This article has been written to help you to setup correct permissions for the home folder in active directory domain services in Windows Server 2012 R2.

Below are the user(s) with following permissions:

  • Domain Users - Traverse folder, List Folder, Create Folders in 'This Folder Only'.
  • Creator Owner - Full Control in Subfolders and file only.
  • System - Full Control in This folder, subfolders and files.
  • Domain Admins - Full Control in This folder, subfolders and files.

Setting up Permissions for the Windows Home Folder

Step 1: Create a home folder in one of your NTFS drive and right click it. Scroll the menu and click Properties

Create a home folder

Step 2: Open Sharing tab and click Advanced Sharing.

Open Sharing tab

Step 3: Check Share this folder box and click Permissions.

Check Share this folder box

Step 4: Remove Everyone and click Add.

Remove everyone

Step 5: Enter the object name Domain Users and click Check Names and then select Domain Users. Click OK.

Enter the object name

 

Step 6: Allow full control and click OK.

Allow full control

Step 7: Click Apply and then click OK.

Apply changes

Step 8: Open Security tab and click Advanced.

Open Security tab

Step 9: Click Disable inheritance.

Disable inheritance

Step 10: Click Remove all inherited permissions from this object and then click Add.

Remove all inherited permissions from this object

Step 11: Click Select a principal.

Select a principal

Step 12: Enter the object name Domain Users by using check names and select it. Click OK.

Enter the object name Domain Users

Step 13: Choose This folder only from Applies to drop down. Keep default permissions and click OK.

Choose This folder only from Applies to

Step 14: Click Add.

Click on Add button

Step 15: Search creator owner and select it. Click OK.

Search creator owner and select it.

Step 16: Choose This folder, subfolders, and files from Applies to drop down. Allow full control and click OK.

Choose folders

Step 17: Click Add and enter the object name Domain Admins. Click OK.

enter the object name

Step 18: Choose This folder, subfolders, and files from Applies to drop down. Allow full control and click OK.

Choose folders

Step 19: Click Add and enter the object name system. Click OK.

enter the object name system

Step 20: Allow full control and click OK.

Allow full control

Step 21: Click Apply and then click OK.

Accept and apply changes

Step 22: Click Close and you are done!!

Close the window

 

How to Set Correct Permissions to Home Folder in Active Directory Domain Services in Windows Server 2012 R2

3 thoughts on “How to Set Correct Permissions to Home Folder in Active Directory Domain Services in Windows Server 2012 R2

  • Permalink

    Without “Create folders/append data” permissions for the “Domain Users” it was not working for me.
    Otherwise it was not possible that the user folder will be created.

    Reply
  • Permalink

    Thank you. I used this instruction to setup cygwin open ssh home directory for sftp users.

    Reply
  • Permalink

    CREATOR OWNER should only have “subfolders and files only” .. instead of “This folder, subfolders and files” ??

    I think your screenshot/steps are contradicting the initial information at the start of the document..

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Ad #native_company# — #native_desc# #native_cta#