Wavey_Dave_76

Scheesh, come on guys, I'm feeling very lonely in this thread... I think there has already been a solution to this in SP1 for 2003 with access based enumeration which I am hoping will do the trick nicely. Unfortunately I can't try it yet as we havent got round to putting SP1 on yet due to a problem with our imaging processes (long story) Im surprised nobody mentioned this, I thought there were some pretty smart guys in here. I thought someone would have picked up on it considering how often I have been bumping this talking to myself. Ahhh well, at least there is a solution (hopefully)

Actually, ignore the second question. I got round this by holding all the shorcuts centrally but with the same permissions as the target folder has and in the logon script I copied everything from this folder to the users nethood folder in their profile. The net result is that it only copies the shortcuts that person has access to. Now I just need to figure the first part out, how to make the 'up' button to navigate back to the 'my network places' folder

Still trying to find a solution to this (although it isnt the highest of priorities as you may have guessed). I have had a thought to use the "My Network Places" to put shortcuts to the shares in and it appears at first glance to work OK but there are a few things that need tightening up first. 1 - I need to make sure that clicking 'up' after selecting the shortcut goes back to my network places rather than up one level on the file server. Even if the users dont have access to other folders and printers I dont want them seeing them all... 2 - I would prefer some automated way of putting the shortcuts in the persons profile by adding them into the group or, again, some way of hiding the shortcuts for the folders the person cannot access. Any help on these matters would be greatly appreciated. Dave

Yea that is what I am trying to do (we use groups for the permissions now but map to the folders individually), however, the problem I have with the way this seems to be working on one common mapped drive is that all users can see all the folders for everyone. The permissions work as far as only allowing the right users to gain access to the folders and to deny access to all other folders. But there are upwards of 150 different departmental folders which is too many for people to hunt through for theirs. What I need is some way of hiding the folders that each person does not have access to. The "list folder contents" NTFS permission would be perfect if it worked for the folder itself, as well as its contents.

@ Soulin We use pretty much the same methods for home directorys although the directories themselves are not shared but are subfolders to a share so \\server\users$\%USERNAME% becomes the system drive. The problem is more based on departmental folders that several people can use which are currently explicitly mapped in as R: for service wide shared data, S: for loaction based data and T: for departmental based data. If someone works for two departments or maybe from two locations they need different logon scripts creating with additional mapped drives. After the past 5 years of creating "special cases" you can see it can start to get unmanageable. What would be ideal would be just an R: drive with subfolders for their specific location and dept managed by groups. @ Marsden You mean we need to wait until fully implementing AD rather than using the NT domain to authenticate. If its just the 2003 NTFS permissions that need setting up properly then I can manage that now. We have just got a Win2K3 enterprise cluster with SAN where all the data will be moved to. If its just 2003 that is needed then you will have to give me some pointers as I have had a crack at it but not managed to figure it out. Thanks Dave

Nobody got any thoughts?

This might be difficult to explain so if I start with what we have currently and end up where we want to be… At my workplace we are currently running NT4 Terminal server with Citrix Metframe 1.8. All our users are logging on to a published desktop with a logon script to map several data drives dependant on where they are working. Typically each user has 3 separate drives, R, S and T (One for the whole organization, and two based on their location and department) but this can be different depending on the person or their role within the organization. Unfortunately this means every time someone wants something different it means a new logon script. These are getting unmanageable. Also, from a user point of view, the fact that somebody’s S drive and be somebody else’s T drive tends to confuse them on a daily basis. We are in the process of moving over to Windows2k3 with Citrix Presentation Server 3. Unfortunatly, due to the fact that the current hardware is long past the need to be replaced, we are staying with an NT4 domain while we get everyone on to the new hardware. Then when we have some breathing space we will look at AD. What we would ideally like to do is to consolidate the different drives into one network drive and have folders within it for what are currently the individual drives. We would want this controlled by group permissions so that each user only sees the folders he or she is assigned but it never quite worked like that under NT4. The data drive would contain all the folders for every user which is every bit as confusing as having separate drives. I Have had a look at the way NTFS has changed since NT4 and got almost what I wanted with the ‘List folder contents’ option but as it doesn’t quite cut it as it doesn’t hide itself, just its contents. Am I hoping for too much from NTFS or is this something that can be configured successfully. If this needs some third party management software can anyone recommend something (reliable and preferably free, public sector organizations don’t like spending anything lightly) Thanks for any help and sorry if this was a bit long winded. Dave

Dunno if you are still looking for a way of doing this but after ages of trying to find a way of bringing up the password change box from rundll32 or something equally as complicated. I gave up... I have thought of a way round it though. If the user creation cmd file is changed to add date changes either side of it, ie. set CURRENT = %DATE% DATE 01/01/1980 ;Add all the users as normal DATE %CURRENT% Then during cleanup right at the end the maximum password age policy can be set to a day. When the PC reboots it should say the password has expired and force a password change. A final runonceex can be put in to put the policy back to the required setting after the login so it wont ask every day. I havent tested this in an install but I have followed it all through manually and it worked fine. Dont think it will work for the administrator logon though.

Sorry, I think I was a little TOO restrictive in my search, I didnt come across the first post at all. I did find the second post and I was considering having a go at mulitple windows but it didnt really answer my question at the time. Still pursuing the first option of continuing where the list left off before the reboot as that is what I would ideally want... I found this little bit in another post from Alanoll This seems to suggest that the list will pick up where it stopped if I was to put an immediate shutdown somewhere in the middle or is there a possibility that, on shutting down, all the keys would be deleted anyway? Just wondering if anyone has tried this. I dont have the luxury of VMWare so the only way I can test it is to burn a disk wipe out my machine. I want to try and keep that to a minimum. Better to get it right first time.

I read through the guide on the site which said to use a cleanup.cmd file at the end to delete all files and perform a reboot. does this mean that that is the ONLY place to put a reboot. Has anyone tried restarting from within RunOnceEx? What I am trying to do is run through a few installs but some of them have dependencies on others being installed. Unfortunatly some need a restart before working properly. Ideally what I would want is a few installs to take place then a reboot and then the installs to continue (possibly a couple of times) The way I see it this can either be done by putting a shutdown command in the RunOnceEx somewhere or repopulating the RunOnceEx registry entries in the cleanup.cmd for the next boot I would hope that shutting down during the installs it will start up ad continue down the list but, if I put a shutdown in the RunOnceEx will it count that as the whole logon and remove all the rest of the RunOnceEx registry entries or even worse, will it leave them all in and start all the installs again leaving me with a looping system of reboots and reinstalls. If I have to resort to repopulating the registry entries in the cleanup file at what point does the all the RunOnceEx keys get removed? Am I just going to add them in to the registry only for them to be removed immediatlyas the PC shuts down? Any ideas???