| Duckling |
| (Fresh Scripter) |
| 2004-08-29 03:10 PM |
Mapping to a subfolder
|
Trying to map users' home directories, by mapping to subfolders on a share. (\\server\share\user1).
This works fine on W2K workstations, but not on our Terminal Servers.
I'm guessing I missed something, but I can't ifgure it out..
Cheers,
Anders
| Chris S. |
| (MM club member) |
| 2004-08-29 03:26 PM |
|
|
Re: Mapping to a subfolder
|
A user's home directory should map automatically on a W2K Pro box. Are you trying to map the drive via logon script? Can you post some code?
| Les |
| (KiX Master) |
| 2004-08-29 03:41 PM |
|
Re: Mapping to a subfolder
|
Automatically only if set in the user's profile. What version of Terminal server, W2K or NT4 TSE? For NT4 you need to use SUBST.
| Duckling |
| (Fresh Scripter) |
| 2004-09-07 01:08 PM |
|
Re: Mapping to a subfolder
|
Sorry for the lack of specifics...
I am trying to map through KiXtart. However, I have found since my post that the problem only occurs when connecting through Metaframe Presentation server over the web. Not when I use Citrix on our LAN.. so I am guessing KiXtart isn't the problem...
I've included the code, though in case anyone can spot some obvious weakness..
We check for OS (we have the whole range of OSes, from 98 to XP), then try to map to the \\server\users\username folder, if that doesn't work, we try to map to \\server\username (because some users still have their homedirs shared directly). None of the TS users have their homedirs shared diretly, so when the mapping of \\server\users\username fails, they're stuck
Here's the code.
Code:
if @PRODUCTTYPE = "Windows 2000 Professional" or @PRODUCTTYPE = "Windows XP Professional" or @PRODUCTSUITE = 16
use U: "\\server\users$\" + @USERID /persistent
if @ERROR <> 0
use U: "\\server\" + @USERID + "$$" /persistent
if @ERROR <> 0
Messagebox("didn't find homedir for " + @USERID, "Logon error", 48)
endif
endif
else
;Win98-code here
endif
Thanks for helping!
Anders
Lonkero
|
| (KiX Master Guru) |
| 2004-09-07 01:27 PM |
|
Re: Mapping to a subfolder
|
you are probably killing the code with your producttype thing.
in TS, you will get the value of the server, not the client.
|
Lonkero
|
| (KiX Master Guru) |
| 2004-09-07 01:28 PM |
|
Re: Mapping to a subfolder
|
on the other, productsuite=16 is TS, silly me.
|
Richard H.
|
| (KiX Supporter) |
| 2004-09-07 01:47 PM |
|
Re: Mapping to a subfolder
|
See Les's comment:
Quote:
What version of Terminal server, W2K or NT4 TSE? For NT4 you need to use SUBST
The network redirector for NT4 does support deep mapping, so if your users running via Presentation Server have virtual NT4 workstations you will have a problem.
If this is the case you will need to map a drive to the share, then use SUBST to deep map the home drive.
Something like:
Code:
use Y: "\\server\users$$"
Shell '"%COMSPEC%" /C SUBST U: Y:\'+@USERID
| Les |
| (KiX Master) |
| 2004-09-07 02:31 PM |
|
Re: Mapping to a subfolder
|
Quote:
on the other, productsuite=16 is TS, silly me
Being a bitwise value, it needs to be anded (&16). Also need to watch for XP. There is a FAQ on that.
| Duckling |
| (Fresh Scripter) |
| 2004-09-14 04:20 PM |
|
Re: Mapping to a subfolder
|
Well, I have verified that the test for OS works.
But the second line
Code:
use U: "\\server\users$\" + @USERID /persistent
fails.
We're running W2K TS, and there is no Windows XP in this equation (so far), clients are also Win2K.
Cheers,
Anders
| Les |
| (KiX Master) |
| 2004-09-14 04:34 PM |
|
Re: Mapping to a subfolder
|
I still say your @ProductSuite logic is flawed. There is a FAQ on it.
