HomeEntertainment411Tech ToolsTroubleshooting Farming (Wheat Harvest)Information TechnologyWeb Tools About Lefebure.com Lefebure.info You TubeGoogle VideoApple.com/TrailersAtom FilmsiFilm.com AnywhoDEX OnlineZaba Search UPSFedexUSPS DictionaryUrban Dictionary Google MapsMapquestTerraServer Event ID.netTek-Tips.com Microsoft KBNovell KBCisco TAC App Deploy.com (Main) VisualRoute(Alt) VisualRoute Fixed OrbitDNS Stuff.comDNS ReportAOL Reverse DNSSPF InfoIANA IP WhoisARIN IP Whois Network SolutionsGoDaddy

Windows Server Configurations Examples

- Home folder rights in Windows Server 2003 - Create home folders with a template user account - Using a Drop folder - Serivces for Macintosh Home folder rights in Windows Server 2003: Back in Windows 2000, when you specified a home folder if the Active Directory Users and Computers MMC, it would create the folder and set the NTFS permissions on that folder. Those permissions were that the Administrators group has full rights, and the user account would get full rights. It would NOT inherit anything from its parent folder. In Windows Server 2003, this has changed slightly. The home folder now inherits rights from its parent folder. The dilema here is that users will need read rights on the main users folder so they can browse to their own home folder. However, this would allow everyone to read data in all the user folders. Not good. You can improve this by not giving everyone read access, but just the list folder contents right. To further fix the problem, you can make that right not inherit to child folders. Problem solved. Here are the default Windows 2003 rights. It inherits from the parent folder: Go to the parent folder, select the Users group, and click Advanced: Select the Users group again, click Edit: Change it from applying to this folder and all subfolders, to just this folder: When you are done, you will now see they have special permissions: Example: You are the IT admin of a school. All of your student's home folders are stored in one share \\MyServer\Students. You want the students to be able to browse this share and see the folders that exist in this share. You want them to be able to open their own folder, but not other student's folders. In addition, you have a group for all of the teachers called Staff. You want the Staff group to be able to go into any student's folder and read/write/modify/delete anything inside the student's folders. To make this example happen, all you need to do is give the staff group full permissions on the main students folder. Those rights will get inherited into each of the student's folders. Since the Students aren't members of the Staff group, they will be able to see only their own home folder. Create home folders with a template user account: It is handy to create a template user account for creating new users. Just right click this account and click Copy to start the wizard. Inside the template, be sure to specify group memberships, a generic login script, and probably a home folder too. I've seem too many rookies set up servers in a high maintenance way. Each user has their own login script that maps them to their own separate share that is their home folder. It's not bad with 10 users, but anything over that is a nightmare. Usually the people that set these systems up also learned that a $ on the end of the share name hides the share from browsing, so that is on all the shares too. Solution, create a login script called default.bat or whatever and use it to map the common data shares and such that everyone needs. Leave their home folders out of it. As for the home folder, create a share for all of your user's home folders. Something like \\MyServer\Users. Now inside your template user account, set the home folder path to be \\MyServer\Users\%username%. Notice the variable inside the percent signs. As soon as you click out of the box, it will replace the variable with their username. Don't worry, the variable is still there for when you copy this account to make new ones. This will also work for subfolders inside the share such as \\MyServer\Users\MarketingDept\%username%. Note: the dot at the end of the path isn't part of the path. Set the share level permissions: Set the NTFS level permissions: Create a default login script to map other drives: Set the template login script and home folder path: When done, right click your template user account, click Copy. Using a Drop folder: This concept probably doesn't apply much to a business, but it is very handy for schools. Scenario: A highschool teacher assigns a project to a class of students. They are to turn in their assignment for grading in a digital format. In the past, floppy disks were commonly used, but they suck. What we want is a common folder that students can save their work to on a fileserver. We want the teachers to have full access to the files. We want the students to be able to see what folders and files are there, but not read any of the files. We wouldn't want students stealing ideas and such from other student's files now would we. We do want students to be able to create files here though. If we want to get advanced, we can use the Creator/Owner account to allow students to read/edit/delete their own files too. As for folder structure inside the drop folder, this can be about anything. Not all teachers will use a drop folder so you don't need to create folders for all teachers. For an example though, lets say Teacher A has 3 computer classes. Each class has seperate assignments and needs to put their stuff in the correct folders. Inside the drop folder we have a folder for Teacher A. Inside that folder, we have 3 folders for each of the classes. Inside each class folder, we have a folder for the specific assignment that the students are working on. Inside the assignment folder, tell the students to create their assignment file and name it with their name. This way the teacher has all the students files in one location for this one assignment. Note: We only set rights at the main Drop folder level. All rights get inherited down into any folder that gets created. Rights for Administrators and Creator Owner: Rights for Staff and Students: Here is an example folder hierarchy of how the staff could use a drop folder: Serivces for Macintosh: Making a mac connect to a Windows 2003 Server can be a challenge due to some default security settings that weren't there in Windows 2000. OS 9 and 10 seem to behave different too. It is pretty easy to connect an OS 10 box to a Windows server since it can use the Samba client. OS 9 gets a little tricky though. There are also some good references at www.macwindows.com. On the Windows 2003 server, go to the Control Panel, Add/Remove Programs, and install Services for Macintosh: If this is a domain controller, you will have to disable the message signing requirement. You'll find this in the default Domain Controller Security Policy: If you did the above step for domain controllers, drop to a command line and run "GPUPDATE" to refresh the policies in effect. When that completes, reboot to be sure they take effect: Now add a mac share using the "macfile" command. Be sure you already have your NTFS rights set correctly for the mac users. Note that the windows share level rights have no effect on this mac share: We need to configure mac services: Set what type of authentication you would like to use: Now verify you have a mac share: Now on a Mac, open the chooser and select your windows file server. These examples are from an OS9 Mac: Choose your type of authentication: Type your username and password: select the share you want to connect to: Make an alias of that share so you can reconnect faster next time: Note: One time I did all the above with a server that had a 15 character name and it contained a hyphen. Clients could connect to it, but the alias wouldn't work. I just went into the Computer Managment/Sharing/Right Click/Configure File Server for Macintosh and shortened the name up to 8 characters. We had to recreate the aliases, but it then worked fine.