is that if you do use CREATOR OWNER, then the users can also create other folders with any name that they want.

    Perhaps the best solution is to just create the folder for each user when you define their account in Active Directory. You're going to have to do a data migration for existing users, so the home folders will get created for the users by that process. You can set the correct permissions at that time and create the home directory for all AD user accounts.

    Does that help you?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.