|
microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late!
|
|
If you were Registered and logged in, you could reply and use other advanced thread options
|
Posted by PA Bear [MS MVP] on March 5, 2009, 8:37 pm
[Forwarded to Server General and Server Security newsgroups for broader
exposure.]
Kim K wrote:
> I am struggling with my first server 08.....I would like to make the
> password policy less restrictive and cannot figure it out, and nothing I
> have read applies to what the screens are. Please help!!!
> Additinally I am trying to create a user directory for each employee and
> will make that their home directory. In server 03 I created this using
> the
> name$ to hide it from others. What are the steps I need to create folders
> for each staff member?
> Lastly regarding folders, I want to create a shared folder that will lauch
> via a script for all employees and others folders for certain groups, with
> read/modify and move permissions but no delete. How do I do so?
|
|
Posted by Isaac Oben [MCITP,MCSE] on March 5, 2009, 10:16 pm
Kim,
Is your Windows Server 2008 a domain controller or it is in a workgroup.
If it is in a workgroup, then go to start, Administrative Tools, Local
security policy, and on Account Policies, you will see password policy. If
you are in a domain, then you may want to look into your default domain
policy in GPO by going to start, administrative tools, Group policy
management, and select your domain and choose default domain policy, right
click and edit. Go to computer configurations, policies, windows settings,
account policies, password policy.
--
Isaac Oben [MCTIP:EA, MCSE]
> [Forwarded to Server General and Server Security newsgroups for broader
> exposure.]
> Kim K wrote:
>> I am struggling with my first server 08.....I would like to make the
>> password policy less restrictive and cannot figure it out, and nothing I
>> have read applies to what the screens are. Please help!!!
>> Additinally I am trying to create a user directory for each employee and
>> will make that their home directory. In server 03 I created this using
>> the
>> name$ to hide it from others. What are the steps I need to create
>> folders
>> for each staff member?
>> Lastly regarding folders, I want to create a shared folder that will
>> lauch
>> via a script for all employees and others folders for certain groups,
>> with
>> read/modify and move permissions but no delete. How do I do so?
>
|
|
Posted by Meinolf Weber [MVP-DS] on March 6, 2009, 1:52 am
Hello Kim,
Password policy has to be configured in a GPO in the domain policy under
computer configuration, windows settings, security settings, Password policy.
If you have forest/domain functional level windows server 2008 you can also
use the "fine grained password policy" to have different settings based on
OU's:
http://technet.microsoft.com/en-us/library/cc770394.aspx
http://technet.microsoft.com/en-us/library/cc770842.aspx
Have a look here abolut folder redirection:
http://technet.microsoft.com/en-us/library/cc732275.aspx
http://technet.microsoft.com/en-us/library/cc778976.aspx
http://technet.microsoft.com/en-us/library/cc785925.aspx
When you use Group policy preferences you can map a network drive to the
users. For OS versions earlier then Vista/2008 you have to install the Client
side extensions on the machines.
CSE XP 32bit:
http://www.microsoft.com/downloads/details.aspx?FamilyID=e60b5c8f-d7dc-4b27-a261-247ce3f6c4f8&displaylang=en
CSE XP 64bit:
http://www.microsoft.com/downloads/details.aspx?familyid$9C1AED-C1F1-4A0B-872E-EF0A32170625&displaylang=en
CSE 2003 32 bit:
http://www.microsoft.com/downloads/details.aspx?familyid¿E775F9-5C34-44D0-8A94-44E47DB35ADD&displaylang=en
CSE 2003 64bit:
http://www.microsoft.com/downloads/details.aspx?familyid)E83503-7686-49F3-B42D-8E5ED23D5D79&displaylang=en
CSE Vista 32bit:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ab60dc87-884c-46d5-82cd-f3c299dac7cc&displaylang=en
CSE Vista 64bit:
http://www.microsoft.com/downloads/details.aspx?familyid±0A7AF4-8BEE-4ADC-8BBE-9949DF77A3CF&displaylang=en
If they should have the permissions to modify, they also need the delete
permission, modifying is deleting the old file and saving the new file, but
you will not see this in reality.
I assume you like to prevent users from deleting folders you created in the
structure, so you can use the "Advanced" permission and configure in detail
the different levels of folder/file structure for the users/groups. Try it
out with a test share for yourself first. If you edit here a user/group you
can see the "Apply to" field, here you can set the level where your permissions
will apply.
Keep in mind as deep as you configure it, as much work in case of problems
you will have, especially if you do not document it!!!
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> [Forwarded to Server General and Server Security newsgroups for
> broader exposure.]
>
> Kim K wrote:
>
>> I am struggling with my first server 08.....I would like to make the
>> password policy less restrictive and cannot figure it out, and
>> nothing I have read applies to what the screens are. Please help!!!
>>
>> Additinally I am trying to create a user directory for each employee
>> and
>> will make that their home directory. In server 03 I created this
>> using
>> the
>> name$ to hide it from others. What are the steps I need to create
>> folders
>> for each staff member?
>> Lastly regarding folders, I want to create a shared folder that will
>> lauch via a script for all employees and others folders for certain
>> groups, with read/modify and move permissions but no delete. How do
>> I do so?
>>
|
|
Posted by Kim K on March 6, 2009, 7:59 am
Thank you so much for your help! After a long day trying to figure out what
is wrong with a login script at work I came home to find that server 2008 was
a bit different adn my patience had worn quite thin.
I managed to find the advanced setting for NTFS permissions, I am glad as
with your help I can function now.
My ONLY other question is that when I set up a folder and share it out, and
I am specifying/wanting one user for a home directory, is this correct? And
do I no longer or maybe its not even necessary to hide it?
Thank you again!
--
Thanks,,
Kim
"Meinolf Weber [MVP-DS]" wrote:
|
|
Posted by Meinolf Weber [MVP-DS] on March 6, 2009, 3:54 pm
Hello Kim,
Hiding or not for the folders depends on you. On the ADUC user account
properties
you can point the to the home folder.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
|
This Thread
If you were Registered and logged in, you could reply and use other advanced thread options
Related Posts
Latest Posts
|
|
> password policy less restrictive and cannot figure it out, and nothing I
> have read applies to what the screens are. Please help!!!
> Additinally I am trying to create a user directory for each employee and
> will make that their home directory. In server 03 I created this using
> the
> name$ to hide it from others. What are the steps I need to create folders
> for each staff member?
> Lastly regarding folders, I want to create a shared folder that will lauch
> via a script for all employees and others folders for certain groups, with
> read/modify and move permissions but no delete. How do I do so?