Windows Server Homefolder Pemission Fix

If you have ever used windows server in any business environment you will be aware that security is a BIG DEAL! You will also know that efficiency and speed is required, mainly to stop the end users complaining in time! If you are using local user profiles and setting user home directories then you need the security to be right otherwise users are going to be looking at each other’s documents, and you do not want that. If you have a network share on your sever containing all of your user data, for example Documents, Music, Pictures and Videos then its most likely you have some form of security settings applied to the root directory. In windows when you make a change to the root directory if all the subfolders are inheriting permissions it resets there permissions and applies the EXACT same permissions as the root directory.

How Windows creates new user directories

However in windows when a new user is created in active directory a subfolder is automatically created within the root directory and named the same as the users username, this folder then becomes the users home drive (which by the way in windows variables is %homedir%) and the user is given full control over the folder as an explicit permission (meaning they are not inheriting it).

The Problem

Altogether this means that if you make a change to the root directory then all of the user profiles (subfolders) inside are going to have the EXACT same permissions as there parent, which means that the users explicit permission that active directory created will be removed and the user will have NO access to their documents! Luckily there is an easy fix. There is a script that you can download below, this script will automatically look at the folder name (which is the users username) and then look it up and give it modify permissions back, which means you can simply run the script and then it will see the folder name which will be the users name, it will then search it in active directory and give it and its subfolders modify permissions back, ultimately this means that the user has regained control of their home directory! This also saves the network manager hours of right clicking, as the script can run very quickly depending on how many userprofiles (folders) there is.


Instructions for running the script

Unfortunately you cannot attach download links for .bat files for security reasons, however I have put a link to the txt files. All that you need to do is copy the txt file contents into notepad and save as a .bat file. There is 2 versions of the script, they are the XCALCS and CALCS versions. You should attempt to run the XCALCS version however I have not managed to get this one working myself. If the XCALCS does not work simply try the CALCS version and this hopefully should have no trouble.

PLEASE NOTE: The scripts must be run in the location of the user profiles! For example if one of the user profiles was located at \\DOMAIN\Homefolders\Staff\mhosker then you would have to run the script in \\DOMAIN\Homefolders\Staff.

XCALCS Script Download

CALCS Script Download

Leave a Comment