Home directories and shares for NT3.5x and NT4 clients

Home directories and shares for NT3.5x and NT4 clients - subst

Read this first: About home directories for different Windows clients.

The best method for NT 3 and 4 is to create shares in the logon script and connect to the shares with the SUBST command. When SUBST is used, there's no need to create home directories and set permissions in SetupBatcher

1) Create a shared directory "users" on your server. The NTFS file system must be installed on the drive you choose.

2) Give the group used in your policy full access through share permissions.

3) Give FULL directory permission on users to

·	\\DOMAIN\ADMINISTRATORS

·	\\DOMAIN\"policygroup"

SYSTEM

·	CREATOR OWNER

4) Insert these lines in your logon script (Usually located in \systemroot\system32\repl\import) :

subst w: /d

rem disconnect last users home-dir

if exist \\servername\users\%username% goto itexists
md \\servername\users\%username%
cacls \\servername\users\%username% /E /R groupname

:itexists
subst w: \\servername\users\%USERNAME%
subst y: \\servername\apps

5) Edit the line "Account.HomeDir=xxx" in SetupBatcher to "Account.HomeDir=w:\".

Description

·	When "md \\servername\users\%username%" in the logonscript is executed, the user who logged on automatically gets r/w permissions to the directory created. This is because of the CREATOR OWNER FULL directory permission on the parent directory.

·	The cacls command in the logon script removes the access rights for the "policygroup" from the individual home directory - users cannot access other users homedirs even if they find a way to connect network drives.