|
|
|||||||
Trying to map users' home directories, by mapping to subfolders on a share. (\\server\share\user1). This works fine on W2K workstations, but not on our Terminal Servers. I'm guessing I missed something, but I can't ifgure it out.. Cheers, Anders |
||||||||
|
|
|||||||
A user's home directory should map automatically on a W2K Pro box. Are you trying to map the drive via logon script? Can you post some code? |
||||||||
|
|
|||||||
Automatically only if set in the user's profile. What version of Terminal server, W2K or NT4 TSE? For NT4 you need to use SUBST. |
||||||||
|
|
|||||||
Sorry for the lack of specifics... I am trying to map through KiXtart. However, I have found since my post that the problem only occurs when connecting through Metaframe Presentation server over the web. Not when I use Citrix on our LAN.. so I am guessing KiXtart isn't the problem... I've included the code, though in case anyone can spot some obvious weakness.. We check for OS (we have the whole range of OSes, from 98 to XP), then try to map to the \\server\users\username folder, if that doesn't work, we try to map to \\server\username (because some users still have their homedirs shared directly). None of the TS users have their homedirs shared diretly, so when the mapping of \\server\users\username fails, they're stuck Here's the code. Code:
Thanks for helping! Anders |
||||||||
|
|
|||||||
you are probably killing the code with your producttype thing. in TS, you will get the value of the server, not the client. |
||||||||
|
|
|||||||
on the other, productsuite=16 is TS, silly me. |
||||||||
|
|
|||||||
See Les's comment: Quote: The network redirector for NT4 does support deep mapping, so if your users running via Presentation Server have virtual NT4 workstations you will have a problem. If this is the case you will need to map a drive to the share, then use SUBST to deep map the home drive. Something like: Code: use Y: "\\server\users$$" |
||||||||
|
|
|||||||
Quote: Being a bitwise value, it needs to be anded (&16). Also need to watch for XP. There is a FAQ on that. |
||||||||
|
|
|||||||
Well, I have verified that the test for OS works. But the second line Code: use U: "\\server\users$\" + @USERID /persistent fails. We're running W2K TS, and there is no Windows XP in this equation (so far), clients are also Win2K. Cheers, Anders |
||||||||
|
|
|||||||
I still say your @ProductSuite logic is flawed. There is a FAQ on it. You are using $ inside quotes and according to the manual, when used inside quotes, it should be doubled as per Richard's example. Why do you map persistent if it is remapped on every logon? Also, if you map persistent, you also have to /delete /persistent. |
||||||||
|
|
|||||||
Problem solved. Thanks for all the tips, but the bottom line was: I'm an idiot. The single $ was not the problem either, double $$ inside quotes was originally used, a guy I spoke to suggested I test without, I just happened to copy the script text while I was testing... After checking more closely, it turns out that the problem was completely unrelated to Kix. The tested home computers all had too many local drives, thus the U: drive was already taken when I tried to map to it. I will go and kill myself in shame now. Anyway, thanks everyone for all the feedback! Cheers, Anders |
||||||||
|
|
|||||||
Can you please send me the code you used to do deep mapping on NT4 TSE !? I still can't mapp to users ID ? Rgds Bestia |
||||||||
|
|
|||||||
the code is posted above in the richards post. |
||||||||
|
|
|||||||
Hi Thank you for the quick reply! I have tried the above code, but what happens when I logon to a NT4TSE it mapps the the Correct user home drive, but it only display the Users folder !? What I mean is the path to users home drive is the format \\server\users$\%username%, so when script runs instead of displaying the user name (H:jdoe's Home Drive) it displays the above folder(H:Users$) !!!? But when you open that mapped drive, it has mapped to the correct loged on user Home drive ! Is this by desing ?? I hope this makes sense to you guys.. Please help, Rgds, Bestia |
||||||||
|
|
|||||||
Deep mapping is not supported by NT4. Only 2000 or better. Sorry. Kent |
||||||||
|
|
|||||||
This is not a KiX issue! BTW, NT4TSE sucks big time. Toss it and get W2K3. |
||||||||
|
|
|||||||
stop listening to these boys. k, if only the label is wrong anymore that is cosmetics and can be fixed easily. there are label udf's in our "user defined functions" library. pick one. |
||||||||
|
|
|||||||
and to not totally drop the ball here. you are deepmapping just to fool your users. when this is needed, you are loose on security and you are on the way to trouble. |
||||||||
|
|
|||||||
As has been mentioned frequently in this post, you cannot do deep mapping in NT4 You can only map a drive to the root of the share level. You have two options. Either share out every home directory and map to it, or use SUBST. If you want to your SUBST to simulate deep mapping then do the followuing: Code: use Y: "\\server\users$$" The Y: drive is mapped to the root of the share, as that is all NT will allow. You will see the Y: drive mapping in "net use". The H: drive will not appear in "net use". It will appear in explorer though, and it will be mapped to the users' home directory. Oddly, when I tested this the drive appears labled as "disconnected network drive" in Explorer on WinXP. |
||||||||
|
|
|||||||
richie, sure sure sure. but how many times he has said he has problems with that? none. he says, his label is screwed up. just like you confessed it being too. |
||||||||
|
|
|||||||
Ahh I see now. this comment misled me: Quote: I misunderstood as in XP Explorer it does not show a network path for the mapped drive. |
||||||||
|
|
|||||||
indeed. after your post I tested it too and definitely the label is different in XP in this situation too. |
||||||||
|
|
|||||||
That's correct guys! I am "pleased" you are getting the same sort of thing, cos was driving me mad! I know it would be easy to upgrade to W2k3 but I got some legacy apps that need NT4 TSE! I have a huge Blade( Over 200) based W2K3 Citrix farm, where I use the sripts that you guys have posted and they work just fine, but are those 10 DL 360 I used for NT4TSE that cause me pain. I am trying to create the home drives automatically using GPO/Folder Redirection method, and don't really want to share users (Hidden shares) home drives!!(Over 200 of them will use NT4 TSE!), but they also use W2k3 apps so I wnat to maintain the same folder structure... That's about it really! If there is no other way I will probably manually share those users Home drive Thanks for your help Bestia |
