This article has been written to help you to setup correct permissions for the home folder in active directory domain services in Windows Server 2012 R2.
Below are the user(s) with following permissions:
- Domain Users – Traverse folder, List Folder, Create Folders in ‘This Folder Only’.
- Creator Owner – Full Control in Subfolders and file only.
- System – Full Control in This folder, subfolders and files.
- Domain Admins – Full Control in This folder, subfolders and files.
Setting up Permissions for the Windows Home Folder
Step 1: Create a home folder in one of your NTFS drive and right click it. Scroll the menu and click Properties
Step 2: Open Sharing tab and click Advanced Sharing.
Step 3: Check Share this folder box and click Permissions.
Step 4: Remove Everyone and click Add.
Step 5: Enter the object name Domain Users and click Check Names and then select Domain Users. Click OK.
Step 6: Allow full control and click OK.
Step 7: Click Apply and then click OK.
Step 8: Open Security tab and click Advanced.
Step 9: Click Disable inheritance.
Step 10: Click Remove all inherited permissions from this object and then click Add.
Step 11: Click Select a principal.
Step 12: Enter the object name Domain Users by using check names and select it. Click OK.
Step 13: Choose This folder only from Applies to drop down. Keep default permissions and click OK.
Step 14: Click Add.
Step 15: Search creator owner and select it. Click OK.
Step 16: Choose This folder, subfolders, and files from Applies to drop down. Allow full control and click OK.
Step 17: Click Add and enter the object name Domain Admins. ClickOK.
Step 18: Choose This folder, subfolders, and files from Applies to drop down. Allow full control and click OK.
Step 19: Click Add and enter the object name system. Click OK.
Step 20: Allow full control and click OK.
Step 21: Click Apply and then click OK.
Step 22: Click Close and you are done!!