Automatic Folder Creation And Permissions Settings For Logged Users

[vasek125]

Hello, is it possible to automatically create some folders for some group of users in Active Directory?

 

My idea:

1. user USERNAME will login on some client PC (PC is joined to domain which has two domain controllers: AD1, AD2)

2. specified directories will be automatically created on both domain controllers and connected as a network drives (e.g. \\AD1\private\USERNAME, \\AD2\public\USERNAME)

 

I know how to automatically map network drives but I don't know how to automatically create these directories (and set them some permissions).

Is it possible to do this automatically or I must to do it in manual way?

[ICTCity]

Yes you can:

 

write a batch file:

 

mkdir \\AD1\private\%username%
mkdir \\AD2\public\%username%

cacls /p %username%:RWCF

REM where R=read, W=write, C=change, F=Full control
REM for more info, type cacls /?

[vasek125]

But what about permissions? Logged user will need permissions to create folders under \\AD1\private\ and \\AD2\public\ which is dangerous.

[ICTCity]

Yes, this is dangerous.

 

You can write this batch file by passing it a username, you can run-it as administrator, not as the user.

 

Instead of using %username%, use %1.

[vasek125]

It is also dangerous, not so much but it is. And I don't think this will work. As I remember SMB protocol for network sharing works with username authenticated to share - not with username authenticated to local computer. It means when I authenticate to \\AD1\private as USERNAME, I will work with share as USERNAME all the time. Is there any server side solution like action "on user add"?

[ICTCity]

I don't think so, I used a VB script time ago which read a excel worksheet to retrieve usernames, and it worked fine.

 

There's not any event "On user add" but you can program a service which runs on your server and with a client you can add a user. Everytime you create a user, your program create the user and folders. But you need a program...