||||||||
|
|
|||||||
there are ready made scripts lying around the web and iirc, one was even introduced in some resource kit of NT4! it was a batch file even... used it myself to create email accounts and print the account created paper notification thingie... ja, there are many scripts around and we can create one for you to create those shares. no problem. |
||||||||
|
|
|||||||
What, you mean sharing the Home drives !? Although that will not give me consistency, would be a nice work around... If that is what you mean, Hopefuly I am not asking stupid Q !? My users share is on the following format (Is a NAS based share, but that's irrelevant) \\server\Users$\username At the moment I have shared the Users$ folder with $ of course, but not the user accounts, just to avoid any human errors from security admin team, and simplify the process, specially during the migration!! Please help if you can, Best regards, Bestia |
||||||||
|
|
|||||||
On the Server you can run something like this as long as the user folders are named after the users logon ID The USERS$ does not need to be shared On the Server have: D:\USERS Then even from a CMD console you could run Code: for /f "Tokens=*" %%i in ('dir /B D:\users') do NET SHARE %%i$=D:\users\%%i /Y |
||||||||
|
|
|||||||
The users share is already share and I can't change that. Can't I use UNC path instead ?? so instead of D:\Users$..to use \\server\Users$\userid !??? |
||||||||
|
|
|||||||
GRR. you can use, but like you have had, you will have problems with deepmapping forever! and, finally the security aspect. you get better security with loose rights and lazy admins when shared properly than with the tightiest possible security with your current setup. you have a single line above. simply running that as batch-file in command prompt will share EACH users folder by their username. now, you couldn't ask more, could you? |
||||||||
|
|
|||||||
Interesting! Hmm, I will certainly give it a try tomorrow at work! Thank you guys, for you help, I will keep you posted.. Hopefully it works |
||||||||
|
|
|||||||
Please take a look at this post for further information and analysis of the issues. How Do I move shares-permissions NT4 to 2000 http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=57147 This may play into what you need as well. Take Ownership using XCACLS http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=129459 |
||||||||
|
|
|||||||
The Hidden user share creation definetly worked! It creates the hidden share, but it only gives everyone "Read" access! I know I should be looking around and find the right syntax, but if you guys have it handy would be much apprechiated! the one I am using at the mo is: for /F "Tokens=*" %%i in ('Dir /B E:\Users') do NET SHARE %%i$=E:Users\%%i /Y /G im\%%i :F As you can see I am trying to put Grant access with Full switch, but is not working..!? Heelppppp So close but yet sooooo faaar! |
||||||||
|
|
|||||||
can't do the hidden stuff with net share. lookie at: http://www.petri.co.il/download_free_reskit_tools.htm (should be part of usefull links faq too!) pick the rmtshare with it you can do your share security with ease. as a matter of fact, I have a habit of using it when I create my user accounts. |
||||||||
|
|
|||||||
Or don't worry about the Share permissions. If a user has FULL permission on the share but NO permissions on NTFS they can't read/write/traverse or anything. They basically have access denied. In my opinion the permissions on Shares is a hold over from Windows 9x which has no ACL (Access Control List) on FAT16 or FAT32 As the other post I linked to showed, just set the correct NTFS permissions as part of the whole thing. |
||||||||
|
|
|||||||
doc, I think he already said that it automatically created him some stupid permissions. and he needs to fix them. and it's actually darn silly to leave share permissions open. it's same as pulling out your firewall and hoping that user's local computers can handle the possible threads. |
||||||||
|
|
|||||||
Guys, I used /Grant:im\%%i,F using your net share script abovve, and it worked ! It gave the user Full Controll. Which is just fine. If I wanted to be picky, I would wanted some sort of check in place to see what permission the share has, before it gives the user Full Controll, the only problem is the this script doesn't check for permission if the share already exist!? To clarify things a bit, I am talking aout Share permissions, the Security/NTFS permissions are set through Folder Redirection, using Microsoft best practices, and I think by setting Share permission for only the relevant user, it's as good as it gets as far as this project is concerned. I defenitely would not have done this without you guys... Thank you |
||||||||
|
|
|||||||
IMHO, users should not have full control. My 2 cents (Canadian) |
||||||||
|
|
|||||||
to be honest, best practise would be to let the folder permissions alone. imho. 2 cents (EUR) (makes 4 cents Canadian D, no?) |
||||||||
|
|
|||||||
the only problem with that, is that the default Share permission on 2003 is Read for everyone, and since MS stuff work on cumulative basis, it becomes a bit to resticted even for paranoid geezers, like myself... , specially when it comes to laptop users and their offline stuff, never seems to work properly without proper permission on the Share, but I still would welcome some sort of permission checking option. |
||||||||
|
|
|||||||
share perm are one thing and folder perms yet another. I think jooel was talking ntfs (folder) perms. |
||||||||
|
|
|||||||
I agree with Les. Users should only have Modify rights. Leaving NTFS permissions alone I would NOT agree with myself, but to each his own. As for setting Share permissions, yes "Best Practice" is to set them appropriately, never know when someone might come along and modify the NTFS permissions and - ooops someone has access that shouldn't have access. |
||||||||
|
|
|||||||
lol. someone came and burned your server rooms and stole all your backups, oops. that can happen. sure. |