You are using $ inside quotes and according to the manual, when used inside quotes, it should be doubled as per Richard's example.
Why do you map persistent if it is remapped on every logon? Also, if you map persistent, you also have to /delete /persistent.
| Duckling |
| (Fresh Scripter) |
| 2004-09-24 01:09 PM |
|
Re: Mapping to a subfolder
|
Problem solved.
Thanks for all the tips, but the bottom line was:
I'm an idiot.
The single $ was not the problem either, double $$ inside quotes was originally used, a guy I spoke to suggested I test without, I just happened to copy the script text while I was testing...
After checking more closely, it turns out that the problem was completely unrelated to Kix.
The tested home computers all had too many
local drives, thus the U: drive was already taken when I tried to map to it.
I will go and kill myself in shame now.
Anyway, thanks everyone for all the feedback!
Cheers,
Anders
| bestia |
| (Fresh Scripter) |
| 2005-01-12 12:03 AM |
Re: Mapping to a subfolder
|
Can you please send me the code you used to do deep mapping on NT4 TSE !? I still can't mapp to users ID ?
Rgds
Bestia
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-12 12:13 AM |
|
Re: Mapping to a subfolder
|
the code is posted above in the richards post.
| bestia |
| (Fresh Scripter) |
| 2005-01-12 10:41 PM |
|
Re: Mapping to a subfolder
|
Hi Thank you for the quick reply!
I have tried the above code, but what happens when I logon to a NT4TSE it mapps the the Correct user home drive, but it only display the Users folder !? What I mean is the path to users home drive is the format \\server\users$\%username%, so when script runs instead of displaying the user name (H:jdoe's Home Drive) it displays the above folder(H:Users$) !!!? But when you open that mapped drive, it has mapped to the correct loged on user Home drive ! Is this by desing ?? I hope this makes sense to you guys..
Please help,
Rgds,
Bestia
| Kdyer |
| (KiX Supporter) |
| 2005-01-12 11:32 PM |
|
|
Re: Mapping to a subfolder
|
Deep mapping is not supported by NT4. Only 2000 or better.
Sorry.
Kent
| Les |
| (KiX Master) |
| 2005-01-13 02:06 AM |
|
Re: Mapping to a subfolder
|
This is not a KiX issue! BTW, NT4TSE sucks big time. Toss it and get W2K3.
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-13 07:48 AM |
|
Re: Mapping to a subfolder
|
stop listening to these boys.
k, if only the label is wrong anymore that is cosmetics and can be fixed easily.
there are label udf's in our "user defined functions" library. pick one.
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-13 07:51 AM |
|
Re: Mapping to a subfolder
|
and to not totally drop the ball here.
you are deepmapping just to fool your users.
when this is needed, you are loose on security and you are on the way to trouble.
|
Richard H.
|
| (KiX Supporter) |
| 2005-01-13 11:47 AM |
|
Re: Mapping to a subfolder
|
As has been mentioned frequently in this post, you cannot do deep mapping in NT4
You can only map a drive to the root of the share level.
You have two options. Either share out every home directory and map to it, or use SUBST.
If you want to your SUBST to simulate deep mapping then do the followuing:
Code:
use Y: "\\server\users$$"
Shell '"%COMSPEC%" /C SUBST H: Y:\'+@USERID
The Y: drive is mapped to the root of the share, as that is all NT will allow. You will see the Y: drive mapping in "net use".
The H: drive will not appear in "net use". It will appear in explorer though, and it will be mapped to the users' home directory.
Oddly, when I tested this the drive appears labled as "disconnected network drive" in Explorer on WinXP.
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-13 12:49 PM |
|
Re: Mapping to a subfolder
|
richie, sure sure sure.
but how many times he has said he has problems with that?
none.
he says, his label is screwed up.
just like you confessed it being too.
|
Richard H.
|
| (KiX Supporter) |
| 2005-01-13 01:30 PM |
|
Re: Mapping to a subfolder
|
Ahh I see now. this comment misled me:
Quote:
so when script runs instead of displaying the user name (H:jdoe's Home Drive) it displays the above folder(H:Users$)
I misunderstood as in XP Explorer it does not show a network path for the mapped drive.
