Im running WHS 2008 and active directory. That works fine, but I'm having trouble setting up home directories for users and applying the appropriate permissions. On a users profile tab -> home folder, I set it to connect G: to \\tdloal1\homedir$\jane_smith which is the home dir i want for that user. When jane logs in, the drive is mapped to her fine, but I need help with setting the permissions, no matter what I do, nothing seems to work right. I think the problem is that on advanced sharing permessions on the homedir folder. If I set that to Full control for everyone, users can manage their homedir, if I set it to read only, users cant. How can I get around this?

If you want AD users and computers (ADUC) to create the folder and permissions you need to do this. 1) Assign Everyone - Full Control over the Share 2) Assign Everyone - Full controll , and SYSTEM - Full Control to the NTFS permissions ADUC will create the folder and assign only the USER - full control to the user folder. This is MS standard, but is not administratively friendly. If you want an Administrative friendly environment you must manually setup permissions so you can properly manage the permissions for long term maintenance. Suggested Reading Axioms of Permissions Administration http://networkadminkb.com/Shared%20Documents/Axioms%20of%20Permissions%20Administration.aspx The Golden Rules of Permissions Administration http://networkadminkb.com/Shared%20Documents/The%20Golden%20Rules%20of%20Permissions%20Administration.aspx Differences between Authenticated Users, Domain Users, and Everyone groups http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Differences%20between%20Authenticated%20Users,%20Domain%20Users,%20and%20Everyone%20groups.aspx Recommended NTFS Permissions for New Drives http://networkadminkb.com/kb/Knowledge%20Base/Windows2003/Recommended%20NTFS%20Permissions%20for%20New%20Drives.aspx Creator Owner Explained http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Creator%20Owner%20Explained.aspx Doing security is about creating an devloping a philosophy, there are many out there. The one below is mine and works for most situations, this is just a simplified explanation of the Axioms and Golden Rules listed above specifically written for Home Folders. For the Home Share you should do the following 1) Everyone - Read (optional not really needed but a nice just in case) 2) Authenticated Users - Change 3) Local Administators - Full Control 4) File Strucutre Administrators - Full Control For Home Shares note the following: Alway limit Authenticated Users to Change at the Share to pervent non-admin users from accidently being given Full Control to the file structure. Allowing users to modify NTFS permissions....very bad. You should always configure Local Adminsitrators Full Control at the Share so they can administrate it remotely You should always create and use a Files Strucutre Adminsitrators groups and assign them full control to every share. This allows them to remotely administrater shares without being local administartors. Configure the follow NTFS Permsisions to the folder used as the Home Share 1) Authenticated Users - Read and execute 2) Local Administators - Full Control 3) File Strucutre Administrators - Full Control 4) SYSTEM - Full Control For NTFS in this situation note: Alway limite Authenticated Users to Read and execute to pervent non-admin users changing folders and creating files here. You should always configure Local Adminsitrators Full Control at the folder so they can administrate it remotely You should always create and use a Files Strucutre Adminsitrators groups and assign them full control to every folder. This allows them to remotely administrater shares without being local administartors. For the actual User Home folder you manually create you should configure the following NTFS permissions by stopping inheritance, copy permissions and replace Authenticated users with the individual user account as shown below. 1) userID - Modify 2) Local Administators - Full Control 3) File Strucutre Administrators - Full Control 4) SYSTEM - Full Control For NTFS in this situation note: Always remove Authenticated Users so the appropriate user account limits access Always assign the USERID NTFS Modify permissions to prevent them from changing NTFS Permissions on their folder. You should always configure Local Adminsitrators Full Control at the folder so they can administrate it remotely You should always create and use a Files Strucutre Adminsitrators groups and assign them full control to every folder. This allows them to remotely administrater shares without being local administartors. How to change the default owner for new NTFS files and folders http://networkadminkb.com/kb/Knowledge%20Base/Windows2008/How%20to%20change%20the%20default%20owner%20for%20new%20NTFS%20files%20and%20folders.aspx

So when you say give Everyone full control over the share, do you mean give everyone full control over "\\tdlocal1\homedir" ?

So when you say give Everyone full control over the share, do you mean give everyone full control over "\\tdlocal1\homedir" ? Specifically, goto Adminitrative tools...Computer Manager....Shared Folders....Shares...Right click the Share (homedir) in the right pane, click the Share Permissions tab. Assign the group Everyone the Full Control permission.

Alright thanks, everything is working fine now!