NOTE: When
users are being modified, Hyena will always prompt for the template
to use.Home Directory Templates
|
|
Hyena’s home directory template capability allows control over the creation of the home directory, home directory share, and both NTFS and share security. To configure home directory templates, select the Tools->Settings->Home Dir option. Hyena will automatically configure a default template, named “Default”. However, it must be configured prior to being used. Hyena will use a template anytime a home directory or home directory share must be created. The home directory configuration dialog will display all defined templates, plus the following settings:
Default Template for standard user profiles – Select the name of the template to use for home directories that are specified on the User Profile dialog. Select “(None)” to disable any template from being used.
Default Template for Terminal Server profiles – Select the name of the template to use for home directories that are specified for use by Terminal Server. Select “(None)” to disable any template from being used.
Confirm template prior to usage (when adding users) – If unchecked, Hyena will automatically use the designated default template when adding new users. When this option is enabled, Hyena will prompt for the template to use when adding new users. This prompt will appear BEFORE the user properties dialog is displayed. The selection of a template will configure the default home directory information on the Profile properties tab. When the user is actually added, the same template will be used to configure home share and security settings. Hyena will then re-prompt again for the template to use for the next user to be added. A check box on the bottom of the template confirmation dialog can be enabled to make Hyena use the same template for the entire user adding session.
Confirm template prior to usage (when copying users) – If unchecked, Hyena will automatically use the designated default template when copying users. Note that if the user being copied does not already have a home directory setting, Hyena will not automatically assign the new user a home directory. Hyena will only use a template for creation of a home directory (and security) if a home directory is specified or modified on the user profile dialog when copying users.
NOTE: When
users are being modified, Hyena will always prompt for the template
to use.
Template Definitions
From the home directory configuration dialog, use the “New” button to create a new template, or the “Copy” button to copy an existing template. In order to better understand how to configure a home directory template, consult the home directory definitions below for home directories and home directory shares, and then view the associated diagram.
User home directories can take two different formats in Windows, which are described as follows:
User Home Directory Format - \\servername\sharename\directorypath
User Home Directory Share Format - \\servername\sharename
Hyena will automatically determine what type of user home directory format is being used and apply the necessary changes, however, the template itself must be configured according to what type of home directory is being used.
Consult the next two sections below to determine how to configure Hyena to use either of these home directory formats.
User Home Directories
User home directories use the format \\servername\sharename\directorypath when entered into a user’s home directory user profile. These type of home directories utilize a common sharename for all user accounts, with each user having their own unique directory path. Typically, the directory path portion of the home directory consists of the user name for ease of administration and identification.
Note: Hyena will not create the share that is part of the sharename portion of a home directory; only the last directory in the directory path will be created.
If this is the type of home directory format in use in your installation, consult the diagram and example below on how to configure the template for their use.
Template Name – Enter the name to use for the template.
New Home Directory Mask – Enter in a mask to use as a default home directory setting when adding new users. The symbol “%username%” can be used to represent the current user. In the example above, a setting of \\hyena2000\users\%username% would give all newly created users a home directory with a directory name equal to the user account, under a share named “users” on the server named “hyena2000”. In effect, all users will share the same share (named “users”), but each will have a unique directory (folder) for their home directory, under this common share.
Note that this setting is ONLY used for new users, and only to configure a default home directory “Connect To” path; this path can be changed is necessary. This setting is not used when modifying or copying users.
Drive – Enter in a drive letter to use as a default home directory mapping when adding new users.
Share Directory Local Mask – This setting does not apply for shared directories; it only is applicable when unique shares are created for each user home directory. See the Home Shares section below for more information.
Share Directory Remote Mask – This setting does not apply for shared directories; it only is applicable when unique shares are created for each user home directory. See the Home Shares section below for more information.
Security Settings – The symbol “%username%” can be used to represent the current user. Options are also available to overwrite any existing security settings, or warn (verify) before overwriting. If left empty, the home directory itself would be granted the same security as the parent directory. For better security control, it is advisable to explicitly specify security settings, rather than rely upon this default behavior.
After creating home directory run – See the Post User Batch Procedure section for more information about this option.
User Home Directory Shares
User Home Directory Shares use the format \\servername\sharename when entered into a user’s home directory user profile. These type of home directories require a unique share name for each user account. Typically, the user name is used for the name of the share, which is optionally hidden by placing a $ at the end of the share name. Hyena can create both the share and the underlying shared directory when copying and creating user accounts. If this is the type of home directory format in use in your installation, consult the diagram and example below on how to configure the template for their use.
