G
Guest
I am trying to integrate some macs into our windows 2003 server environment.
The problem I have is with the security on users home directories. I work in
a school, so the group "teachers" is for teachers and the group "students" is
for students.
The way I currently have it set up is as follows:
I have a share set up on the server for students called "StudentDirectory"
and the Active Directory template for making new students puts their home
directories in that share. The way security is set up on this share is that
Administrators and the Teachers group can administer all folders underneath
it using inheritance, which works awesome in a straight windows environment.
The students group doesnt have read access on the share itself, just on their
own directories created underneath it.
Now the problem. The way the macs seem to work is that when they
authenticate into active directory, they mount shares. As I have it only the
parent folder "StudentDirectory" is shared, and if you log into a student
account on the macs you cant mount your home directory unless you have read
access to the share. I cant give them read access to the share as it stands,
because then they would be able to read into all the other students home
diredtories because of inheritance.
I am wondering if their is a way in AD to set up thorugh policy or something
the default set of permissions and to also disable inheritance on a users
home directory when created. This would allow me to give the students group
read access to the "StudentDirecory" share without being able to browse into
other students home folders
If I am using really bad grammar, I'm sorry. I am trying my best to explain
the problem I am having so that you guys will understand.
Thanks
The problem I have is with the security on users home directories. I work in
a school, so the group "teachers" is for teachers and the group "students" is
for students.
The way I currently have it set up is as follows:
I have a share set up on the server for students called "StudentDirectory"
and the Active Directory template for making new students puts their home
directories in that share. The way security is set up on this share is that
Administrators and the Teachers group can administer all folders underneath
it using inheritance, which works awesome in a straight windows environment.
The students group doesnt have read access on the share itself, just on their
own directories created underneath it.
Now the problem. The way the macs seem to work is that when they
authenticate into active directory, they mount shares. As I have it only the
parent folder "StudentDirectory" is shared, and if you log into a student
account on the macs you cant mount your home directory unless you have read
access to the share. I cant give them read access to the share as it stands,
because then they would be able to read into all the other students home
diredtories because of inheritance.
I am wondering if their is a way in AD to set up thorugh policy or something
the default set of permissions and to also disable inheritance on a users
home directory when created. This would allow me to give the students group
read access to the "StudentDirecory" share without being able to browse into
other students home folders
If I am using really bad grammar, I'm sorry. I am trying my best to explain
the problem I am having so that you guys will understand.
Thanks