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-13 05:33 PM |
|
Re: Mapping to a subfolder
|
indeed.
after your post I tested it too and definitely the label is different in XP in this situation too.
| bestia |
| (Fresh Scripter) |
| 2005-01-13 06:04 PM |
|
Re: Mapping to a subfolder
|
That's correct guys! I am "pleased" you are getting the same sort of thing, cos was driving me mad! I know it would be easy to upgrade to W2k3 but I got some legacy apps that need NT4 TSE! I have a huge Blade( Over 200) based W2K3 Citrix farm, where I use the sripts that you guys have posted and they work just fine, but are those 10 DL 360 I used for NT4TSE that cause me pain. I am trying to create the home drives automatically using GPO/Folder Redirection method, and don't really want to share users (Hidden shares) home drives!!(Over 200 of them will use NT4 TSE!), but they also use W2k3 apps so I wnat to maintain the same folder structure... That's about it really! If there is no other way I will probably manually share those users Home drive
Thanks for your help
Bestia
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-13 06:42 PM |
|
Re: Mapping to a subfolder
|
there are ready made scripts lying around the web and iirc, one was even introduced in some resource kit of NT4!
it was a batch file even...
used it myself to create email accounts and print the account created paper notification thingie...
ja, there are many scripts around and we can create one for you to create those shares.
no problem.
| bestia |
| (Fresh Scripter) |
| 2005-01-13 10:52 PM |
|
Re: Mapping to a subfolder
|
What, you mean sharing the Home drives !?
Although that will not give me consistency, would be a nice work around... If that is what you mean, Hopefuly I am not asking stupid Q !?
My users share is on the following format (Is a NAS based share, but that's irrelevant)
\\server\Users$\username
At the moment I have shared the Users$ folder with $ of course, but not the user accounts, just to avoid any human errors from security admin team, and simplify the process, specially during the migration!!
Please help if you can,
Best regards,
Bestia
|
NTDOC
|
| (KiX Master) |
| 2005-01-13 11:38 PM |
|
|
Re: Mapping to a subfolder
|
On the Server you can run something like this as long as the user folders are named after the users logon ID
The USERS$ does not need to be shared
On the Server have:
D:\USERS
Then even from a CMD console you could run
Code:
for /f "Tokens=*" %%i in ('dir /B D:\users') do NET SHARE %%i$=D:\users\%%i /Y| bestia |
| (Fresh Scripter) |
| 2005-01-13 11:59 PM |
|
Re: Mapping to a subfolder
|
The users share is already share and I can't change that.
Can't I use UNC path instead ?? so instead of D:\Users$..to use \\server\Users$\userid !???
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-14 12:06 AM |
|
Re: Mapping to a subfolder
|
GRR.
you can use, but like you have had, you will have problems with deepmapping forever!
and, finally the security aspect. you get better security with loose rights and lazy admins when shared properly than with the tightiest possible security with your current setup.
you have a single line above.
simply running that as batch-file in command prompt will share EACH users folder by their username.
now, you couldn't ask more, could you?
| bestia |
| (Fresh Scripter) |
| 2005-01-14 12:14 AM |
|
Re: Mapping to a subfolder
|
Interesting!
Hmm, I will certainly give it a try tomorrow at work!
Thank you guys, for you help, I will keep you posted..
Hopefully it works
|
NTDOC
|
| (KiX Master) |
| 2005-01-14 12:56 AM |
|
|
|
Re: Mapping to a subfolder
|
Please take a look at this post for further information and analysis of the issues.
How Do I move shares-permissions NT4 to 2000
http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=57147
This may play into what you need as well.