Template Name – Enter the name to use for the template.
New Home Directory Mask – Enter in a mask to use as a default home directory setting when adding new users. The symbol “%username%” can be used to represent the current user. In the example above, a setting of \\hyena2000\%username% would give all newly created users a home directory share on the server named “hyena2000”, and set the share name to the name of the new user. A “$” sign can be added to the end of the share name to create a hidden share. Note that this setting is ONLY used for new users, and only to configure a default home directory “Connect To” path; this path can be changed is necessary. This setting is not used when modifying or copying users. When copying users, the home directory path/share of the user being copied is used instead.
Drive – Enter in a drive letter to use as a default home directory mapping when adding new users.
Share Directory Local Mask – Use this setting to control the format to be used for the local directory path when creating a home share. Windows requires that all shares be assigned a LOCAL path when they are created remotely. For example, if a user’s home directory profile specifies a home directory of \\HomeServer\JSmith, the share Jsmith must be assigned to a local (physical) drive and directory on the server named HomeServer, such as E:\Users\%username%. It is important to use the remote server’s exact local drive letter and directory path for this setting. The symbol %username% can be used to specify the name of the active user. If you are unsure of the local path for a user’s home directory, simply view the Path setting for an existing user’s share on that server.
Share Directory Remote Mask – Use this setting to specify a remote UNC path to the directory that will need to be created for the user’s home directory. Using the example above, if the local directory mask is E:\Users\%username%, the remote mask could be something like \\hyena2000\e$\users\%username%. Hyena will use this remote mask to remotely create the user’s home directory prior to creating the share. The symbol %homedirserver% can be used in place of the server and will be substituted with the name of the server specified as the location of the home directory in the active user’s profile. This setting is only used to create the directory for the remote home directory share.
Security Settings – Security settings can be configured for either the home directory, home directory share, or both. The symbol “%username%” can be used to represent the current user. Options are also available to overwrite any existing security settings, or warn (verify) before overwriting. If left empty, the home directory itself would be granted the same security as the parent directory, and the share would be given Everyone:Full Control. For better security control, it is advisable to explicitly specify security settings, rather than rely upon this default behavior.
After creating home directory run – See the Post User Batch Procedure section for more information about this option.
Setting Owner and Inheritance
Use the Set Owner... and Set Inheritance... buttons to configure the owner and/or inheritance options for newly created home directories.
Owner options include allowing the owner to be the same as the parent, forcing the owner to be the 'Administrators' group, or setting the owner to be the same as the user (%username%).
Inheritance options affect whether the directory will inherit the parent's security permissions.
User Home Directory and Profile Deletion
Hyena provides a powerful method to manage user home directory and profile contents, as well as deletion of their contents with the Home Directory and User Profile Management feature. This feature is accessed on the user context menu, by selecting Account Functions->Profile/Home Directory Admin. See the Home Directory and User Profile Management section for more information.
A batch file can be specified in the Template Definition dialog that can be used to set additional user and/or group permissions automatically when a new user is added or a home directory is first specified, or to perform any other custom site-specific processing.
This batch file can contain any number of commands. To specify a command to add, for example, the "Domain Admins" global group to the user's home directory with Full Control, use this command:
echo y|cacls %1 /e /g "Domain Admins":F
Hyena passes six (6) parameters to the batch procedure that you specify:
%1 - name of the directory being created (the home
directory exactly as entered on the User Profile dialog).
%2 - name of the newly created/modified user
%3 - name of the server sharing the directory, without leading backslashes.
%4 - name of the home directory share
%5 - name of the directory path following the share name. For example, if the home directory name is \\server\sharename\directory, then this value will be “directory”. If the home directory is \\server\sharename, this value will be “NONE”.
%6 – path to the root share representing the home directory. For example, if the home directory name is \\server\sharename, then this value will be the root share path to the “sharename” share, such as D$\users\directory.
Hyena will only run this batch procedure if it creates the home directory. Additional help on the cacls command can be found by entering the "cacls" command at the command prompt, in NT's resource kits, and on TechNet. Articles Q135268 and Q131780 are good references for the information presented here.
A final
note: If your environment has more than one domain
controller, then it's possible that the newly added user will not
be known to all of the domain controllers until they are fully
synchronized. While synchronization does happen
automatically, it can take a few minutes to complete. During
this time, the permissions on a newly created home directory may
show "Account Unknown". Once the domain controllers
synchronize the Account Unknown entry will be replaced with the
actual username.