Take Ownership using XCACLS
http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=129459
| bestia |
| (Fresh Scripter) |
| 2005-01-14 12:16 PM |
|
Re: Mapping to a subfolder
|
The Hidden user share creation definetly worked! It creates the hidden share, but it only gives everyone "Read" access! I know I should be looking around and find the right syntax, but if you guys have it handy would be much apprechiated!
the one I am using at the mo is:
for /F "Tokens=*" %%i in ('Dir /B E:\Users') do NET SHARE %%i$=E:Users\%%i /Y /G im\%%i :F
As you can see I am trying to put Grant access with Full switch, but is not working..!?
Heelppppp
So close but yet sooooo faaar!
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-14 04:07 PM |
|
Re: Mapping to a subfolder
|
can't do the hidden stuff with net share.
lookie at:
http://www.petri.co.il/download_free_reskit_tools.htm (should be part of usefull links faq too!)
pick the rmtshare
with it you can do your share security with ease.
as a matter of fact, I have a habit of using it when I create my user accounts.
|
NTDOC
|
| (KiX Master) |
| 2005-01-14 06:16 PM |
|
|
|
Re: Mapping to a subfolder
|
Or don't worry about the Share permissions. If a user has FULL permission on the share but NO permissions on NTFS they can't read/write/traverse or anything. They basically have access denied.
In my opinion the permissions on Shares is a hold over from Windows 9x which has no ACL (Access Control List) on FAT16 or FAT32
As the other post I linked to showed, just set the correct NTFS permissions as part of the whole thing.
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-14 06:35 PM |
|
Re: Mapping to a subfolder
|
doc, I think he already said that it automatically created him some stupid permissions.
and he needs to fix them.
and it's actually darn silly to leave share permissions open.
it's same as pulling out your firewall and hoping that user's local computers can handle the possible threads.
| bestia |
| (Fresh Scripter) |
| 2005-01-14 08:19 PM |
|
Re: Mapping to a subfolder
|
Guys,
I used /Grant:im\%%i,F using your net share script abovve, and it worked ! It gave the user Full Controll. Which is just fine. If I wanted to be picky, I would wanted some sort of check in place to see what permission the share has, before it gives the user Full Controll, the only problem is the this script doesn't check for permission if the share already exist!?
To clarify things a bit, I am talking aout Share permissions, the Security/NTFS permissions are set through Folder Redirection, using Microsoft best practices, and I think by setting Share permission for only the relevant user, it's as good as it gets as far as this project is concerned. I defenitely would not have done this without you guys... Thank you
| Les |
| (KiX Master) |
| 2005-01-14 08:25 PM |
|
Re: Mapping to a subfolder
|
IMHO, users should not have full control.
My 2 cents (Canadian)
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-14 08:31 PM |
|
Re: Mapping to a subfolder
|
to be honest, best practise would be to let the folder permissions alone.
imho.
2 cents (EUR)
(makes 4 cents Canadian D, no?)
| bestia |
| (Fresh Scripter) |
| 2005-01-14 08:40 PM |
|
Re: Mapping to a subfolder
|
the only problem with that, is that the default Share permission on 2003 is Read for everyone, and since MS stuff work on cumulative basis, it becomes a bit to resticted even for paranoid geezers, like myself...
, specially when it comes to laptop users and their offline stuff, never seems to work properly without proper permission on the Share, but I still would welcome some sort of permission checking option.
| Les |
| (KiX Master) |
| 2005-01-14 08:42 PM |
|
Re: Mapping to a subfolder
|
share perm are one thing and folder perms yet another. I think jooel was talking ntfs (folder) perms.
|
NTDOC
|
| (KiX Master) |
| 2005-01-14 08:44 PM |
|
|
|
Re: Mapping to a subfolder
|
I agree with Les. Users should only have Modify rights.
Leaving NTFS permissions alone I would NOT agree with myself, but to each his own.
As for setting Share permissions, yes "Best Practice" is to set them appropriately, never know when someone might come along and modify the NTFS permissions and - ooops someone has access that shouldn't have access.
|
Lonkero
|
| (KiX Master Guru) |
| 2005-01-14 11:22 PM |
|
Re: Mapping to a subfolder
|
lol.
someone came and burned your server rooms and stole all your backups, oops.
that can happen.
sure.